The bait is always an attached invoice, an .xlsm file. This, if opened, contacts a link chosen randomly from an internal list that downloads a DLL and infects the PC with malware.
Cybercrime gang behind Maze ransomware published data of other companies that refused to pay the ransoms
Cybercrime gang behind Maze ransomware published data of other companies that refused to pay the ransoms. It did using a public web site, created to expose the victims. “Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!” According to the cyber security experts, at the end of December there were listed 21 organizations. The money requested vary by target, and so far they come up to 300 Bitcoin. Probably, the attacks are made in two stage. In the first one, malicious actors hack into a network and steal data. In the second, they put the malware to encrypt the files. This confirm that people behind those kind of aggressions are skilled and have many tools to accomplish their mission.
The cyber security experts: Malware attacks against companies are becoming data breach and they probably will increase in 2020
What’s happening with Maze authors confirm that ransomware is now becoming data breach. Cybercrime is increasing pressure on malware’s victims to force them to pay. In fact, another group threatened recently to do the same: the “Sodinokibi/rEvil” gang. They posted on a popular Dark Web forum that they also plan to start using stolen files and data as public leverage to get targets to pay the ransoms. Furthermore, some threat actors have told companies that they are familiar with internal organization secrets after reading the files. Thus, cyber security experts launched the warning: those kind of attacks have to be considered and treated as data breach. Moreover, they probably will increase in 2020 thanks to the ever higher success rate. Especially from the psychological point of view.