Systems Affected
Threat Level
Overview
A new ransomware called 'Maze' targeting IT services world-wide
Description
'Maze' ransomware, previously identified as "Chacha ransomware" first appeared in May 2019. The sole purpose of the ransomware is to encrypt the files and then demand a ransom to recover the files. Unlike other ransomware 'Maze' will release collected data on the public domain if the ransom is not paid.
Reference: Map of Maze Infection
'Maze' is mainly exploiting remote desktop connections with weak passwords or through email impersonations. Normally these emails are attached with a macro enabled word document and the macro is utilised to run the malware.
List of file extensions that the malware ignores are: .LNK, .EXE, .SYS, .DLL and after encrypting all the files, the victims' desktop will change as shown below;
Reference: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/
Impact
✻ Loss of important files and documents of your company's data ✻ May result in complete shutdown of your company's operations ✻ Financial loss
✻ Damaged to your company's reputation
Solution/ Workarounds
✻ Implement proper backup policies and adhere to them strictly ✻ Never pay the ransom ✻ Have offline backups of important files ✻ Update and install latest security patches on installed 3 party software ✻ Keep your virus guard and operating system up to date
References
✻ https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/ ✻ https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|