Maze Ransomware Attacks US IT Firm

Updated IoCs on August 26, 2020, 1:45 AM and 2:25 AM EST.

IT managed services firm Cognizant suffered a ransomware attack purportedly conducted by threat actors behind Maze ransomware, according to a report by BleepingComputer.

The company has emailed their clients about the attack. The email advisory included a preliminary list of indicators of compromise (IoCs) identified through its investigation,  which customers can refer to for system monitoring and securing. The list of IoCs include IP addresses and file hashes, which have been linked to previous Maze attacks.

Besides encrypting data, Maze ransomware operators are also notorious for releasing stolen data to the public. The ransomware also employs various methods to infect victims, including spam campaigns, fake cryptocurrency sites, and exploit kits.

Cognizant is a multinational company based in the U.S. that provides services to other companies, including those that fall under IT, digital, operations, and consulting.

 

Ransomware can potentially affect not just the enterprise itself, but their customers as well. With an attack against a company that offers IT services, the importance of securing the software supply chain is highlighted.

[Related: A new playground for cybercrime: Why supply chain security must cover software development]

Below are some best practices users can perform to mitigate risks associated with ransomware:

• Back up files using the 3-2-1 rule. This precautionary measure avoids data loss in case of a ransomware attack. It involves creating three backups in two different formats and storing one copy offsite.
• Be vigilant against socially-engineered emails. This reduces the chances of infection, as many ransomware types are propagated as spam attachments.
• Patch and update applications and programs. This ensures that vulnerabilities which can be used as entry points for ransomware can be fixed as soon as possible.
• Enable firewalls and intrusion prevention. This blocks malicious network activities, which may have been caused by ransomware.
• Deploy application control and behavior monitoring. This detects suspicious activities and prevents malicious programs such as ransomware from making unauthorized changes in the system.
• Utilize sandbox analysis. This enables monitoring minus the risk of compromise, as malicious files can be executed in an isolated environment.

As added protection against ransomware, the following Trend Micro Solutions are recommended:

• Trend Micro XDR for Users - Applies expert analytics to data collected from Trend Micro solutions, enabling faster detection and annihilation of attacks.
• Trend Micro Apex One™ - Offers automated threat detection, response, and investigation.
• Trend Micro™ Deep Discovery™ Email Inspector - Analyzes patterns and uses reputation analysis to detect the latest ransomware variants.
• Trend Micro™ InterScan™ Web Security - Blocks access to malicious URLs that propagate ransomware.

SHA-256	Trend Micro Pattern Detection
4218214f32f946a02b7a7bebe3059af3dd87bcd130c0469aeb21b58299e2ef9a	Ransom.Win32.MAZE.AC
9845f553ae868cd3f8d8c3f8684d18f226de005ee6b52ad88b353228b788cf73	Ransom.Win32.MAZE.AD
c84b2c7ec20dd835ece13d5ae42b30e02a9e67cc13c831ae81d85b49518387b9	Ransom.Win32.MAZE.SMDA