MAZE Ransomware: The Triple Threat to Your Data Security

Ransomware has become a favored tool among hacking groups to target companies of all sizes, as seen in the recent compromise of Cognizant and some of its clients by the MAZE ransomware strain. At first glance, this might seem like just another ransomware attack in a long line of incidents affecting businesses, government entities, and non-profits. However, MAZE is not just another ransomware. It represents a triple threat to your data security.

The Unique Threat of MAZE Ransomware

MAZE ransomware is particularly dangerous because it doesn’t just encrypt your data; it also threatens to expose and alter it. Here’s how it poses a triple threat:

Availability: Like traditional ransomware, MAZE encrypts your data, making it unavailable until you pay the ransom.
Confidentiality: If you refuse to pay the ransom, MAZE exports your data and releases it to the public, jeopardizing your data’s confidentiality.
Integrity: The hackers can also alter your data, damaging its integrity and leaving you unsure about the accuracy of your information.

Traditional Ransomware Statistics from 2019

Traditional ransomware attacks, which primarily target data availability, have already caused significant damage. According to Heimdal Security, here are some statistics from 2019:

Two-thirds of ransomware attacks targeted state and local governments.
55% of small and medium-sized businesses (SMBs) in the US would pay hackers to recover their stolen data.
Over 500 US schools were affected by ransomware attacks in 2019.
In the third quarter of 2019, the average ransomware payout increased to $41,000.

Why MAZE Ransomware is Far Worse

MAZE ransomware puts all three data protection principles at risk: availability, confidentiality, and integrity. While a solid backup strategy can help most companies recover from a ransomware attack, MAZE’s ability to export and release your data publicly adds a new layer of complexity and danger.

Confidential Data Breaches: A Harder Fix

MAZE exports your data to the internet, enabling hackers to release it to the public. This not only breaches confidentiality but also raises questions about data integrity. Can we be certain that the data published online is correct and true? MAZE represents a triple threat to company data, making it a particularly nasty form of ransomware.

Should SMBs Worry About MAZE Ransomware?

Absolutely. Hackers usually take the easiest path to compromising target companies. If they find a VPN that isn’t set up for two-factor authentication, they can exploit this by finding an employee password on the dark web and simply logging in to plant the MAZE ransomware in your environment. If that’s not possible, they’ll send convincing phishing attacks.

Protecting Your Business

To reduce your risks to MAZE and other online threats, follow these cybersecurity best practices:

Govern employees with policies and procedures, including a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP).
Train employees on how to spot and avoid phishing attacks. Use a Learning Management System like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
Test employees with phishing attacks to practice. CyberHoot’s phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
Deploy critical cybersecurity technology, including two-factor authentication on all critical accounts, email SPAM filtering, validated backups, DNS protections, antivirus, and anti-malware on all your endpoints.
In the modern work-from-home era, ensure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc.) or prohibiting their use entirely.
Buy cyber-insurance to protect you in a catastrophic failure situation. Cyber-insurance is no different from car, fire, flood, or life insurance. It’s there when you need it most.