The Increasing Dangers of Maze Ransomware


Ransomware has been a buzzworthy topic for more than just IT professionals for some time now. A recent ransomware development referred to as Maze is proving to be extremely dangerous for the security and safety not only of companies but also of their patients, customers, and/or clients as well. Through understanding maze ransomware and its growing impact on security, companies can implement more effective internal practices to decrease the chances of a security breach.

What is Maze Ransomware?

Maze ransomware may be new to the cybersecurity scene, but it has already had a dangerous and controversial impact. Maze ransomware goes beyond other ransomware by creating cryptocurrency sites and malicious spam (“malspam”) campaigns that impersonate security vendors and/or government agencies. Maze first gained widespread attention when the virus duped consumers into believing they were installing a trustworthy security update to their computers and instead had their personal and sensitive information stolen, encrypted, and held for ransom. When first discovered in November 2019, maze ransomware gained national attention and provoked a panic among state and federal government officials as well as private citizens and corporations due to its particularly malicious and advanced ability to steal and encrypt sensitive data.

A maze ransomware breach packs a one-two punch for victims, as it not only invades and steals confidential information, but it also demands a ransom payment from victims in exchange for their own information. According to the Federal Bureau of Investigation (FBI), maze ransomware has even targeted government agencies – such as the City of Pensacola, Florida wherein stolen data was published as an attempt by hackers to pressure the city into paying a ransom.

Additionally, maze operators have established a “shaming” website unlike anything previously created by ransomware hackers. The shaming website shares the confidential data that is stolen. Meaning that victims’ full names and other personal information, such as social security numbers, could be published online. This threat shows how far cybercriminals are willing to go to secure a ransom from victims. If a ransom is left unpaid, stolen data will be published online and will remain online – increasing in detail as time passes and until the ransom is paid. Maze has even begun to share that their victims are along with group information. Maze is representative of a trend of increasingly aggressive ransomware hacks that government agencies, corporations, and citizens will have to protect themselves against moving forward.

The Current Threat

As 2020 has proven unpredictable so far, maze too continues to shock victims with increased levels of malice. Amid a global pandemic, maze issued a statement that its ransomware would not attack healthcare providers and organizations; however, this quickly proved to be untrue. Maze has reportedly hacked healthcare organizations resulting in patients’ confidential medical information and personal information being compromised. Hacking healthcare providers and associated organizations during the Coronavirus pandemic proves no industry or company is immune from maze attacks.

Companies can take steps to secure their data, including segmentation, encryption, endpoint security, regularly applying updates and patches, multifactor authentication, and more. According to the FBI, the following measures are recommended to safeguard data from hackers:

Educate on Maze Ransomware is a crucial first step in stopping any hacking attempts. Companies should educate their employees on what maze is and the most obvious phishing attempts used to lure victims. Most notable are emails camouflaged as being from a trusted source that encourage recipients to share sensitive information like passwords and user IDs. It’s important that employees receive cybersecurity training so they do not open unsolicited emails, attachments, or fall victim to other hacking attempts. A strong password policy for all employees is also recommended to prevent hacking.

Enable Spam Filters to prevent phishing emails from reaching end-users’ inboxes. Companies can implement strong security filters through the adoption of technology that prevents email spoofing, such as Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM). Companies should also configure firewalls to block access to known malicious IP addresses in addition to installing anti-virus and anti-malware programs that can scan computer regularly.

Regularly Back Up Data to a secure, offsite location so you can restore stolen data in the event an attack occurs. An easy way to accomplish this is by enabling automatic backups instead of relying on a user to routinely remember. Backups can be protected through the use of strong passwords. Backups should be regularly tested to ensure data is being saved.

Regularly Audit Users so you can frequently remove those who should not have access, including administrative rights. In addition to performing user audits, systems administrators should also audit gateway systems and Remote Desktop Protocols (RDPs) for any discrepancies in access or usage.

Texas Cybersecurity Lawyers

In under a year, maze ransomware attacks have proven to be extremely dangerous to both companies and their patrons. The cybersecurity and privacy lawyers at MehaffyWeber are experienced and knowledgeable on the statutory framework and applicable government regulations, in addition to being skilled litigators, and have represented victims of maze ransomware attacks. If your company has been a victim of a cybersecurity or ransomware hack, please contact us today.