Maze Ransomware has impacted one of the biggest IT firms based in US.
Maze Ransomware: Distributed in late December 2019, the warning indicates that the Bureau first observed the ransomware being wielded against U.S. victims last November. Upon successfully breaching the network, threat actors exfiltrate company files before encrypting machines and network shares. The actors then demand a target-specific ransom in exchange for the decryption key.
- US as of 4/19/2020 7:55PM GMT+8
- Malware Sourcing
- Testing samples against Trend Micro Detections
- Trend Micro Technical Support and Core Technology Team collaboration for sourcing, monitoring and intelligence gathering
|Solution Modules||Solution Available||Pattern Branch||Release Date||Detection/Policy/Rules|
|URL Protection||Yes||In the Cloud||Malware Accomplice, Disease Vector, Ransomware|
|Predictive Learning (TrendX)||TROJ.Win32.TRX.XXPE50FFF034|
|File detection (VSAPI/Smart Scan) and Advanced Threat Scan Engine (ATSE)||15.529.00||10/12/2019||Ransom.Win32.MAZE.H|
|Behavioral Monitoring (AEGIS)||2015Q_CQ, RAN2455T TMTD policies|
|Access Document Control (ADC) Supported|
|Deep Discovery Inspector Rule||Rule 1043 RANSOM HTTP REQUEST|
|TippingPoint||37302: HTTP: Ransomware.Win32.Maze.A|
|Deep Security||1007596 - Identified Suspicious File Extension Rename Activity Over Network Share|
|1007598 - Identified Suspicious Rename Activity Over Network Share|
Make sure to always use the latest pattern available to detect the old and new variants of Maze ransomware.
- Refer to the KB article: Recommendations on how to best protect your network using Trend Micro products.
- You may also check the article: Submitting suspicious or undetected virus for file analysis to Technical Support.
- For support assistance, contact Trend Micro Technical Support.