Maze Ransomware Attacks US IT Firm
20 April 2020
Updated IoCs on August 26, 2020, 1:45 AM and 2:25 AM EST.
IT managed services firm Cognizant suffered a ransomware attack purportedly conducted by threat actors behind Maze ransomware, according to a report by BleepingComputer.
IT managed services firm Cognizant suffered a ransomware attack purportedly conducted by threat actors behind Maze ransomware, according to a report by BleepingComputer.
The company has emailed their clients about the attack. The email advisory included a preliminary list of indicators of compromise (IoCs) identified through its investigation, which customers can refer to for system monitoring and securing. The list of IoCs include IP addresses and file hashes, which have been linked to previous Maze attacks.
Besides encrypting data, Maze ransomware operators are also notorious for releasing stolen data to the public. The ransomware also employs various methods to infect victims, including spam campaigns, fake cryptocurrency sites, and exploit kits.
Cognizant is a multinational company based in the U.S. that provides services to other companies, including those that fall under IT, digital, operations, and consulting.
Defense against ransomware
Ransomware can potentially affect not just the enterprise itself, but their customers as well. With an attack against a company that offers IT services, the importance of securing the software supply chain is highlighted.
[Related: A new playground for cybercrime: Why supply chain security must cover software development]
Below are some best practices users can perform to mitigate risks associated with ransomware:
- Back up files using the 3-2-1 rule. This precautionary measure avoids data loss in case of a ransomware attack. It involves creating three backups in two different formats and storing one copy offsite.
- Be vigilant against socially-engineered emails. This reduces the chances of infection, as many ransomware types are propagated as spam attachments.
- Patch and update applications and programs. This ensures that vulnerabilities which can be used as entry points for ransomware can be fixed as soon as possible.
- Enable firewalls and intrusion prevention. This blocks malicious network activities, which may have been caused by ransomware.
- Deploy application control and behavior monitoring. This detects suspicious activities and prevents malicious programs such as ransomware from making unauthorized changes in the system.
- Utilize sandbox analysis. This enables monitoring minus the risk of compromise, as malicious files can be executed in an isolated environment.
As added protection against ransomware, the following Trend Micro Solutions are recommended:
- Trend Micro XDR for Users - Applies expert analytics to data collected from Trend Micro solutions, enabling faster detection and annihilation of attacks.
- Trend Micro Apex One™ - Offers automated threat detection, response, and investigation.
- Trend Micro™ Deep Discovery™ Email Inspector - Analyzes patterns and uses reputation analysis to detect the latest ransomware variants.
- Trend Micro™ InterScan™ Web Security - Blocks access to malicious URLs that propagate ransomware.
Indicators of Compromise
SHA-256 | Trend Micro Pattern Detection |
4218214f32f946a02b7a7bebe3059af3dd87bcd130c0469aeb21b58299e2ef9a | Ransom.Win32.MAZE.AC |
9845f553ae868cd3f8d8c3f8684d18 |
Ransom.Win32.MAZE.AD |
c84b2c7ec20dd835ece13d5ae42b30 |
Ransom.Win32.MAZE.SMDA |
HIDE
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Veröffentlicht in Cybercrime & Digital Threats, Ransomware