Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.

Wednesday, October 14, 2020

Maze and other ransomware groups are on the loose in SEA —Kaspersky

10/11/2020 10:58:02 PM

Ransomware is still on the loose in Southeast Asia, all despite the region's full emergence on using digitalization. 

While Kaspersky has revealed that nearly 8-of-10 people are currently working from home, it has been known that cybercriminals have added blackmailing to their arsenal to ensure that their victims will pay the ransomware. 

Through a virtual media conference with select members of the press in SEA, Vitaly Kamluk, director for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky, has confirmed the presence of top ransomware groups in the region targeting the following industries:
  • State enterprise
  • Aerospace and engineering
  • Manufacturing and trading steel sheet
  • Beverage company
  • Palm products
  • Hotel and accommodation services
  • IT services

The cybersecurity company has cited the Maze family as the most notorious of them all recently, for they have leaked the data of their victims’ who refused to pay the ransom — more than once. They leaked 700MB of internal data online back in November 2019 with an additional warning that the published documents are just 10% of the data they were able to steal. Adding insult to injury is the website that shows the blow-by-blow account of their attacks (date of infection, amount of data stolen, names of servers, etc.) as well as the details of their victims.

However, back in January, the cybercriminal gang was involved in a lawsuit with a cable maker company, which prompted the website to be shut down.

The attack process being used by this group is simple. They will infiltrate the system, haunt for the most sensitive data, and then upload them to their cloud storage. After that, these will be encrypted with RSA. A ransom will be demanded based on the size of the company and the volume of the data stolen. This group will then publish the details on their blog and even make anonymous tips to journalists.

“We are monitoring an uptick on Maze detections globally, even against a few companies in Southeast Asia, which means this trend is currently gaining momentum,” said Kamluk. “While the public shaming part of the attack adds to the pressure of bowing to the demands of these cybercriminals, I strongly advise companies and organizations not to pay the ransom and to involve law enforcement agencies and experts during such scenarios. Remember that it is also better to have your data backed up, your cybersecurity defenses in place, to avoid falling victims to these malicious actors.”

To remain protected against these threats, Kamluk suggests enterprises and organizations to:
  • Stay ahead of your enemy: make backups, simulate attacks, prepare an action plan for disaster recovery.
  • Deploy sensors everywhere: monitor software activity on endpoints, record traffic, check hardware integrity.
  • Never follow the demands of the criminals. Do not fight alone - contact Law Enforcement, CERT, security vendors like Kaspersky.
  • Train your staff while they work remotely: digital forensics, basic malware analysis, PR crisis management.
  • Follow the latest trends via premium threat intelligence subscriptions, like Kaspersky APT Intelligence Service.
  • Know your enemy: identify new undetected malware on-premises with Kaspersky Threat Attribution Engine.
Author: slickmaster | © 2020 The SlickMaster's Files

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!