U.S. companies are facing a type ransomware assault where the attacker poses as a government agency, then steals data and then encrypts it to further extort victims, FBI officials said.
The FBI is calling for vigilance to combat the Maze ransomware, which the bureau said began hitting U.S. organizations in November, according to CyberScoop, which obtained a copy of the alert sent to businesses in late December.
“From its initial observation, Maze used multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors,” the advisory said.
“In a late November 2019 attack, Maze actors threatened to publicly release confidential and sensitive files from a U.S.-based victim in an effort to ensure ransom payment,” the advisory said.
Maze is one example of ransomware to hit the industry, which leaves companies in the manufacturing industry at a loggerhead because of the extensive nature it takes to patch.
Maze caught the attention of security researchers last fall, when it was used in a scheme to dupe people in the U.S., Italy, and Germany into installing malware on their computers. Last month, Maze attackers gained more notoriety when they published data supposedly stolen from the City of Pensacola, Florida, to pressure the city into paying a ransom.
FBI “Flash”— a document the bureau periodically sends to U.S. companies to alert them to hacking activity — offers technical indicators to detect Maze ransomware and asks victims to provide information that could help track the hackers. The bureau requests things like bitcoin wallets used by the hackers and the complete phishing email they sent to the victim.
The request for victim data related to Maze aligns with a new FBI offensive against ransomware that taps a wealth of data held by corporate victims.