Sign In with your
Trend Micro Account
需要協助?
需要協助?

若您需要技術支援,請 按此建立案件。

Maze Ransomware Attack on a US IT Firm

    • 更新於:
    • 20 Apr 2020
    • 產品/版本:
    • Apex Central All
    • Apex One (Mac)
    • Apex One All
    • Apex One as a Service
    • ARM For Interscan Web Security All
    • Cisco CSC Security Services Module All
    • Cisco Protectlink
    • Cloud App Encryption For Office 365 All
    • Cloud App Security
    • Cloud App Security For Office 365 All
    • Cloud Edge All
    • Cloud One - Application Security All
    • Cloud One - Workload Security All
    • Control Manager All
    • Control Manager As A Service All
    • Core Protection Module - ESP All
    • Core Protection Module For MAC All
    • Damage Cleanup Services
    • Data Loss Prevention Endpoint All
    • Data Loss Prevention Network Monitor All
    • Deep Discovery Advisor All
    • Deep Discovery Analyzer All
    • Deep Discovery App for Splunk All
    • Deep Discovery Director All
    • Deep Discovery Email Inspector All
    • Deep Discovery Inspector
    • Deep Discovery Web Inspector All
    • Deep Edge
    • Deep Security All
    • Deep Security API
    • Deep Security As A Service
    • Deep Security AWS Marketplace AMI
    • Deep Security Azure Marketplace
    • Deep Security For Web Apps All
    • Deep Security Smart Check
    • Deep Security Smart Check
    • Email Encryption Gateway
    • Email Encryption Hosted All
    • Email Reputation Services All
    • EMSP-SP White Label All
    • Encryption for Email All
    • Endpoint Application Control All
    • Endpoint Encryption - Data Armor All
    • Endpoint Encryption - Key Armor All
    • Endpoint Encryption 6.0
    • Endpoint Encryption All
    • Endpoint Encryption All
    • Endpoint Security Platform All
    • Generic Product
    • Highly Scalable Anti-Spam Solution
    • Hosted Email Security All
    • Hosted Mobile Security All
    • Housecall
    • Housecall Hosted Edition All
    • Information Center All
    • Instant Messaging Security All
    • Interscan Antivirus For Sendmail
    • Interscan Gateway Security Appliance All
    • Interscan Messaging Security Appliance All
    • InterScan Messaging Security Suite All
    • Interscan Messaging Security Virtual Appliance All
    • Interscan Messaging Security Virtual Appliance All
    • Interscan Viruswall Standard Edition All
    • Interscan Web Manager
    • Interscan Web Manager
    • Interscan Web Manager Lite
    • Interscan Web Security as a Service - Hybrid
    • Interscan Web Security Hybrid All
    • Interscan Web Security Suite All
    • Interscan Web Security Virtual Appliance All
    • InterScan WebManager SCC
    • Interscan Webprotect
    • Intrusion Defense Firewall
    • Intrusion Defense Firewall All
    • Licensing Management Platform All
    • Licensing Management Platform All
    • Machine Learning Assessment Tool All
    • Managed Detection & Response
    • Mobile Security For Android All
    • Mobile Security For Enterprise All
    • Mobile Security For Ios
    • Mobile Security For Ios All
    • Network Viruswall All
    • OfficeScan All
    • Policy Manager All
    • Portable Security All
    • Portalprotect All
    • Remote Manager All
    • Safe Lock All
    • Safesync For Enterprise All
    • Safesync For XSP All
    • ScanMail for Exchange All
    • Scanmail for IBM Domino All
    • Securecloud As A Service All
    • Securecloud On-Premise All
    • Security for Mac All
    • Security For NAS All
    • ServerProtect All
    • Smart Protection Complete All
    • Smart Protection For Endpoints All
    • Smart Protection Server All
    • Threat Discovery Appliance All
    • Threat Intelligence Manager All
    • Threat Investigation Center All
    • Threat Management Agent All
    • Threat Mitigator All
    • TippingPoint 1500SSL
    • TippingPoint Accessories
    • Tippingpoint Advanced Threat Protection Analyzer
    • Tippingpoint Advanced Threat Protection Analyzer
    • Tippingpoint Advanced Threat Protection for Email
    • TippingPoint Advanced Threat Protection for Networks All
    • TippingPoint CoreController All
    • TippingPoint Digital Vaccine
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint Network Protection (AWS) All
    • TippingPoint NGFW All
    • TippingPoint SecBlade All
    • TippingPoint SMS All
    • TippingPoint SMS All
    • TippingPoint Splunk App All
    • TippingPoint Threat Management Center
    • TippingPoint ThreatDV
    • TippingPoint TPS All
    • TippingPoint TX-Series All
    • TippingPoint Virtual SMS
    • TippingPoint Virtual TPS All
    • Titanium Internet Security For Mac All
    • Titanium Maximum Security All
    • Trend Micro Email Security All
    • Trend Micro Endpoint Sensor All
    • Trend Micro IoT Security
    • Trend Micro Web Security All
    • TXOne - EdgeFire
    • TXOne - EdgeIPS
    • TXOne - EdgeIPS
    • TXOne - ODC All
    • USB Security
    • Virtual Desktop Infrastructure All
    • Virusbuster Cloud
    • Vsapi Virus Scan Engine All
    • Vsapi Virus Scan Engine All
    • Vsapi Virus Scan Engine All
    • Vulnerability Management Services All
    • Vulnerability Protection All
    • Web Security For Yamaha Router
    • Worry Free Services for Dell All
    • Worry-Free Business Security Advanced All
    • Worry-Free Business Security Services All
    • Worry-Free Business Security Standard All
    • Worry-Free Plug-In - Security For MAC All
    • Worry-Free Remote Manager All
    • 作業系統:
    • N/A
概要

