Dubbed MAZE, the ransomware uses multiple methods for intrusion, including creation of malicious look-alike cryptocurrency and spam campaigns impersonating government agencies.
According to CyberScoop, an online cybersecurity publication, Maze has been used the U.S. Italy and Germany and installs malware on the target computers. The malware both steals sensitive information from the system and encrypts it making it a one-two punch for victims.
When network access is gained, data is extracted before it is encrypted, and a ransom demand is then issued specific to the organization. The attackers claim they will supply the keys to decrypt files and destroy stolen data if the ransom is paid. If the ransom is not paid they will publish the sensitive data.
The group recently carried through with that blackmail threat publishing the data stolen from cable manufacturer Southwire when it refused to pay a 200 BTC ransom ($1,664,320).
According the HIPAA Journal, the Maze website lists companies that have been attacked and refused to pay the ransom, along with sensitive data published from stolen data. Among the victims is Medical Diagnostic Laboratories, which had data on 231 workstations encrypted in the attack. When MD Lab refused to negotiate, the Maze team went ahead and published 9.5GB of the company’s private research data, including immunology research.
The strategy is to increase pressure on organizations to pay the ransom or face publication of the stolen data.
Allan Liska, a ransomware expert told CyberSoop that the extraction of data and holding it for ransom changes the nature of a ransomware incident response and how organizations with reporting requirements need to view and respond to a ransomware attack.
Sources: CyberScoop: FBI warns US companies about Maze ransomware, appeals for victim data and HIPAA Journal
No comments:
Post a Comment