Advisory January 31, 2020

Client advisory: Maze ransomware cases on the rise

New ransomware variant is known to exfiltrate data prior to encryption, allowing hackers to publish data if the ransom isn't paid.

In November 2019, a California-based security services firm suffered a ransomware attack which was identified as the Maze variant. After missing the deadline for the ransom payment, the attackers behind the Maze ransomware published almost 700MB worth of data and threatened to release more if payment was still not made. The following month, the Maze group released data from a range of companies on a ‘name and shame’ website, ousting businesses who did not cooperate with them.

The increased leverage of Maze ransomware places more pressure on victims to pay ransoms, and shows that cybercriminals are continually refining their techniques to successfully extort their targets. 

Although the technique utilized by Maze means that victims not only have to deal with the operational impact of the attack but also ensure attention to and compliance with data protection laws, the majority of ransomware variants are not known to exfiltrate data. Nonetheless, this advisory serves to remind our policyholders to review their cybersecurity practices: 

  • Regularly back up data, test these backups, and ensure the backups are not connected to the networks and computers they are backing up
  • Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted
  • Patch operating systems, software and firmware on devices, patch endpoints as vulnerabilities are discovered, and consider investing in a centralized patch management system
  • Block macro scripts in Office files transmitted via email
  • Employ best practices for use of RDP, including auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts
  • Ensure employees receive awareness training to decrease vulnerability to targeted attacks

The FBI’s Internet Crime Complaint Center has released a full ransomware advisory, including more information on best practices. You can view the full advisory here.