Why organisations should be wary of Maze ransomware?

  • Leading IT services provider Cognizant was hit by a ransomware attack. Though Maze ransomware organization has denied its involvement in the incident, security experts don't seem convinced

Abhijit Ahaskar
Updated20 Apr 2020, 03:06 PM IST
Also known as ChaCha ransomware, Maze was discovered in May 2019 by Jerome Segura, a malware intelligence analyst. Photo: iStockphoto
Also known as ChaCha ransomware, Maze was discovered in May 2019 by Jerome Segura, a malware intelligence analyst. Photo: iStockphoto

NEW DELHI: As more organisations switched to remote working due to lockdowns, there has been an increase in cyberattacks ranging from phishing scams to ransomware attacks.

Leading IT services provider Cognizant was recently targeted by a ransomware attack. The company confirmed a security incident involving their internal systems, leading to disruption of services for some clients due to Maze ransomware attack.

Also known as ChaCha ransomware, Maze was discovered in May 2019 by Jerome Segura, a malware intelligence analyst.

Though Maze ransomware organization has denied its involvement in the attack, security experts don't seem convinced. “The ransomware has still been categorized as Maze because the listed IOCs included IP addresses of servers and file hashes for the kepstl32.dll, memes.tmp, and maze.dll files. These are known to be used in previous attacks by the Maze ransomware actors,” said Saket Modi, co-founder & CEO of Lucideus, a cybersecurity company.

This is the second major cyberattack involving the Maze ransomware on an organisation in a month's span. In March, Chubb, a cybersecurity insurance company, reported a security breach which is believed to be the handiwork of Maze ransomware group.

Interpol has also warned health organisations across the world to brace themselves for a possible attack involving nefarious ransomware, even though the Maze ransomware group has reportedly assured that they won't be targeting healthcare and medical facilities for the time being.

How does Maze operate

McAfee Labs' research on Maze shows that the ransomware is mainly spread through exploit kits such as Fallout and Spelevo; desktop connections with weak passwords; phishing emails impersonating government agencies. For instance, in the October cyberattack on Italian organisations, emails were sent with a Word attachment that used macros to run the malware in the system.

According to McAfee, this malware is hard programmed to prevent reverse engineering of its codes, which makes static analysis by security researchers more difficult.

Reverse engineering is a common practice used in cybersecurity to understand how a given program, like the malware in this case, works.

What makes Maze dangerous?

A typical ransomware attack which encrypts all files and then locks them down to prevent access until the owner or organisation has paid the ransom. What makes Maze ransomware unique is the fact that before encrypting files it steals a significant amount of data and sends them to a remote server controlled by the attacker. The objective is to sell the data on DarkWeb if the organisation or individual refuses to pay the ransom amount.

Who is behind Maze?

Security experts have yet not been able to trace the country of origin of the maze ransomware. During their examination, McAfee Labs found some of the IP addresses belonged to Russian Federation. However, it is not enough to confirm the country bits come from, IP spoofing is a common practice used by attackers to deliberately misdirect investigations and even cause disharmony among two states.

What can organisations do to protect themselves

Modi points out, one can avoid paying ransoms as long as they have all important data backed up properly. However, to protect their systems from any such attacks, organisations need to improve their security posture.

“These are exactly the situations why the industry needs to adopt a proactive, real-time and quantifiable approach to cybersecurity. Cyber risk quantification platforms can help organisations get a clear view into the cyber risk posture in real-time, allowing them to prioritise cybersecurity projects and investments,” added Modi.

Catch all the Business News , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.

MoreLess
First Published:20 Apr 2020, 03:06 PM IST
Business NewsNewsIndiaWhy organisations should be wary of Maze ransomware?

Get Instant Loan up to ₹10 Lakh!

  • Employment Type

    Most Active Stocks

    ITC share price

    481.30
    03:52 PM | 6 NOV 2024
    1.25 (0.26%)

    Tata Steel share price

    153.60
    03:59 PM | 6 NOV 2024
    1.3 (0.85%)

    Infosys share price

    1,824.30
    03:58 PM | 6 NOV 2024
    70.5 (4.02%)

    Larsen & Toubro share price

    3,646.65
    03:44 PM | 6 NOV 2024
    71.25 (1.99%)
    More Active Stocks

    Market Snapshot

    • Top Gainers
    • Top Losers
    • 52 Week High

    Hindustan Zinc share price

    513.15
    03:54 PM | 6 NOV 2024
    -46.3 (-8.28%)

    Great Eastern Shipping Company share price

    1,257.65
    03:53 PM | 6 NOV 2024
    -36.35 (-2.81%)

    Five Star Business Finance share price

    654.85
    03:43 PM | 6 NOV 2024
    -18.8 (-2.79%)

    Triveni Engineering & Indus share price

    406.00
    03:29 PM | 6 NOV 2024
    -11.25 (-2.7%)
    More from Top Losers

    Syrma SGS Technology share price

    554.00
    03:51 PM | 6 NOV 2024
    47.45 (9.37%)

    Dixon Technologies (India) share price

    15,658.95
    03:43 PM | 6 NOV 2024
    1262.95 (8.77%)

    Tejas Networks share price

    1,409.95
    03:55 PM | 6 NOV 2024
    101.7 (7.77%)

    Eclerx Services share price

    3,263.35
    03:52 PM | 6 NOV 2024
    231.45 (7.63%)
    More from Top Gainers

    Recommended For You

      More Recommendations

      Gold Prices

      • 24K
      • 22K
      Bangalore
      80,365.000.00
      Chennai
      80,371.000.00
      Delhi
      80,523.000.00
      Kolkata
      80,375.000.00

      Fuel Price

      • Petrol
      • Diesel
      Bangalore
      102.92/L0.00
      Chennai
      100.80/L0.00
      Kolkata
      104.95/L0.00
      New Delhi
      94.77/L0.00

      Popular in News

        HomeMarketsPremiumInstant LoanMint Shorts