MAZE Ransomware is a form of ransomware that poses a triple threat to your data security. With MAZE, hackers export your data to online storage sites in order to extort payment from you in bitcoins. Hackers at this point can impact all three aspects of data security: availability, confidentiality, and Integrity. Importantly, for companies that might normally restore their data from backup and refuse to pay any ransom, MAZE has already exported their data which will be released on the public Internet jeopardizing your data’s confidentiality.
CyberHoot predicts this will force many more companies to pay their ransom despite being able to restore their data’s availability from backups. Ransomware traditionally targets data availability by encrypting it and selling a decryption key back to you for a bitcoin ransom. Companies with deep pockets, but poor backups, can expect to pay tens to hundreds of thousands of dollars to get their “decryption key“. This traditional form of ransomware attack has been very successful for hackers, but the new strain of MAZE ransomware can change the game for hackers.
Additional Reading:
- MAZE Ransomware: 3x Threat to Data Security
- Cognizant Hit by Maze Ransomware Attack
- MAZE Ransomware Authors Claim to have Compromised Chubb
Related Terms: Ransomware
Should SMBs Be Worried?
Yes. SMB’s absolutely should worry about MAZE ransomware. Hackers usually try the easiest path to compromising target companies. If they can find a VPN that isn’t set up for two-factor authentication, they’ll exploit this by finding an employee password on the dark web and simply log in and plant the MAZE ransomware in your environment. If that’s not possible, they’ll send convincing phishing attacks and entice users to click on the malware thereby accidentally installing it on your network.
CyberHoot’s has a detailed article addressing these MAZE Ransomware attacks.
Standard cybersecurity best practices will help your reduce your risks to MAZE and many other online threats. Take action now before its too late.
If you own a business, you need to be doing these things:
- Govern employees with policies and procedures. You need a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum.
- Train employees on how to spot and avoid Phishing attacks. Adopt a Learning Management system like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
- Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
- Deploy critical cybersecurity technology including two-factor authentication on all critical accounts. Enable email SPAM filtering, validate backups, deploy DNS protections, antivirus, and anti-malware on all your end points.
- In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc) or prohibiting their use entirely.
- Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.