There are many cyber threats in society where we live, which can affect and infringe our rights, whether by stealing information, counterfeiting identity cards or unable accessibility to our resources, among others.
One of these threats, which takes more presence over time, is named Ransomware and it leads to a restriction access to data from infected equipment, thus offering the possibility of monetary rescue to regain access to them.
Maze, first known as ChaCha because of its encryption capabilities, is a ransomware that was first revealed in May 2019, and which later, around November 2019, also began to publicly divulge its victims, first those who didn’t pay the ransoms, and ultimately all of them, threatening to also filter confidential data. One example of this disaster is the 11 million stolen bank card data from Costa Rica, which later spread 1/3 of the bank cards.
Maze does not define a unique attack, but rather that it’s used as part of a multiple cyberattack, where first the Cybercriminals seek access to the company’s internal resources, and once obtained they study the infrastructure to find the most valuable assets to be attacked and finally prepare the environment to launch the ransomware and make it effective.
Following studies conducted by companies such as Sophos who asked a wide range of IT managers in companies, about 53% of companies suffered at least one ransomware attack during 2019, where the others, a 42% expected to suffer an attack in the future. But the devastating impact goes further, only by looking at the Maze’s ransomware, it has infected IT companies as important as Conduent, Cognizant and in other sectors as the leader in steel export in Southeast Asia, Hoa Sen Group, as well as nuclear contractors and schools in USA, as well as ST Engineering. In addition, we can find other well-known ones such as LG, Sherok and Canon.
Protection is achieved through a prior awareness of what is a ransomware and how it can get in, this training is provided from LightEyes with the aim of raising awareness and enabling users to know, prevent and act in occasions of compromised situations in the security field. Having done that, and having understood the problem, it’s important to be cautious when a device is being used, not by opening attachments of suspicious emails, only visit official and trusted websites, as well as download software from official websites, and above all perform backups in case of a ransomware attacks, so we can recover the information without a rescue. Applying perimeter safety over the network is an essential solution, as it will enable the vast majority of undirected attacks, which automatically attempt to search for victims and possible vulnerable roads. From LightEyes we offer protective and prevention packages against these attacks.
Other ways of making sure our team is not infected, is using free-trusted software that can be found easily on the web, as is the case with Malwarebytes.
Finally, it’s also interesting to note that although it’s preferable not to reach the very long-term condition of infection, there are possible solutions that can work. First, it’s important to immediately isolate the newly infected equipment or devices, as well as discover the Ransomware type, as there are decryption tools for some of them. However, if backup files are available, they can be used to restore the encrypted data.
Data and reputation are also among the most important assets of a person, and even more when we talk about a person who is chosen by other people. This is a very important, almost incalculable value, and they must be protected in accordance with the level of importance they have. This protection must be complete and in all areas, with only a small part of unprotected data, attackers can extract information.