The hostage program Maze Ransomware shows that it is possible for attackers to hide in the network, without the victim knowing about it.
After the attack, attackers may be left - hidden in the network
Hostage ransomware is a constant threat to corporate assets. Attackers make great efforts to succeed in reaching their target. Therefore, these attacks can be spread over time, from a day up to a month or more. Often, the attacker gains access to the victim's device through downloaded malware (malware), exploitation of any VPN application vulnerability, or vulnerable remote desktop services. After the attacker gains access to the device, special programs are used to collect login information and then enable the attackers to access the network. These credentials are then used to steal unencrypted data before deploying hostage programs.
After the hostage program has been deployed and the network is compromised, at first glance, the attackers may think that the attackers are ready with their mission. Unfortunately, it is not guaranteed. The hostage program Maze Ransomware was recently discovered showing that it is possible for attackers to maintain access to the victim's network and then stealthily steal data after the situation appears to be under control for the victim's company.
How to act if the company is affected by hostage programs
If the company is affected by hostage programs, it is critical to act early. CYPRO recommends that you as a company quickly follow the following steps:
Start by turning off all computers and assets on the network. This is to prevent attackers from gaining even more control over assets than they already have at the time of shutdown.
Thereafter, a separate security company should be given the opportunity to conduct a thorough forensic investigation. A forensic investigation is crucial in finding all the devices that are infected in the network and possibly finding out how it went.
Finally, it is recommended that another IT security company, such as CYPRO, help you protect your assets before the next attack occurs.
How is the security mindset to protect your company's assets?
CYPRO offers several different security solutions. click here to book a free consultation.
By Ludwig Wideskär, CYPRO