Through a virtual media conference with select journalists in SEA, Vitaly Kamluk, director for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky, revealed how cybercriminals have added blackmailing on their arsenal to ensure that their victims will pay ransomware. He also confirmed the presence of top ransomware groups in the region targeting the following industries:

  • State enterprise
  • Aerospace and engineering
  • Manufacturing and trading steel sheet
  • Beverage company
  • Palm products
  • Hotel and accommodation services
  • IT services

Among the notorious ransomware families, and is one of the first to conduct such operation, is the Maze family. The group behind Maze ransomware has leaked the data of their victims’ who refused to pay ransom — more than once. They leaked 700MB of internal data online back in November 2019 with an additional warning that the published documents are just 10% of the data they were able to steal.

Aside from this, the group has also created a website where they revealed the identities of their victims as well as the details of the attack – date of infection, amount of data stolen, names of servers, and more.

Maze Ransomware’s Website

Back in January, the group was involved in a lawsuit with a cable maker company. This resulted to the website being shut down.

The attack process being used by this group is simple. They will infiltrate the system, haunt for the most sensitive data, and then upload them to their cloud storage. After that, these will be encrypted with RSA. A ransom will be demanded based on the size of the company and the volume of the data stolen. This group will then publish the details on their blog and even make anonymous tips to journalists

“We are monitoring an uptick on Maze detections globally, even against a few companies in Southeast Asia, which means this trend is currently gaining momentum. While the public shaming part of the attack adds to the pressure of bowing to the demands of these cybercriminals, I strongly advise companies and organisations not to pay ransom and to involve law enforcement agencies and experts during such scenarios. Remember that it is also better to have your data backed up, your cybersecurity defenses in place, to avoid falling victims to these malicious actors,” adds Kamluk.

To remain protected against these threats, Kamluk suggests enterprises and organisations to:

  • Stay ahead of your enemy: make backups, simulate attacks, prepare action plan for disaster recovery.
  • Deploy sensors everywhere: monitor software activity on endpoints, record traffic, check hardware integrity.
  • Never follow demands of the criminals. Do not fight alone – contact Law Enforcement, CERT, security vendors like Kaspersky.
  • Train your staff while they work remotely: digital forensics, basic malware analysis, PR crisis management.
  • Follow the latest trends via premium threat intelligence subscriptions, like Kaspersky APT Intelligence Service.
  • Know your enemy: identify new undetected malware on premises with Kaspersky Threat Attribution Engine.