Organisations within the private sector received a warning from the FBI about the Maze ransomware targeting US companies.
The threat attack behind a Maze ransomware attack will pose as a government agency and steal data to which it is encrypted.
The warning contains important technical details to prevent companies falling victim to this threat.
According to the warning, threat actors utilise numerous methods for intrusion, including impersonating government agencies and known security vendors, and creating fake cryptocurrency sites.
“As of late November 2019, malicious cyber actors posing as government agencies or security vendors deployed Maze through phishing emails containing a macro-enabled Word document attachment. When the embedded macro was executed, Maze was downloaded and executed to infect the victim machine,” the warning read.
The FBI does not recommend paying the ransom as it does not guarantee the recovery of the files and often it encourages threat actors to attack other companies.
Charles Carmakal, senior vice president at Mandian, FireEye told CyberScoop: “The combination of the theft and encryption of data will feel like a one-two punch for victim organisations.”
“Organisations may feel more coerced to pay the threat actors because they may feel it’s the best option to prevent the disclosure of sensitive information.”
Last month, threat actors behind Maze published data allegedly stolen from the City of Pensacola, Florida in order for the city to pay the ransom.
Companies can reduce the chances of falling victim to a ransomware by utilising multi-factor authentication, working with up-to-date software, using strong passwords and separating more important systems from the wider network.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.