Critical Information About the Maze Ransomware Attacks
Since its discovery on May 29, 2019, Maze ransomware has cut a swathe of destruction through many businesses and organizations, scraping sensitive data and holding it hostage.
The idea behind ransomware is to infect a system, encrypt the files, and then demand payment — a ransom — to recover the files. Where Maze deviates from this formula is that these cybercriminals tell their victims if they refuse to pay, they’ll not only lose their data — it will be released on the internet.
What does “release the information on the internet” mean? There are several ways Maze malware authors can choose to do this:
- They can inform the media of your security breach and release the details, shaking public confidence in your brand
- They can use the dark web to sell any information that has commercial value
- Inform stock exchanges about the hack and stolen information
- Leverage the stolen information to hack your partners or clients — or let them know your company was hacked.
So, not only have Maze ransomware authors found a way to write sophisticated malware, they’ve ramped up the pressure to pay the ransom through innovative new ways of distributing stolen data.
Releasing the data not only exposes sensitive information, but it impacts the victim company by reducing public confidence. This loss of confidence often translates directly into a loss of revenue, a factor Maze authors count on when demanding payment.
Details of the Latest Maze Ransomware Attacks
While Maze has been operating for over a year now, they have not slowed in their pursuit of data. Most recently, two large companies — LG and Xerox — were successfully hacked by Maze.
In August of 2020, the Maze operators published sensitive internal data after two attempts at extorting both LG and Xerox. Maze’s website or “leak portal” indicated they may have gotten access to these two accounts as early as late June.
Both LG and Xerox refused to meet the cybercriminals’ demands so Maze moved into action, downloading source code for closed-source firmware for LG phones and laptops, among other products. For Xerox, they accessed employee data and data relating to customer support operations.
For now, it appears that both companies were running Citrix-based servers that were unpatched, leaving them compromised and open to vulnerabilities.
In the past, Maze has targeted companies, cities, government agencies, and other organizations to achieve their objectives — no organization is too large — or small — to escape their notice.
Protecting Your Company from Ransomware like Maze
Ransomware authors don’t just target large businesses.
Small- and medium-sized businesses (SMBs) and even home users are at risk. Typically, these cyber criminals make inroads by deploying typical cyberattacks like phishing, malicious links, eavesdropping, smurfing, and others to inject malware into your system.
To protect yourself and your organization, employ cybersecurity best practices such as:
- Educating personnel on typical attacks and how to avoid them
- Implement an ongoing awareness and training program
- Enable strong spam filters
- Configure firewalls
- Ensure operating systems, software, and firmware are patched and updated
- Use anti-malware and antivirus programs
- Manage privileged accounts
- Configure access controls
- Disable macro scripts from email-transmitted office files
- Use application whitelisting
- Use a virtualized environment
One of the best ways to protect your company’s sensitive data is to deploy a strong, cloud-based document management system that offers redundancy, disaster recovery, access control, and data encryption.
Additionally, choosing managed services ensures your software, firmware, and applications are maintained, patched, and updated as soon as security updates and upgrades are available, removing vulnerabilities as they are found and reducing your exposure to cyberattacks.
Let James Imaging Protect Your Wisconsin Business with Managed Services
At James Imaging, we have teams of professionals standing by to help secure — and protect — your sensitive data. We offer document management and managed print services, two premier ways you can take control of your cyber environment, and safeguard mission-critical data.
With managed services, your company’s data and infrastructure are fully protected with the latest and most critical security features — from updates and patches to upgrades — so you can focus on mission-critical tasks.
And our cloud-based applications and automation mean you have layers of protection surrounding the archiving, sharing, and editing of your data for better compliance, enhanced security, and disaster recovery.
Protect your company’s data from ransomware — and other cyber threats — today. Reach out to a professional at James Imaging Systems and learn how managed services can help protect and safeguard your sensitive data.