Maze ransomware made headlines when it targeted IT services firm Cognizant in April. Incident response experts who investigated this and previous Maze attacks report new insights on ransomware tactics that could make it harder for businesses to defend themselves.
In working with a client, Kroll incident response experts gained access to a discussion with Maze ransomware operators who revealed some of the group's inner workings. This, combined with a new FAQ file Maze published on its "shaming" website, gives analysts the impression that Maze operators "are leaving nothing to chance" when pressuring victim organizations to pay quickly.
Laurie Iacono, vice president with Kroll's Cyber Risk team, started looking into Maze toward the end of 2019 when it launched the shaming website. "As early as January of 2020, they really started focusing on that shaming site, and they were the first ones to put up a shaming site like that," she explains. The purpose of the website was to share victims' names and stolen data. The longer it takes businesses to pay Maze ransom, the more information the group publishes.
"You have so long to pay the ransom or you get on the site," Iacono says. As she continued to check the site in early 2020, she noticed frequent changes to make it more user-friendly. Maze used it as a platform to share who their victims were as well as to post group communications. "We're almost seeing them become more transparent about what they're doing, which is interesting to see in the ransomware operator's world," she adds.
Still, this doesn't mean the group will stick with its statements. In mid-March, as the coronavirus began to ramp up across t ..
Support the originator by clicking the read the rest link below.
