Maze ransomware hackers have been in the news lately with their recent attacks on both private and government institutions. The attackers have advanced their mode of operation as they have started exfiltrating data before encrypting the files. Affected companies that refuse to pay a ransom are threatened with the exposed data as they release them to the public bit by bit to force the ransom to be paid. According to a report, the health sector has recently been affected by their attacks and the release of the stolen data to the public.
Recently, the maze ransomware hackers started releasing some of the stolen data of affected organizations that refused to pay the requested ransom. The report established that there was a considerable number of records of affected health organizations. Interestingly, most of the ransomware attacks on health organizations were not reported by various news outlets.
Image Source: www.inc.com
The hackers generally target organizations that store a bunch of customers and patients’ records. Their targets cut across companies in different sectors. Recently, Southwire, a cable and manufacturer company was hacked and asked to pay $1.7 million as ransom which they refused. The hackers then released their data to the public as promised.
It is very worrying as the patients’ medical records stolen by these hackers can be used for identity theft, and even be used to launch a targeted phishing attack. Brett Callow, a threat analyst at Emisoft stated that the healthcare organizations that had their data published include the New Jersey Medical Laboratory Diagnostic, Stockdale Radiology, and Chiropractor Scott A. Hourigan.
The Maze ransomware hackers encrypted about 231 workstations of the MD Lab and demanded them to pay an amount in ransom to get access to the encrypted network. However, they refused to meet the ransom demand, so the attackers released 9.5 Gigabytes of stolen data.
According to the report, the Maze ransomware hackers made away with about 100GB of data. They instructed them to pay 100BTC to get the decryption key. The maze ransomware hackers also demanded them to pay additional 100BTC to get the exfiltrated data deleted. As claimed by Callow, companies who have had their sensitive data stolen by the Maze ransomware hackers have little option.
According to him, there is no guarantee that a criminal group will destroy stolen data after a ransom is paid as they can use it for further to their benefits.
Callow also stated that the health sector has been a target of maze ransomware hackers as there have been many recorded cases in the last 12 months. He clarified that the frequency at which such attacks on health institutions succeed is not known. This is because most of these attacks will never be known unless the victim or the attackers disclosed them.
Cyber attacks on the health institution do not only disrupt institutions but encourage extortion from the people involved. The success of the ransomware attacks mostly relies on the knowledge of employees in opening malicious attachments.
Tom Van de Wiele, a principal security consultant has laid down some measures to take to stand against the ransomware attack by hackers. Firstly, he stated that it is difficult to protect what you do not understand. In this case, it is important to know where important data are located, who can access them and from where, and what interaction and dependencies exist.
Secondly, it is important for an organization to know what to do when an incident occurs, and the kind of priority the incident needs to receive. This can be done by being able to detect abuse on the network according to Wiele, and doing this within the context of an application’s ecosystem.
Image Source: www.zdnet.com
Also, the process of detection, response and recovery are supposed to be tested regularly as table-top crisis management exercises. This should be combined with technical attach simulation in a bid to ensure that the process is still aligned with the requirement. It is more dangerous when a ransomware attack is not able to be detected within the shortest possible time. Wiele said that being able to detect an attack on an organization buys enough time to deal with it. According to him, this makes the cybersecurity budget smarter and more realistic.
There are other basic ways to deal with ransomware attacks and to reduce the impacts of stolen data. First, organizations must train employees, on basic cybersecurity principles, and educate them on the need to only open emails and download attachments from trusted sources. It is also important to ensure that cybersecurity tools are not outdated and that complete backups of sensitive data are created and tested in case the original files are encrypted.
Source: Health IT Security
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.