The news last month of the “retirement” of Maze should be a warning to organizations wondering what ransomware will come next and how much worse will it be.
Nothing says you’ve made it like being able to retire. You’ve felt like you’ve spent enough time in the workforce, socked enough money away, and now want to spend your time playing golf or doing humanitarian work, etc.
That’s the scary part about the news of the retirement of the Maze group. Think about it – they’ve collected over $100 million and have decided it’s no longer of interest (what a way to exist on a high note!). Maze has gone from simply being the malware to be emulated to becoming a financial goal for cybercriminal teams. And that’s dangerous; they’ve shown the world it’s possible to make enough to retire in just a few years. Talk about motivation.
So, what’s next for ransomware? Industry data shows many Maze affiliates have to a new family of ransomware-as-a-service known as Egregor that uses the same “encryption, data exfiltration, and extortion” recipe as Maze.
But that’s not a guarantee that Egregor is the new Maze.
Organizations should expect to see ransomware gangs stepping up their game – and that means more phishing attacks, more affiliates, organized use of outsourcing for parts of cyberattacks, better evasion techniques, and better spearphish targeting. Why? Because every wannabe ransomware gang wants to make their $100+ million and retire too!
To prepare, organizations need to strengthen their human firewall – the user who interacts with phishing attacks – through new school Security Awareness Training. By educating them on the ever-changing face of social engineering techniques and phishing schemes, users are mindful that every time they open an email or visit a website, it may be part of an elaborate attack designed to trick them into installing the next evolution in the ransomware saga.