Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Ransomware campaigns are continuing through the COVID-19 period, with notable activity from the Maze ransomware group. The Maze ransomware actors use a variety of techniques to gain access to organizations; once admin privileges are achieved the groups exfiltrates information and deploy the maze ransomware. The potential damage of ransomware is even higher than during standard periods as many businesses cannot switch to manual operations due to the COVID-19 move to remote workforces.
Maze first emerged in late May 2019 and was the first major ransomware group to announce data theft and exposure in cases where the ransom was not paid. Organizations are recommended to take proactive steps to prevent the delivery and spread of ransomware on corporate networks and assets.
What we’re doing about it
What you should do about it
On April 18th, 2020, the IT services firm Cognizant was infected with Maze ransomware . Cognizant employs nearly 300,000 people and has clients in over eighty different countries. At this time, it is unclear what ransom has been demanded or whether any information was ex-filtrated prior to ransomware deployment.
Maze ransomware has historically seen success with various victims ranging from law firms to oil companies. Part of this success is likely due to the varying delivery methods used by the Maze ransomware actors. Past Maze infections have been traced back to exploit kits, unsecured remote desktop connections, impersonation emails and compromised email accounts via malicious Word documents.
For additional technical details relating to Maze ransomware, see the report Ransomware Maze by Alexandre Mundo .