MSP, Networking, Networking

5 Things You Need to Know About Maze Ransomware

Author: Kevin Rubin, president and CIO, Stratosphere Networks
Kevin Rubin, president and CIO, Stratosphere Networks

As people around the world continue to grapple with the challenges presented by the COVID-19 pandemic, business leaders must also worry about the continued spread of another type of damaging infection: Ransomware.

You’ve probably already heard about this type of malware, which infects your network and encrypts your files, according to the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA). After that, the cybercriminals behind the attack will demand that you pay a ransom in exchange for the decryption key. These kinds of attacks have become increasingly costly and common in recent years.

The Rising Prevalence and Price of Ransomware Attacks

Ransomware was already “the most pervasive cyber threat since 2005” before the pandemic, according to the CSO article “The history of ransomware.” Now, in efforts to take advantage of the chaos caused by the novel coronavirus, malicious actors have launched various COVID-19-themed schemes, including ransomware attacks. In the first half of 2020, ransomware-related incidents accounted for 41 percent of reported cyber insurance claims, according to a report from Coalition.

Hackers have also gotten more demanding recently: During the first quarter of 2020, the average ransom payment went up to $111,605, an 11 percent increase compared to the fourth quarter of 2019, Coveware reported. The most common attack vectors were phishing messages, software vulnerabilities and Remote Desktop Protocol (RDP) compromise.

Up until recently, backing up your data regularly offered a way to restore your systems without giving in to the criminals’ demands in the event of a ransomware attack. However, a new variant of this species of malware called Maze has rendered backups ineffective as a preventive measure. Here’s everything you should know about this type of ransomware and how you can fight it.

The Emergence of Maze and Key Facts

Maze first popped up in 2019 as a variant of ChaCha ransomware, according to the Malwarebytes Labs blog post “Maze: the ransomware that introduced an extra twist.” Since then, it’s made headlines due to its unique strategy for getting victims to pay up, even if they have reliable backups.

Here are a few key things you should know about Maze ransomware to craft and maintain a comprehensive cybersecurity strategy for your organization.

1. Maze exfiltrates data, and the criminals behind the attack will threaten to leak sensitive info if you don’t pay the ransom. This strategy means that restoring your systems from backups won’t get you out of trouble, Malwarebytes explains. For example, the first known victim of this kind of malware, a security services company in California, had 700MB of their data released after they didn’t hand over the money the hackers demanded. That means victims face the choice of paying the ransom or dealing with a data breach.

2. Other kinds of ransomware have followed Maze’s example. Sodinokibi, Clop and Nemty are just some of the other variants that have picked up this new spin on extortion, according to the McAfee Labs blog entry “Ransomware Maze.”

3. These are not empty threats. The cybercriminals who leverage Maze have a dedicated website where they list their victims and allow visitors to download the stolen data. This ensures that the data breaches get press coverage, according to the Tripwire article “Maze Ransomware – What You Need to Know.”

4. The main ways that malicious actors infect their victims’ IT environments with Maze are RDP brute force attacks and email spam/phishing campaigns, according to Malwarebytes. Other methods include unpatched vulnerabilities, Tripwire states.

5. Because backups won’t save you, it’s important to act before hackers try to infect your network. There are fortunately numerous steps you can take to proactively protect your business from Maze and other types of cybersecurity threats:

  • Implementing an email spam filter
  • Labeling all emails that come from outside your organization to remind recipients to proceed with caution
  • Conducting regular employee security awareness training and teaching your team to recognize suspicious messages
  • Patching and updating all IT tools and infrastructure to fix points of vulnerability before hackers can exploit them

It also helps to have other high-level IT security solutions (e.g., zero-trust network architecture and endpoint and network Managed Detection and Response) in place to minimize your chances of a data breach.


Author Kevin Rubin is president and CIO at Stratosphere Networks. Read more from Stratosphere Networks here.