MAZE Ransomware: 3x Threat to Data Security

28th April 2020 | Blog, Cybrary, Sticky MAZE Ransomware: 3x Threat to Data Security

Ransomware has grown in popularity as a tool used by hacking groups to attack any and all companies as evidenced by the recent compromise of Cognizant and some of its clients by the MAZE ransomware strain. At first glance, one might write this event off as another in a long string of ransomware attacks against business, government entities, and non-profits. However, is not just another ransomware attack. Maze represents a triple threat to your data security. These hackers have access to your data and can change it (harming its Integrity). Importantly, for companies that refuse to pay their ransom, MAZE exports their data and releases it to the Internet jeopardizing your data’s confidentiality. CyberHoot predicts this will force many more companies to pay their ransom despite being able to restore their data from backups.

Traditional Ransomware Statistics from 2019 are Bad Enough

Ransomware traditionally targets data availability by encrypting it and selling a decryption key back to you for a bitcoin ransom. Companies with deep pockets, but poor backups, can expect to pay tens to hundreds of thousands of dollars to get their “decryption key“. This traditional form of ransomware attack has been very successful for hackers. Here are 2019 statistics on ransomware payments according to Heimdal Security:

  • Two-thirds of ransomware attacks targeted state and local governments.
  • 55% of SMBs from the US would pay hackers to recover their stolen data.
  • Over 500 US schools were affected by ransomware attacks in 2019.
  • In the third quarter of 2019, the average ransomware payout increased to $41,000.

Maze Ransomware will make things far worse in 2020

Maze ransomware puts all three data protection principles (Availability, Confidentiality, and Integrity) at risk. Availability is at risk because your data is encrypted and you don’t have the key. A solid backup strategy helps most companies bounce back from a ransomware attack in days if not hours. However, MAZE and its authors have recognized this and so they are targeting data confidentiality now by exporting your data and releasing it online to the public if you don’t pay in a timely fashion.

Confidentiality Data Breaches are Much Harder to fix

MAZE exports your data to the Internet enabling hackers to release it to the public. Not only that, they could tinker with the data such that data Integrity is also breached. Can we know for certain the data published online is correct and true?

MAZE represents a triple threat to company data.  Confidential data can be exposed publicly. It can be altered damaging integrity. Without solid backups you can lose your data (availability).

MAZE = Really Bad Ransomware. Should SMB’s worry about it?

Yes. SMB’s absolutely should worry about MAZE ransomware. Hackers usually try the easiest path to compromising target companies. If they can find a VPN that isn’t setup for two-factor authentication, they’ll exploit this by finding an employee password on the dark web and simply log in and plant the MAZE ransomware in your environment. If that’s not possible, they’ll send really interesting phishing attacks. Check out CyberHoot’s article detailing ruthless COVID-19 phishing attacks here

Standard cybersecurity best practices, as outlined below, will help your reduce your risks to MAZE and many other online threats. Take action now before its too late and you’re compromised.

If you own a business, you need to be doing these things:

  1. Govern employees with policies and procedures. You need a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum.
  2. Train employees on how to spot and avoid Phishing attacks. Adopt a Learning Management system like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
  3. Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
  4. Deploy critical cybersecurity technology including two-factor authentication on all critical accounts.  Enable email SPAM filtering, validate backups, deploy DNS protections, antivirus, and anti-malware on all your end points.
  5. In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc) or prohibiting their use entirely.
  6. Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.

All of these recommendations are built into CyberHoot.  With CyberHoot you can govern, train, insure, and test your employees. Visit CyberHoot.com and sign up for our services today. At the very least continue to learn by enrolling in our monthly Cybersecurity newsletters.

Related Reading: Alabama City Pays $300,000 Ransom to Hackers

Here is a demonstration video of a system infected with the MAZE Ransomware.

https://youtube.com/watch?v=MTed3ffpmNY

Secure your business with CyberHoot Today!!!


Sign Up Now

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Microsoft Rolling Out Token Protection: Practical Guidance for MSPs

Microsoft Rolling Out Token Protection: Practical Guidance for MSPs

Part 2 of Our Microsoft Entra Security Series In Part 1, we explored how Microsoft’s Token Protection...

Read more
Why Traditional Phishing Tests Fail — And How the Latest Research Proves It’s Time for a Change

Why Traditional Phishing Tests Fail — And How the Latest Research Proves It’s Time for a Change

For years, organizations have relied on fake email phishing simulations to measure employee resilience to...

Read more
Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks

Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks

Welcome to our two-part blog series on Microsoft’s new email security enhancement now included in Office 365 P1...

Read more