The document discusses the Maze ransomware and why it needs to be taken seriously. Maze encrypts victims' files and demands ransom payments, but unlike previous variants, it follows through on threats to publicly release stolen data if ransoms are not paid. Maze first appeared in 2019 and has been on a rampant attack spree against vulnerable businesses. It uses exploit kits and weak passwords to spread across corporate networks, encrypting and exfiltrating data in a two-pronged data breach and ransomware attack. The document warns that if ransoms are unpaid, attackers may release details of breaches, sell stolen information, inform stock exchanges and clients of hacks.

1. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 1
Tackling the maze ransomware attack with security testing

2. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 2
Introduction
It can be unanimously and globally agreed upon that this has not been a good year. While the world is focused
on a virus that has caused a health crisis, a computer virus is sneaking around and wreaking havoc
into our socially-distanced lives.
Digital technologies have played the central role in keeping things as normal as possible, allowing businesses to
achieve continuity in their operations. However, several incidents have been reported where malicious
elements hacked into the online systems and compromised the privacy, security, and integrity of the digital
solutions.
A ransomware attack early this year against the City of New Orleans government cost the city $7 million. As per
a report, ransomware attacks are causing businesses more than $75 billion every year and it is expected that by
2021, it will cost $6 trillion annually as a new business will fall victim to a ransomware attack every 11 seconds.
To the very least, these numbers are concerning and paint an ugly picture of the security status of organizations
across the globe.

3. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 3
What is Maze Ransomware and why do we need to take it seriously?
Like its predecessors, Maze too encrypts the victim’s files and asks for a ransom payment in exchange of
restoring the data. However, what distinguishes Maze from the early variants is that it follows through on its
threat of releasing the stolen data publicly. Earlier known as the ChaCha Ransomware, Maze claimed its first
victim in May 2019 and is still on a rampant spree of attacking vulnerable businesses. The malware uses
exploit kits, spam emails, and remote desktop connections with weak passwords to gain entry into a system.
Once the malware is in, it laterally spreads across a corporate network and affects all the systems present in
that network. It not only infects and encrypts the data but also steals the information by exfiltrating it to the
servers controlled by the attackers. This means that an infiltration by the Maze malware is a two-way attack –
a data breach and a ransomware attack.

4. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 4
Further, if the ransom is not paid, the attackers behind the Maze ransomware threaten to:
• Release public details of the security breach and inform the media
• Sell stolen information with commercial value on the dark market
• Tell any stock exchanges on which the victim company might be listed about the hack and the loss of sensitive
information
• Use stolen information to attack clients and partners as well as inform them that the company was hacked.
Read Full Blog at: https://www.cigniti.com/blog/maze-ransomware-prevention-security-testing/

5. www.cigniti.com | Unsolicited Distribution is Restricted. Copyright © 2017 - 18, Cigniti Technologies 5