What Is Maze Ransomware and How Does It Work

Maze ransomware is a sophisticated ransomware affecting companies and organizations around the world. Read more to know about maze ransomware & how does it work
What Is Maze Ransomware and How Does It Work

In yet another cyber attack incidence, this time the recent victim has been the IT services giant Cognizant. Cognizant released a statement on its official website stating "Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack"
Here are 4 things you need to know about the deadly ransomware:

What Is Maze Ransomware?

Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data. Maze ransomware was discovered on May 29, 2019, by Malwarebytes security researcher Jerome Segura. According to BleepingComputer, Maze was previously known as ChaCha ransomware, Segura discovered that it was being distributed by the Fallout exploit kit through a fake site pretending to be a cryptocurrency exchange app. Maze can spread across a corporate network, infect computers it finds and encrypts data so it cannot be accessed.

How Does Maze Ransomware Work

"Maze ransomware was discovered on May 29, 2019. The Maze authors created a fake Abra cryptocurrency site in order to buy traffic from ad networks. Visitors to the cryptocurrency site would then be redirected to the exploit kit landing page under certain conditions. Using RSA and ChaCha20 encryption as part of the process, the ransomware scans for files to encrypt and appends different extensions to the files" as per Bleepingcomputer reports.

Being a ransomware, Maze initially spreads across a corporate network of the target & infects computers it finds and encrypts data so it cannot be accessed. The fundamental operation of this ransomware is it steals the data it finds and ex-filtrates it to servers controlled by malicious hackers who then threaten to release it on the internet if a ransom is not paid.

The Maze ransomware is hard programmed with some tricks to prevent reversing of it and to make static analysis more difficult, according to McAfee Labs.

In addition to all of this they also have a website they list their targets. The website includes details of when victims had their computer systems hit by the Maze ransomware as well as links to downloads of stolen data and documents as “proof.” There are even convenient buttons on the website to share details of breaches via social media.

How Does It Affect The Victims

It appears that Maze ransomware gang is not only capable of writing sophisticated malware. They have also found a very effective way of increasing the pressure on its corporate targets to pay up.

It is obvious anyone would want to have their client database or other sensitive information to be a secret. But Maze authors have their own set of tricks to force the target to pay up, which are as follows:

  • Release public details of your security breach and inform the media
  • Sell stolen information with commercial value on the dark market
  • Tell any stock exchanges on which your company might be listed about the hack and the loss of sensitive information
  • Use stolen information to attack clients and partners as well as inform them that your company was hacked.

How To Save Yourself From Maze Ransomware

Though not a guaranteed solution but you must increase your online security-
Make secure offsite backups. Run up-to-date security solutions and ensure that your computers are protected with the latest patches against newly-discovered vulnerabilities. 

Use hard-to-crack, unique passwords to protect sensitive data and accounts. Enable multi-factor authentication.
Encrypt your sensitive data wherever possible.