![]() They are very active on social media sites such as Twitter. ![]() ![]() The developers have inserted messages to provoke malware researchers, including the email address of Lawrence Abrams, owner of “BleepingComputer”, who they contacted directly. This report covers these protections and the behavior of the malware in an infected system. ![]() The malware is hard programmed with some tricks to prevent reversing of it and to make static analysis more difficult. The exploit kits used most often were Fallout and Spelevo. These emails came with a Word attachment that was using macros to run the malware in the system. Historically, the malware has used different techniques to gain entry, mainly using exploits kits, remote desktop connections with weak passwords or via email impersonation or, as in the Italian case, via different agencies or companies, i.e. On the 29th of October a campaign distributing the Maze malware to Italian users was detected. It was highlighted last year how ransomware would head in this direction to obtain money from victims who may be reluctant to pay for decryption. This is a behavior increasingly observed in new ransomware, such as Sodinokibi, Nemty, Clop and others. Even though the company sued, the damage was already done. This threat has not been an idle one as the files of one company were indeed released on the Internet. However, the most important characteristic of Maze is the threat that the malware authors give to the victims that, if they do not pay, they will release the information on the Internet. The main goal of the ransomware is to crypt all files that it can in an infected system and then demand a ransom to recover the files. The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |