Sign in or Create an account to bookmark this page
Click here to bookmark this page
Click here to remove bookmark
Sign in or Create an account to bookmark this page
Click here to bookmark this page
Click here to remove bookmark
With the recent attack on a Fortune 500 IT service provider, Maze ransomware is back in the news. Kroll incident response (IR) practitioners worked on multiple Maze ransomware cases during the first quarter of 2020 and have new insights on the tactics, techniques and procedures (TTPs) of these actors and why organizations should revisit their IR plans.
In our work with one client, Kroll had access to a discussion with Maze actors that revealed some of their inner workings. Coupled with the new FAQ document that Maze recently posted on their “shaming” site, it becomes apparent these threat actors are leaving nothing to chance when pressuring victims to pay up quickly. Organizations should heed some of the claims and threatened reprisals for nonpayment as they provide direction for updates to existing incident response plans in the event of such attacks. Consider a few of their claims and threats:
As these examples of recent Kroll case work show, no industry sector is safe and actors hunt for data that can inflict the most reputational and regulatory damage.
According to Coveware, a ransomware recovery first responder, Maze initial ransomware demands are close to USD 2.3 million, second only to those demanded for Ryuk ransomware. The average final ransom amount is closer to USD 1 mn after negotiation, indicating a roughly 55% discount through negotiation.
Kroll has shared numerous best practices on how to avoid becoming a victim of ransomware. Likewise, we have described what to do first if an attack does succeed.
A new concern for organizations, however, is that the Maze ransomware operators have intensely compressed the decision making process. Organizations in the past could somewhat control how and when to disclose the details of a suspected data breach. In many cases, organizations need time to ascertain the true extent of a reportable data breach and implement support mechanisms to meet the needs of affected consumers.
Now, with ransomware actors reaching out directly to an organization’s customers, the media and regulatory agencies, victim organizations must be prepared to act decisively and immediately.
As Kroll’s casework has proved, every organization can be a target for ransomware cybercriminals. Kroll has developed a Ransomware Preparedness Assessment that can help your organization better understand your unique vulnerabilities and how to avoid or mitigate ransomware harms. Call us today to learn more.
Global, end-to-end cyber risk solutions.
Compliant notifications, reputation-saving remediation, and litigation support.
Services to help teams safeguard information assets while supporting business operations.
Services include drafting communications, full-service mailing, alternate notifications.
Proactively monitor, detect and respond to threats virtually anywhere – on endpoints and throughout the surface, deep and dark web.