Tackling the Maze ransomware attack with security testing

Listen on the go!

It can be unanimously and globally agreed upon that this has not been a good year. While the world is focused on a virus that has caused a health crisis, a computer virus is sneaking around and wreaking havoc into our socially-distanced lives.  

Digital technologies have played the central role in keeping things as normal as possible, allowing businesses to achieve continuity in their operations. However, several incidents have been reported where malicious elements hacked into the online systems and compromised the privacy, security, and integrity of the digital solutions.  

A ransomware attack early this year against the City of New Orleans government cost the city $7 million. As per a report, ransomware attacks are causing businesses more than $75 billion every year and it is expected that by 2021, it will cost $6 trillion annually as a new business will fall victim to a ransomware attack every 11 seconds. To the very least, these numbers are concerning and paint an ugly picture of the security status of organizations across the globe. 

In a ransomware attack, the data of an organization or individual is held hostage. The malware encrypts the files and prevents the users from accessing the data on their device until a certain amount of money is paid to the attackers as ransom for decrypting and releasing the information. In the time when data is everything for a business, a ransomware attack can cripple an organization’s operations and negatively impact their ability to perform necessary actions. 

Over the years, we have had to deal with some serious ransomware attacks. Remember WannaCry in 2017? There were over 200,000 victims and 150 countries affected with online transactions stalled and ATMs shut down. Usually, the ransomware attacks would threaten to release the encrypted data to the public in case the compromised entities failed to pay the ransom. But these threats were found to be mostly empty, until Maze. The Maze Ransomware is taking it further up a notch.  

What is Maze Ransomware and why do we need to take it seriously? 

Like its predecessors, Maze too encrypts the victim’s files and asks for a ransom payment in exchange of restoring the data. However, what distinguishes Maze from the early variants is that it follows through on its threat of releasing the stolen data publicly. Earlier known as the ChaCha Ransomware, Maze claimed its first victim in May 2019 and is still on a rampant spree of attacking vulnerable businesses. The malware uses exploit kits, spam emails, and remote desktop connections with weak passwords to gain entry into a system. Once the malware is in, it laterally spreads across a corporate network and affects all the systems present in that network. It not only infects and encrypts the data but also steals the information by exfiltrating it to the servers controlled by the attackers. This means that an infiltration by the Maze malware is a two-way attack – a data breach and a ransomware attack. Further, if the ransom is not paid, the attackers behind the Maze ransomware threaten to: 

  • Release public details of the security breach and inform the media 
  • Sell stolen information with commercial value on the dark market 
  • Tell any stock exchanges on which the victim company might be listed about the hack and the loss of sensitive information 
  • Use stolen information to attack clients and partners as well as inform them that the company was hacked. 

They even have a public-facing website where they list their latest victims along with the links to download the stolen data as a proof of the attack. A Maze ransomware attack not only cause a financial blow, but also shatters the reputation and upstanding of an organization. IT services giants, medical research organizations, professional security services, law firms, and even governments have been a prey to the Maze ransomware. 

The attack puts an organization into a hot soup, with no escape. Once attacked, there is no way that the organization can walk out unaffected and clean. Therefore, the best way to tackle the ransomware is preventing it altogether, which can be done by performing end-to-end security testing. 

Security testing for preventing Maze ransomware attack 

As it has been identified that the Maze ransomware targets popular exploit kits and spam emails for impregnating a system, it is essential that such vulnerabilities are identified and mitigated proactively. Ransomware attacks feed on the weaker nodes and vulnerable sections of the network. The best way to prevent a ransomware attack or any cyberattack for that matter is to completely eliminate these vulnerabilities. To do so, businesses should invest in deep network penetration testing and application security testing. 

By performing end-to-end security testing, an organization can assess vulnerabilities in their IT infrastructure and web applications that may compromise the confidentiality, integrity, and availability (CIA) – the triad of critical and sensitive data. The process also evaluates the effectiveness of controls implemented and identifies whether or not the organizations are prone to any security-related risks to mitigate their potential impact. 

How can we help 

Every software update or release throws open areas of vulnerability within any software application. We assist businesses to ensure that those vulnerabilities are identified and fixed, much before there is any negative impact at all. Cigniti has a dedicated Security Testing Center of Excellence (TCoE) with methodologies, processes, templates, checklists, and guidelines for web application security testing, software penetration testing, network security testing, and cloud-based security testing.  

Based on the proactive vulnerability assessments conducted for sites like PayPal, the CoE has built up a repository of security test cases/checklists and developed capabilities using open source and proprietary security testing tools. Also, our ISO 27001 & ISO 9001 certified processes help ensure we deliver world-class security testing services for our clients to help them stay compliant with the rigors of compliance-driven businesses. Our Security Testing Dashboard consists of a comprehensive report, outlining the vulnerabilities discovered during the cycle along with additional information such as screenshots and reproduction steps to facilitate ease of understanding. The vulnerabilities detected are scored with respect to industry standard CVSS 3.0 framework. 

Consult our team of experienced security testing experts to understand how we can help you prevent and tackle any malicious cyberattack against your organization. Schedule a discussion with us today.