Organization in the private sector in the United States have received a high alert from the Federal Bureau Of Investigation (FBI) about the possible threat Maze ransomware might have on the data of the organizations. According to the FBI, the operators of the Maze ransomware are targeting major organizations and corporations across the United States, which spans various sectors from the healthcare to finance to defense. The virus encrypts the information that they have stolen from different machines. The warning came within a week after the Federal Bureau Of investigation had warned companies of Lockergoga and MegaCortex infecting database of organizations. FBI spread awareness among concerned parties about the threats posed by this deadly virus that can create havoc inside the security infrastructure of the corporations.
Maze ransomware has been in the operating since the advent of 2019 at a global level and has been very effective. The Federal Bureau of Investigation first observed the deadly virus in November 2019 when it grabbed headlines in the board rooms of corporations and institutions. The virus, when attacks the systems, causes an network breach. After the network has been compromised, the threat actor that carries out the attack first exfiltrates and steals data from the computers that are connected to a particular connection. Once the actor get holds of the information, the data is encrypted and is in no way can be accessed by the victim. The hacker then demands an amount from the victim in exchange for the decrypted key.
Image Source: upload.wikimedia.org
The stolen data acts as an advantage for the hacker, as they assure the victim that, the data will be destroyed once the victim handover or wire transfers the money to their respective bank accounts. There have been anecdotes in the past, where the Maze ransomware operators or administrators have leaked data of victim’s that did not pay them. The two most popular cases are that of the City of Pensacola and Southwire, manufacturer of cables and wires. According to FBI alert, the Maze ransomware us several method to get into security system of organizations. The methods that are employed to hijack the system include fake Cryptocurrency sites and malspam campaigns that impersonate government agencies and security vendors.
The Maze ransomware was also seen distributed by exploited kits like fallout in May 2019, and Spelevo in October in 2019 exploiting loopholes in the in Internet explorer and Adobe Flash. In the latest incident Maze malware administrators deployed the malware through phishing emails containing a macro enabled word document attachment. When the embedded macro was executed, the malware automatically download itself and executed to infect the victim’s machine. The Federal Bureau Of Investigation does not encourage victims to pay the ransomware amount to the threat actors as it does not in any way guarantee recovery of the encrypted files or the destruction of stolen data. On the other hand it will only give impetus to the hackers to carry out more deadly attacks in the future to other organization.
Image Source: www.bleepstatic.com
Law enforcement agencies can act more positively towards these cyber attacks, if they have access to Indicator of Companies (IoCs). The details such as the name and the time are of utmost importance as it will help the law enforcement to catch the perpetrators carrying out the attacks. As soon as the attack is carried out, it must be reported as soon as possible because the value of IoCs decreases with time. The agency suggest the victim of the such ransomware to contact the nearest field offices as soon as they discover there has been a attack and contact the technical department of the respective organization and get their system diagnosed.
Source: Bleeping Computers
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.