Pune: Following a large-scale attack of Maze ransomware, the Indian Computer Emergency Response Team (CERT-In) has issued a warning about the spread of the ransomware and solutions to prevent the attack of such ransomware.
The alert stated that the ransomware was initially discovered in May 2019. Recently, the cybersecurity community observed a rise in Maze ransomware activities. Recently, tech giant Cognizant faced an attack by the same ransomware.
As per the alert by CERT-In, the Maze ransomware is often delivered via emails or exploit kits.
The Maze ransomware executes a ‘process killer’ before starting the encryption processes.
Ransomware terminates target processes mainly debuggers, text editors and programming IDEs, databases and languages running on the infected system.
Maze ransomware deletes Shadow Volume Copies twice (pre and post encryption) to ensure that recovery is not possible.
It then changes the user’s desktop wallpaper to a message about the encrypted files and the file name of the dropped ransom note.
The malware tries to make connections to IP addresses that have been encrypted in the binary to send information about the infected machine.
The ransom note then asks the victim to contact the threat actor by email for the decryption key.
An interesting feature of this ransomware is that it says the ransom amount will be different depending on the type of device.
If the victim fails to pay, ransom Maze operators release stolen data on the Internet.
- All operating systems and applications should be kept updated regularly. Virtual patching can be considered for protecting legacy systems and networks.
- Don’t open attachments in unsolicited emails even if they come from people in your contact list and never click on a URL contained in an unsolicited email even if the link seems benign.
- Block the attachments of malicious file types.