Navigating the Maze Behind Ransomware

Navigating the Maze Behind Ransomware

There are very few cyber-attacks that can equal ransomware in terms of effectiveness and safety. From the hacker’s perspective, they can use this kind of software to extort potentially huge ransom payments and they can do it with little risk to themselves. From your perspective, of course, it is a highly annoying and very damaging attack. As if plain old ransomware wasn’t bad enough, there are new types that have proven to be even worse than the old ones. Of all these newer strains, Maze ransomware is definitely one of the most dangerous. Let’s learn a little more about this unfortunate plague.

How Does Ransomware Work?

Ransomware works by encrypting your data without your knowledge or consent. Encryption is normally a tool that helps people to keep out intruders (indeed, it is one of the best tools for that purpose). Unfortunately, just as it can be used to lock out an intruder, it can also be used to lock out a legitimate user. Once all the data is encrypted and locked, the attackers will demand a ransom payment in exchange for the password…hence the name of this unique and pervasive threat.

To carry out the initial penetration, a ransomware program might make use of many methods. It could be anything from a malicious link hidden in an email to the theft of your network credentials through the plundering of memory sectors. For Linux users: That last part is why you should always encrypt your swap partition! Once the encryption process has begun, it usually cannot be reversed.

What Makes Maze Ransomware Different?

Maze ransomware has proven to be particularly difficult for several reasons. First, and most importantly, it doesn’t just lock your data. As it encrypts your file system, it copies all of those files and sends them to an external server. This server, of course, is owned and controlled by hackers. In this way, a ransomware attack can be combined with a data breach to make it even more dangerous.

These people are so brazen that they operate a website where they openly tell of their crimes! We aren’t giving you the address because it’s probably not a good idea to open up sites like that, even for purposes of review. We already know that this site is run by hackers, so there is no reason to go there. In any case, this website serves as the public forum by which they can give your personal information to the entire world. Once they make it public, literally anyone can download your data.

The people behind this malware have surely realized that they have the power to put companies out of business. By covering their actions, the media gives these people more power to frighten and intimidate their victims into submission. Companies know that it’s less damaging to pay the ransom than to deal with the consequences of a big data breach. While a ransom might cost thousands or even tens of thousands, the destruction of your company’s credibility often results in total ruin. Thus, it’s kind of like cutting off a diseased limb to save the whole person. The problem, unfortunately, is that the hackers won’t necessarily keep their bargains.

Why Backups Aren’t Good Enough For This Ransomware

Under most circumstances, a good backup system is enough to defeat ransomware. Instead of paying the ransom, you can just delete everything. By that, we mean that you would wipe the infected device and check every part of the network for remnants. To be very thorough, you might want to do a total wipe (don’t forget the data overwrite option! Nothing on a computer goes away until it is overwritten!) on all connected devices.

Maze ransomware cannot be defeated in this way. Of course, backups will allow you to restore your system without paying the ransom. However, they will still have all your data, and they can still sell or give it away. On top of that, you might end up paying huge fines if the government finds that you did not take every possible precaution.

How To Deal With Maze Ransomware

First of all, any sensitive data on your network devices should never be stored in a non-encrypted fashion. You need an encrypted file container (basically just a locked folder) to store things like system backups and personal information. Even if they manage to access the files, they will probably be scrambled and unusable.

Network monitoring is also a potential solution. If you can catch the malware attack before it begins the process of encrypting your drive, it can probably be stopped. If you ever see one of these attacks in progress, immediately shut down the device and disconnect the internet. This will give you and your IT people some time to figure out the next step.

Trends Related To This Ransomware

To learn a little bit more about this program, we need to understand some relevant facts and statistics. Some of those can be found here, and the results are most enlightening.

First, we can see that most attackers were within the United States, so this is a group that’s either based in the USA or which targets people in the USA specifically. We can also see that ransomware attacks often involve whole teams of hackers rather than the classic lone-wolf model. Not surprisingly, email has turned out to be the biggest attack vector. Thus, you really need to be using encrypted email on an in-house server. Secure clients like Thunderbird or Kleopatra are also helpful.

Conclusion

One good thing to note is that the Maze “organization” (some have called it a cartel) claims to have ended its activities. Their website is no longer publishing current information, and they claim that they have ceased all operations. However, we think this is an obvious ruse designed to throw investigators off their trail. The tiger does not change his stripes and the con artist usually doesn’t give up their best scam. For help or advice relating to this subject, you can call PCH Technologies at (856) 754-7500.