The turmoil of the real world has yet again extended its chaos to the digital realm and we have seen numerous cyber-attacks being carried out by various threat actors since the outbreak of the COVID-19 pandemic. Consequently, economies have stagnated and business continuity is taking a hit. Lives, whether personal or digital have suffered.
The most recent security breach of a severe magnitude that was reported was that of a giant from the Information Technology domain being hit with a Maze Ransomware attack.
Discovered last year on the 29th of May 2019, the Maze Ransomware was previously known as “ChaCha Ransomware”. The main goal of this ransomware is to encrypt all the data that is stored in an infected system and then demand ransom from its victim, like any other potent ransomware from the threat vector family. However, the most precarious feature of the malware is that it is capable of releasing the encrypted information on the internet if the victim fails to make a payment.
This is not a threat that can be taken lightly since one of its previous victims had their data released on the internet. Although they did take legal action but the damage to business and reputation was already done.
Modus Operandi of the Maze Attack –
- Finding a pathway into the network – This is normally done by exploiting known vulnerabilities of Workstations/Servers which are exposed to the Cloud. This is done using commonly available tools/tactics, techniques & procedures (TTP’s).
- Installation – Once a pathway is found, a malware is installed which is responsible for monitoring internal networks & communications.
- Exfiltration – Exfiltration of data from the networks is carried out, which will be used for Secondary ransom negotiation, in case primary negotiations fail (all sensitive data will be uploaded to public networks, in case payment is not made).
- Encryption – Data is encrypted along with the information on cloud exposed systems & systems which are networked (lateral spread). This is used for primary negotiation (payment for decryption keys).
As an organization, we have ensured all of our current and potential clients that we are perfectly capable and well equipped to deal with such an attack, due to the futuristic technologies that we have in our arsenal. You can read more about it in our recent press release here.
Our experts have elaborated on how eScan products are capable of nullifying such a severe threat with eScan’s Ransomware and tools/tactics, techniques & procedures (TTPs) modules –
Active Monitoring – eScan’s active monitoring proactively blocks a large number of known tools used for gaining access to endpoints
Terminal Services Protection Module – eScan’s Terminal Services Protection Module (TSPM) will disallow Remote Desktop Protocol (RDP) sessions from suspicious Cloud IPs.
Proactive Behavioural Analysis Engine – eScan’s PBAE will disconnect & remove any sessions which are deemed suspicious
Data Backup – eScan’s data backup module will help users recover & get sensitive machines back online, in case of any suspected breach.
With eScan’s proactive protection we assure that business continuity won’t be affected and a threat as severe as the Maze attack can be rendered ineffective.
To read more, please check eScan Blog
