MAZE Ransomware: 3x Threat to Data Security

28th April 2020 | Blog, Cybrary, Sticky

Ransomware has grown in popularity as a tool used by hacking groups to attack any and all companies as evidenced by the recent compromise of Cognizant and some of its clients by the MAZE ransomware strain. At first glance, one might write this event off as another in a long string of ransomware attacks against business, government entities, and non-profits. However, is not just another ransomware attack. Maze represents a triple threat to your data security. These hackers have access to your data and can change it (harming its Integrity). Importantly, for companies that refuse to pay their ransom, MAZE exports their data and releases it to the Internet jeopardizing your data’s confidentiality. CyberHoot predicts this will force many more companies to pay their ransom despite being able to restore their data from backups.

Traditional Ransomware Statistics from 2019 are Bad Enough

Ransomware traditionally targets data availability by encrypting it and selling a decryption key back to you for a bitcoin ransom. Companies with deep pockets, but poor backups, can expect to pay tens to hundreds of thousands of dollars to get their “decryption key“. This traditional form of ransomware attack has been very successful for hackers. Here are 2019 statistics on ransomware payments according to Heimdal Security:

Two-thirds of ransomware attacks targeted state and local governments.
55% of SMBs from the US would pay hackers to recover their stolen data.
Over 500 US schools were affected by ransomware attacks in 2019.
In the third quarter of 2019, the average ransomware payout increased to $41,000.

Maze Ransomware will make things far worse in 2020

Maze ransomware puts all three data protection principles (Availability, Confidentiality, and Integrity) at risk. Availability is at risk because your data is encrypted and you don’t have the key. A solid backup strategy helps most companies bounce back from a ransomware attack in days if not hours. However, MAZE and its authors have recognized this and so they are targeting data confidentiality now by exporting your data and releasing it online to the public if you don’t pay in a timely fashion.

Confidentiality Data Breaches are Much Harder to fix

MAZE exports your data to the Internet enabling hackers to release it to the public. Not only that, they could tinker with the data such that data Integrity is also breached. Can we know for certain the data published online is correct and true?

MAZE represents a triple threat to company data. Confidential data can be exposed publicly. It can be altered damaging integrity. Without solid backups you can lose your data (availability).

MAZE = Really Bad Ransomware. Should SMB’s worry about it?

Yes. SMB’s absolutely should worry about MAZE ransomware. Hackers usually try the easiest path to compromising target companies. If they can find a VPN that isn’t setup for two-factor authentication, they’ll exploit this by finding an employee password on the dark web and simply log in and plant the MAZE ransomware in your environment. If that’s not possible, they’ll send really interesting phishing attacks. Check out CyberHoot’s article detailing ruthless COVID-19 phishing attacks here.

Standard cybersecurity best practices, as outlined below, will help your reduce your risks to MAZE and many other online threats. Take action now before its too late and you’re compromised.

If you own a business, you need to be doing these things:

Govern employees with policies and procedures. You need a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum.
Train employees on how to spot and avoid Phishing attacks. Adopt a Learning Management system like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
Deploy critical cybersecurity technology including two-factor authentication on all critical accounts. Enable email SPAM filtering, validate backups, deploy DNS protections, antivirus, and anti-malware on all your end points.
In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc) or prohibiting their use entirely.
Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.

All of these recommendations are built into CyberHoot. With CyberHoot you can govern, train, insure, and test your employees. Visit CyberHoot.com and sign up for our services today. At the very least continue to learn by enrolling in our monthly Cybersecurity newsletters.

Related Reading: Alabama City Pays $300,000 Ransom to Hackers