5 Minutes

Ransomware is more than a buzzword – it’s a real danger for businesses of all sizes. The most terrifying fact is ransomware is becoming more targeted and more complex. A perfect example is Maze ransomware.

We keep track of all the latest threats so we can help protect our clients and ourselves. While most ransomware simply locks a business’s files, Maze goes several steps further. However, we don’t believe businesses should ever have to be forced to pay cybercriminals a ransom. All it takes is the right preparation and diligence to prevent becoming the next victim of Maze or any other ransomware.

A Look Inside Maze Ransomware

We have to admit that Maze ransomware does something we haven’t quite seen before – it follows through on the threat to make private data public. It’s not a new thing for hackers to threaten businesses with releasing their encrypted data if the ransom isn’t paid. However, Allied Universal learned the hard way that those behind Maze Ransomware would do more than threaten.

The hacker group actually published 700 MB of stolen data from Allied Universal in late November, which is just 10% of what the group has access to. Now, it’s not just a matter of a business’s data being locked behind a paywall, but it could also be stolen and handed out to anyone who wants it. Of course, hackers could also simply sell off the data.

While we see plenty of news stories about data breaches, we don’t see nearly as many about ransomware. The main reason is victims either quietly pay the ransom or have backups in place to circumvent the problem. This means very few people even know the event happened.

Maze ransomware victims won’t get away so easily. Since what this group is doing is definitely a data breach as well as ransomware, they want everyone to know who has been infected. Instead of keeping ransomware incidents quiet, the business’s name, date of infection, a few of the stolen files to prove legitimacy and a list of servers and IP addresses that are currently infected are published publicly.

Prevention is the only real way to deal with this threat now. Otherwise, it will have to be treated as a data breach. Hackers won’t just let it go if a business doesn’t pay. Now, they’ll continue to push until a business pays up. If businesses refuse to do so, hackers will take the stolen data public, which will lead to large fines for victims for not disclosing the incident as soon as it happened.

Ransomware Isn’t Going Away

Despite fewer new ransomware families being created, Trend Micro discovered a 77% increase in ransomware detections during the first part of 2019. Surprisingly, WannaCry is still one of the most common ransomware types.

Overall, desktops are still the most targeted by hackers. When it comes to types of devices infected by ransomware, a Malware Fox infographic shows that 80% were desktops and 57% were servers. Currently, mobile devices are third at just 38%.

These attacks continue to be more sophisticated and targeted. Businesses can lose millions and small businesses may even be ruined completely. Since the threat isn’t going to stop, we recommend focusing efforts on stopping infections from happening.

Understand Vulnerabilities

We feel the first step is knowing a business’s main vulnerabilities. According to Malware Fox’s infographic, phishing accounts for 69% of ransomware infections. Malicious clicks, botnets and drive by downloads are the next three major causes coming in at around 40% each.

What does this mean for our clients and other businesses? Employees are often the cause of ransomware infections. They’re responsible 51% of the time. Of course, we don’t want businesses to simply blame employees. Poor security and antivirus accounts for 45% of infections. Then, the worst part is 26% of infections come from outdated and unpatched software. This last one is 100% preventable, but many businesses still choose to run outdated software and apps.

Protecting Businesses

There are several steps that we recommend to businesses who don’t want to become the next ransomware victim. These include:

  • Employee cybersecurity training – Teach employees what to look for so they avoid phishing attempts, malicious links and downloads, fake sites and all the other sneaky ways cybercriminals lure in victims. Also utilize tools to test your employees’ likelihood to succumb to phishing emails, inserting an unknown USB drive into their computer that they found lying around, etc.
  • Secure everything – It’s not enough to simply have antivirus. Businesses must ensure every single device has updated antivirus. Utilize firewalls, increase minimum password requirements for more secure passwords, avoid using default anything for accounts and invest in vulnerability and penetration testing to lock down any open areas.
  • Backup files regularly – We know it’s not always convenient, especially if backups tend to slow down a business’s network. However, losing hours and thousands, or even hundreds of thousands, because the business didn’t have a backup is far less convenient. Daily backups work well. Making sure that employees cannot access the backup data is of paramount importance, since most ransomware infections use the infected employee’s credentials to wreak havoc with.
  • Update and patch – Always keep everything up to date and install security patches immediately. For products that are no longer supported, upgrade to avoid becoming an easy target.

Ransomware, especially Maze ransomware, isn’t a joke. Contact us today to find out how we can help you avoid becoming another ransomware statistic.

James Barr

Written by James Barr