FBI Warns U.S. Companies About Maze Ransomware



FBI-logo-webThe FBI is warning U.S. companies about a series of recent ransomware attacks in which the perpetrator, sometimes posing as a government agency, steals data and then encrypts it to further extort victims.In an advisory to the private sector last week, the FBI called for vigilance to combat the so-called Maze ransomware, which the bureau said began hitting U.S. organizations in November.

“From its initial observation, Maze used multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors,” states the advisory obtained by CyberScoop.

“In a late November 2019 attack, Maze actors threatened to publicly release confidential and sensitive files from a US-based victim in an effort to ensure ransom payment,” the advisory says, without naming the victim.

Maze is but one of an array of different strains of ransomware to emerge in recent years, a scourge with which companies and state and local governments have struggled to contend. This particular hacking tool caught the attention of security researchers last fall, when it was used in a scheme to dupe people in the U.S., Italy, and Germany into installing malware on their computers. Last month, the Maze perpetrators gained more notoriety when they published data supposedly stolen from the City of Pensacola, Florida, to pressure the city into paying a ransom.

“The combination of the theft and encryption of data will feel like a one-two punch for victim organizations,” said Charles Carmakal, senior vice president at Mandiant, the incident response arm of cybersecurity company FireEye. “Organizations may feel more coerced to pay the threat actors because they may feel it’s the best option to prevent the disclosure of sensitive information.”

The FBI “Flash”— a document the bureau periodically sends to U.S. companies to alert them to hacking activity — offers technical indicators to detect Maze ransomware and asks victims to provide information that could help track the hackers. The bureau requests things like bitcoin wallets used by the hackers and the complete phishing email they sent to the victim. The request for victim data related to Maze aligns with a new FBI offensive against ransomware that taps a wealth of data held by corporate victims. Last September, for example, the FBI held an unprecedented, closed-door summit on ransomware with private sector experts to get a handle on the problem.

Cyberscoop has the full story


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Topics: Phishing, Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews