Got infected by the Maze ransomware? To pay or not to pay the ransom? Is this the ultimate decision in ransomware attacks? Not anymore. Cyber-criminals have found a new way to leverage the exploitation of victims who do not agree to pay the ransom.
Since most of the users are getting proactive and have started taking multiple prevention methods to protect them against the evil outcomes of ransomware attacks, cyber-criminals are now threatening victims of making their confidential data publicly available. Depending on the sensitivity of the data, such actions can have irreversible consequences on the victims.
Maze ransomware first started publishing stolen data in May 2019. Allied Universal is one of its most popular victims, who refused to pay the ransom. A total of 700 MB of stolen data was dumped.
The maze is not the only player in deploying these double-featured ransomware attacks, DoppelPaymer, Clop, and Sodinokibi are few other notable players that pressurize reluctant victims of publishing their data.
Maze Ransomware: Distribution Methods And Working Methodology
Believed to be a popular variant of ChaCha ransomware, Maze was first deployed and uncovered in May 2019 by the director of Threat Intelligence Jérôme Segura at Malwarebytes.
Ever since then the gang is exploiting victims in major verticals including hospitality, healthcare, finance, pharma, insurance, and many more.
Infected attachments, phishing email, and brute force attacks are some of the major forms of distribution deployed by cyber criminals to spread Maze ransomware. Apart from this it is also distributed through Flash player vulnerabilities, network voids, and exploit kits like Spelevo EK, etc.
One the ransomware has gained system access it starts encrypting the stored data with an encryption file RSA and ChaCha20. Post that a string file is added to the encrypted file to place a warning message on the victim’s screen asking for ransom.
A file named DECRYPT-FILES.txt is created in each folder where all the encrypted files are placed. On paying the ransom the attackers promise to provide the decryption key that will unlock the files. But paying the ransom was never a solution.
Protection Yourself Against Maze Ransomware
- Update your device with the latest Microsoft packages.
- Ensure that your device is protected with a powerful security suite.
- Avoid using public IP’s.
No matter how hard you avoid paying the ransom, the thought of losing your confidential data can put you in an overwhelming situation. In addition to this, the fear of getting your sensitive information thrown on the internet also acts as a compelling reason to pay the ransom.
Paying the ransom is never a solution, so make sure that you take all possible steps to prevent being a victim of such malicious activities.