Is your business currently infected with Maze ransomware?

USA Computer Services has the experience and skills required to restore your data and we can get started right now!

If you are currently infected with Maze, you may see some of the following images on your computers and/or servers:

What is Maze?

Maze is an extremely troubling ransomware attack. Not only is Maze extremely fast, it uses advanced encryption ciphers that are impossible to decrypt without both encryption keys. Maze also copies all of the data to their servers, which means they can decrypt the data, and publish it on the internet and/or dark web. They use this capability to not only hold your data ransom, they use it as a threat. On several occasions they have published confidential company data to try and force companies to pay the ransom amount with the promise they will provide the decryption keys and delete the data on their servers. This is one of the worst variants of ransomware to ever hit the internet, and the frequency of these Maze attacks are showing no signs of slowing down in 2020.

Maze was initially spread via fake websites loaded with exploit kits but Maze is now being spread through several methods including the most recent exploit kits, SPAM, social engineered attacks, and even Remote Desktop Protocols, which with the Covid pandemic, is being used by businesses of all sizes.

While Maze didn't create the encrypt/ransom/extortion type of ransomware, they certainly have perfected it. If you have been infected with Maze, you are not alone. Companies of all sizes are being affected by Maze and here are a few of the more notable businesses: 

Westech International - Responsible for the maintenance of the U.S. arsenal of Minuteman III land-based intercontinental ballistic missiles (ICBM)

City of Pensacola, FL - This attack really put Maze on the map as their ransom amount was $10,000,000 for the decryptor. This is the first known successful ransomware incident where the data was exfiltrated as well as encrypted.

Cognizant - New Jersey headquartered organization is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue.

Pitney Bowes - Mailing and Shipping company suffered the second ransomware attack in a year.

Allied Universal - A California-based security company that has over 200,000 employees.

Threadstone Advisors - New York-based Business merger and Acquisitions firm responsible for several "A" list celebrity business dealings.

Collabera - New Jersey-based IT staffing firm. LG - Massive Electronic manufacturer has data being held hostage by Maze hackers.

Munoz Engineering P.C. – Provides engineering, land surveying and building and construction services, based in New York, USA.

Daily Thermetrics – A US firm providing process engineering industries with precise temperature measurement instrumentation.

John Christner Trucking – A family trucking business based out of Oklahoma.

USA Computer Services has the staff to restore your data, servers, workstations, and your network to get your business back up and running quickly and efficiently.

Call us immediately to get started recovering from Maze today!

704-665-1619

When was Maze first identified?

Maze was first identified in May 2019, and is the most prevalent ransomware strain currently in use today.

How is Maze spread?

Maze is spread through fake/fraudulent website, email and spam, socially engineered attacks, and exploiting RDP (Remote Desktop Protocols).

Did the hackers steal my data before encrypting it?

Yes, this is what makes Maze particularly so dangerous. They have the decryptor, decryption keys, and a copy of all the data they have encrypted. They use this to further strengthen their threats and because of this, their demands for ransom are typically $1,000,000 or more. 

How long will recovery take?

This is always a tough question to answer. Since decryption without paying for the decryptor is not possible, it will depend greatly on the size of your network, the amount of data to be restored, the number of infected systems, and how your data is backed up. Maze infections are generally extremely large and therefore, the time to restore may be extensive. USA Computer Services has the staff available to restore your systems as quickly as possible, so call us today so we can get started evaluating your specific circumstances.

Can my data be recovered using a decryptor or is my data gone forever?

No, unfortunately, there is no publicly available decryptor for Maze. Your data will need to be restored from backups.

These are the typical steps cyber criminals take in a typical ransomware attack

1) Infection

After the ransomware has been delivered to the system via email attachment, phishing email, infected application or other method, the ransomware then installs itself on that endpoint and any/all network devices it can access from that system. This can include mapped network drives, backup storage, servers, databases, and other workstations.

2) Encryption Key Exchange

The ransomware program then contacts the control server operated by the cybercriminals behind the attack, to generate the cryptographic keys to be used on the local system. This is how they are able to decrypt your data once the ransom has been paid. Some ransomware variants use a simple encryption algorithm while others use the same level of encryption the Military and financial institutions use.

3) Encryption of Data

The ransomware starts encrypting any files it can find on local machines and the network. It does this as "quietly" and as quickly as possible. What they are trying to do is get all of your data encrypted before you stop the process.

4) Extortion

With the encryption work done, the ransomware will now display the ransom and instructions for extortion and ransom payment, threatening destruction of data if payment is not made. There is usually a time limit, which if it expires, the decryption key may be deleted, or the price of the ransom may go up.

5) Unlocking or Recovery

Organizations can either pay the ransom and hope for the cybercriminals to actually decrypt the affected files (which in some cases does not happen), or they can attempt recovery by removing infected files and systems from the network and restoring data from clean backups. USA Computer Services never recommends paying the ransom. We have the experience in dealing with various ransomware attacks and there are almost always other alternatives if proper backup and disaster recovery steps were taken prior to the attack.

How to recover from a ransomware attack

1) Isolate

Prevent the infection from spreading by separating the infected computers from each other, shared storage, servers, and the rest of the network.

2) Identify

Identify the ransomware variant from the messages, cyber evidence on the computer, and various cybersecurity tools to determine which ransomware strain you are dealing with. You must quickly identify how the attack occurred and patch/close that security flaw. We may need to patch/update all systems, rebuild firewall configs, change all passwords, etc.

3) Report

Report to the authorities and coordinate measures to counter attack if the FBI or other governing authority requires assistance. You may also be required to notify your clients or customers that you have been a victim of a cybersecurity attack.

4) Create a list of recovery options

There are always a number of ways to deal with the infection and the recovery from the attack. We are here to help you make the best and quickest recovery decisions.

5) Restore

Using the most recent clean backups and program/software sources to restore your network/systems. Due to the disruption, you may need to consider new equipment and the latest software. We would have already identified this in step 4.

6) Prevention

Report on how the infection occurred and what you can do to put measures into place that will prevent it from happening again in the future.

Ransomware is a serious threat to your business.

USA COMPUTER SERVICES is a serious threat to RANSOMWARE!

Contact us now to begin your recovery process from Maze today.

704-665-1619