Search This Blog

Maze Ransomware: Exfiltration and Extortion

Maze crew is now publicly ‘outing’ targeted companies that choose not to comply with their criminal demands.

 

New research by New Zealand organization Emsisoft has discovered that a cyber-blackmail tactic initially debuted by ransomware gang MAZE has been adopted by over a dozen other criminal cyber gangs. Initially observed in May of 2019, the maze was a prominent part of consistent, yet unremarkable, extortion campaigns. However, as of late a sizable uptick have been seen in Maze campaigns, including numerous prominent, high-profile attacks. The attackers behind Maze have previously claimed credit for assaults on both Allied Financial just as well as the City of Pensacola Florida. 

The globally renowned security software organization, Emsisoft declared a ransomware crisis in the last month of 2019. Their most recent ransomware report shows that this specific sort of malware has hugely affected the United States in 2020. Emsisoft threat analyst Brett Callow described the numbers in "The State of Ransomware in the US: Report and Statistics 2020" as "pretty grim." 

At least 2,354 US governments, medical services offices, and schools were affected by ransomware last year, including 113 federal, state, and municipal governments and agencies, 560 healthcare facilities, and 1,681 schools, universities, and colleges. Researchers noticed that the assaults caused huge, and in some cases perilous, disturbance: ambulances carrying emergency patients had to be redirected, cancer treatments were deferred, lab test results were difficult to reach, clinic workers were furloughed and 911 services were interfered with. 

In 2020, MAZE turned into the first ransomware group to be observed exfiltrating information from its victims and utilizing the threat of publication as extra leverage to coerce payment. As per a November report by Coveware, some ransomware gangs that exfiltrate information don't erase it, even in the wake of accepting a ransom from their victims. Coveware noticed REvil (Sodinokibi) requesting a second ransom payment for stolen information it had just been paid to delete.

Maze ransomware doesn't simply demand payment for a decryptor however exfiltrates victim information and threatens to leak it publicly if the target doesn’t pay up. This “double whammy” heaps on yet more strain to persuade the victim to cave into the cybercriminals' demand. The onus presently is on organizations to ensure they have a trusted security arrangement demonstrated to forestall ransomware from executing in the first place, as restoration of data from a backup won't save them.
Share it:

Cyber Crime

cybercriminals

Emsisoft

Maze Ransomware