How does Maze software work?
Maze is ransomware, a type of malware that blocks computers and the information on them until a ransom is paid.
Ransomware often spreads as a result of human error. Cybercriminals target employees and send them a file in a personalized email, using a fake harmless address. " It is very easy for unsuspecting users to fall into the trap, " says Benoît Grunemwald, cybersecurity expert at ESET France. Clicking on the attachment will allow hackers to enter the target company's computer system.
Once this door is pushed, hackers must analyze the network topography, find where sensitive data is stored, exfiltrate it without being detected, then encrypt it, before demanding that the company pay a ransom to recover his data.
What is the history of this ransomware?
Spotted by cybersecurity specialists in May 2019, Maze has since carried out several large-scale cyberattacks. In December, they announced in particular that they had stolen data from the American cable company Southwire. The latter refusing to pay the ransom of six million dollars, the hackers published in January all the stolen data, still available on their site. The American city of Pensacola or the security company Allied Universal were also victims of the same software in late 2019.
On January 30, the ransomware made it possible to hack sensitive data from Bouygues Construction. This attack caused his entire computer system to shutdown. Cybercriminals demanded a ten million dollar ransom.
" The high amounts required combined with the risk of disclosure of internal data make it the ransomware with the greatest potential impact on businesses and institutions, " noted the National Agency for Information Systems Security (Anssi), in a recent report.
Who are the people responsible for the cyber attacks that use Maze?
" It is very difficult to answer this question with certainty ," warns Benoît Grunemwald, cybersecurity expert at ESET France. Indeed, Maze is ransomware of the "as a service" type, which means that the developers of the malware are not necessarily themselves behind the attack. “ You can be a very good pirate without having a very strong commercial sense. Today, many ransomware developers sell their services to third parties, who know better what profit to make from it, ”continues the cyber expert. Thus, even if we knew the people who developed Maze (which is not the case), we would not necessarily know those responsible for the attacks.
Here is the message that appears on computers infected with Maze ransomware. Maze
How to protect yourself from an attack using Maze?
The first key is to educate users as much as possible. " They must be at the heart of your security policy ," defends the cyber expert. “ There is no point in stacking around thirty cybersecurity solutions if you don't adapt them to your personal situation. It is necessary to identify your needs in order to know the necessary defenses ”. The development of artificial intelligence and the cloud also makes it easier to spot hackers. Defense possibilities are therefore more and more advanced.
According to the latest report from the Information Security and Digital Security Experts Club (Cesin), only four out of ten companies are prepared for large-scale cyberattacks. " Cybersecurity is a process that never ends ," says Benoît Grunemwald.
