Threat Level: HIGH
‘Maze’ ransomware, previously identified as “Chacha ransomware” first appeared in May 2019. The sole purpose of the ransomware is to encrypt the files and then demand a ransom to recover the files. Unlike other ransomware ‘Maze’ will release collected data on the public domain if the ransom is not paid.
Figure: Map of Maze Infection
‘Maze’ is mainly exploiting remote desktop connections with weak passwords or through email impersonations. Normally these emails are attached with a macro enabled word document and the macro is utilized to run the malware.
List of file extensions that the malware ignores are: .LNK, .EXE, .SYS, .DLL and after encrypting all the files, the victims’ desktop will change as shown below;
Screenshot of Maze ransomware infected Windows PC
- Loss of important files and documents of your company’s data
- May result in a complete shutdown of your company’s operations
- Financial loss
- Damaged to your company’s reputation
- Implement proper backup policies and adhere to them strictly
- Never pay the ransom
- Have offline backups of important files
- Update and install latest security patches on installed 3 party software
- Keep your virus guard and operating system up to date
The information provided herein is on "as is" basis, without warranty of any kind.
Source: Sri Lanka CERT