What’s this Maze thing I keep hearing about?

Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data.

There’s been plenty of ransomware before. What makes Maze so special?

Like other ransomware seen in the past, Maze can spread across a corporate network, infect computers it finds and encrypts data so it cannot be accessed.

But what makes Maze more dangerous is that it also steals the data it finds and exfiltrates it to servers controlled by malicious hackers who then threaten to release it if a ransom is not paid. Increasingly, other ransomware (such as REvil, also known as Sodinokibi) have been observed using similar tactics.

So simply restoring from a backup..?

…isn’t enough. Yes, restoring your data from a secure backup can get you back up and running again (if the backup hasn’t itself been compromised, of course), but it doesn’t undo the fact that criminals now have a copy of your company’s data.

Nasty. So this is a combination of a ransomware attack and a data breach?

Yup. And as a website operated by the criminals behind the Maze attacks claims, if the ransom is not paid, they will:

  • Release public details of your security breach and inform the media
  • Sell stolen information with commercial value on the dark market
  • Tell any stock exchanges on which your company might be listed about the hack and the loss of sensitive information
  • Use stolen information to attack clients and partners as well as inform them that your company was hacked.

This is much worse than just being hit by ransomware

Yes, it is. It appears that Maze ransomware gang is not only capable of (Read more...)