Coronavirus pandemic is disrupting businesses across the globe and the recent attack on Cognizant by Maze ransomware adds fuel to fire.
The multibillion-dollar IT company Cognizant said its computer systems have been attacked by Maze ransomware. Although, nothing concrete has been identified it clearly shows hackers are taking advantage of this crucial time.
High alert related to the yet another ransomware attack perpetrated by the Maze group possibly affecting @Cognizant.
Reviewing & mitigating against the usual Maze TTPs (including RDP + remote services as an attack vector) is advisable.
— Vitali Kremez (@VK_Intel) April 18, 2020
In a statement made by the company they said some internal systems and service disruptions for some clients have happened. But attackers take no responsibility.
This makes things more complex. Therefore, it becomes even more important to understand Maze ransomware.
What is maze ransomware?
First observed in last year May, Maze ransomware also known as ChaCha ransomware since then has become aggressive and lethal. Unlike other data encrypting ransomware, Maze can spread across a network, infecting and encrypting every computer in its path. Further it can export data into the attacker’s servers where it is stored for ransom.
What makes it dangerous is the threat to publish data online.
How does it work?
Maze ransomware is designed to prevent reverse engineering of its codes thereby making its detection difficult. Also, it used exploit kits like Fallout and Spelelvo, phishing emails, etc. to spread.
Is there anything to worry about?
Certainly, yes when a leading, fortune 500 company like Cognizant was unable to stay protected then you can very well imagine what can happen to small businesses and even the big ones.
Usually, ransomware encrypts files and pushes the victim out of the system. But with Maze, things are a bit different. Before encrypting the data, Maze ransomware steals a significant amount of data and shares it with a remote server. The objective behind this is to sell data on the Dark Web if ransom is not paid. In simple words, it is a way to take leverage.
Therefore, everyone should try to prevent being targeted by this nasty ransomware.
Who’s behind Maze?
No trace of the origin of the country has been identified. However, rumours are it belongs to the Russian Federation. The ransomware was discovered by Jerome Segura, a malware intelligence analyst.
So, does this mean there is no way to stay protected from Maze ransomware?
Perhaps, you can avoid paying the ransom if you have a data backup of important documents and your security is strong.