Last year, the U.S. was targeted with a growing number of ransomware attacks that affected at least 948 government agencies, educational institutions, and healthcare practices. These attacks are estimated to have cost about $7.5 billion. MAZE ransomware, responsible for many of these attacks, was identified in May of 2019. This ransomware is particularly devastating to the public sector, especially because not only did it encrypt email, but it promised to extort the organizations using the data they had acquired.
In a recent webinar titled Navigating the MAZE, Kimberly Goody, Sr. Manager, Mandiant Threat Intelligence and Jeremy Kennelly, Manager, Mandiant Threat Intelligence explored how MAZE ransomware is impacting the public sector and the steps agencies can take to combat these threats. MAZE, Goody explained, is a combination of traditional ransomware attacks that is even more insidious. The bad actors launching these MAZE attacks operate a public-facing website where stolen data is posted from targets that refuse to pay the ransom.
“MAZE is a fully secured ransomware. When it was first discovered the ransomware was typically being distributed as spam campaigns,” she said. The bad actors then move laterally throughout a network encrypting files and asking for ransom and if not met, valuable data that has been exfiltrated is leaked online, she explained.
According to the recent Security Effectiveness Report by FireEye, 68 percent of ransomware attacks go unnoticed. The damage done by unnoticed ransomware attacks is not only costly but potentially hazardous if classified information or citizen data is stolen. To effectively detect and neutralize ransomware threats, agencies must look to technology that is proactive, not just reactive to breaches. MAZE becomes even more difficult to detect with multiple bad actors, said Kennelly. “One actor may distribute multiple ransomware families,” he explained. “Because there are so many bad actors, there isn’t just one playbook that can be followed,” said Goody.
Multiple advanced threats like MAZE ransomware can be neutralized by technology that takes an agency-wide approach, shared Kennelly. Join Goody and Kennelly to learn more about MAZE ransomware, common intrusion vectors, and how MAZE attacks are accessing systems.