With the insidious Maze ransomware, victims can no longer hit “reset” on their backup and recovery systems and ignore the criminal’s demand for cash because the virus exports the victim’s data to the attacker, giving cybercriminals a great deal of leverage, security analysts told CRN.
“Ransomware attacks used to be about encrypting the victim’s data,” said Brett Callow, a threat analyst with Emsisoft, a New Zealand-based maker of anti-malware and anti-virus software. “They now steal a copy of it as well. That trend was started by Maze at the tail end of last year, but multiple other groups have now hopped on that bandwagon. If the victims do not pay, they publish the data.”
Solution provider Cognizant was hit over the weekend by Maze, which not only attacked the $16 billion company, but also some of its customers.