FBI Alerts to Rise in Maze Ransomware, Extortion Attempts
Hackers leveraging Maze ransomware are posing as legitimate security vendors and government agencies to steal and encrypt data for potential extortion attempts.
By - The FBI recently began warning the private sector of a rise in Maze ransomware attacks, where the cybercriminals pose as legitimate security vendors or government agencies to encrypt and steal data. In November, the hacking group threatened to publicly release stolen data in an extortion attempt.
According to the advisory, Maze cyberattacks began hitting US organizations in November. Officials are calling on security leaders to bolster protections as attacks increase.
“In a late November 2019 attack, Maze actors threatened to publicly release confidential and sensitive files from a US-based victim in an effort to ensure ransom payment,” the advisory reads.
“From its initial observation, Maze used multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors,” it adds.
Once Maze successfully breaches the network, the hackers exfiltrate the files before encrypting connected devices, systems, and networks. The Maze method differs from common ransomware attacks, where the hackers simply encrypt the data.
Many security leaders have repeatedly stressed that ransomware hackers aren’t typically accessing or exfiltrating data, rather encrypting critical business operations to ensure a payout. However, Maze hackers are exfiltrating the data to leverage a payment, even if the organization refuses to pay the ransom.
According to Trend Micro researchers, Maze hackers have released data from some of their victims who did not pay the initial ransom demand.
To bolster defenses against ransomware, Trend Micro stressed that organizations need to update their systems and applications to the latest versions. As many healthcare providers continue to rely on legacy platforms and fail to patch, their systems remain vulnerable and ransomware attacks continue to be successful.
The use of multi-factor authentication on all endpoints can prove effective, as well. Organizations must develop and implement an effective backup strategy, adopt strong password policies across the enterprise, implement segmentation for vulnerable technologies, deploy network monitoring and auditing, and ensure employees are routinely trained around ransomware attacks.
The researchers also reminded organizations that they should not pay the ransom as it doesn’t guarantee the recovery of the files.
This is the second ransomware alert from the FBI in the past month. The agency also recently released a TLP Amber alert on the ransomware alerts known as MegaCortex and LockerGoga, which have been targeting large US organizations. The concern is that the ransomware is not deployed until several months after the hackers compromise the network.