Maze Ransomware has impacted one of the biggest IT firms based in US.

Maze Ransomware: Distributed in late December 2019, the warning indicates that the Bureau first observed the ransomware being wielded against U.S. victims last November. Upon successfully breaching the network, threat actors exfiltrate company files before encrypting machines and network shares. The actors then demand a target-specific ransom in exchange for the decryption key.

Impacted Region:

  • US as of 4/19/2020 7:55PM GMT+8
詳情
Public

Actions Taken

  • Malware Sourcing
  • Testing samples against Trend Micro Detections
  • Trend Micro Technical Support and Core Technology Team collaboration for sourcing, monitoring and intelligence gathering

Solutions Available

Solution ModulesSolution AvailablePattern BranchRelease DateDetection/Policy/Rules
URL ProtectionYesIn the CloudMalware Accomplice, Disease Vector, Ransomware
Predictive Learning (TrendX)TROJ.Win32.TRX.XXPE50FFF034
Ransom.Win32.TRX.XXPE50FFF034
BKDR.Win32.TRX.XXPE50FFF034
File detection (VSAPI/Smart Scan) and Advanced Threat Scan Engine (ATSE)15.529.0010/12/2019Ransom.Win32.MAZE.H
Ransom.Win32.MAZE.THKBIAI
Ransom_Gen.R011C0PKA19
Ransom_Maze.R002C0DC720
Ransom_Instructions.R002C0PCK20
Ransom.Win32.MAZE.THJBBAI
Ransom.Win32.MAZE.SMDA
TROJ_GEN.USMGAHAL
Ransom.Win32.MAZE.G
Ransom.Win32.MAZE.C
Ransom_Mazedec.R002C0DDE20
Trojan.Win32.SMOKELOAD.SMD2.hp
Ransom.Win32.MAZE.AC
TROJ_GEN.R002C0DDE20
Behavioral Monitoring (AEGIS)2015Q_CQ, RAN2455T TMTD policies
Access Document Control (ADC) Supported
Sandbox SolutionVAN_RANSOMARE.UMXX
Deep Discovery Inspector RuleRule 1043 RANSOM HTTP REQUEST
TippingPoint37302: HTTP: Ransomware.Win32.Maze.A
Deep Security1007596 - Identified Suspicious File Extension Rename Activity Over Network Share
1007598 - Identified Suspicious Rename Activity Over Network Share
 
Refer to this file for the IOC list.
 

Recommendation

Make sure to always use the latest pattern available to detect the old and new variants of Maze ransomware.

Related Blogs and Articles

TrendMicro Virus Encyclopedia

Premium
Internal
Partner
評價:
分類:
Remove a Malware / Virus
解決方案ID:
000250200
評定這個解決方案
本文是否幫助解決您的問題?

感謝您的意見!

請留下您的Email方便進一步的聯繫,協助我們改進文章內容:
我們不會透過以上Email寄送任何可能騷擾您的垃圾信.

本意見調查系統為自動運作,將不會回覆如銷售、技術、產品等一般問題.

若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.