Maze ransomware encrypts 245 computers of a Canadian insurance company

Maze ransomware affects Canadian insurance company and its computer network

Maze ransomware encrypts 245 computers of a Canadian insurance companyMaze ransomware found guilty for attacking Andrew Agencies in Canada

Ransomware attacks do not seem to be stopping for now. Malicious actors have been looking for reliable companies that hold big packages of data and could pay a huge ransom price. This time, Maze ransomware developers have shown their power by launching an attempt on a Canadian insurance firm Andrew Agencies[1] and encrypted around 245 computer systems.[2]

The attack was performed on October 21st this year and related to encrypting 63 terabytes of data that is equal to 63 000 GB of information. The data that was targeted belonged to approximately 900 clients from the insurance company and also included the coded passwords of the people's online accounts.

The demanded ransom went up to 150 in Bitcoins

According to cybersecurity news reports, Maze ransomware owners urged for a ransom price of 150 BTC that equals $1.1 million. The malicious actors had a negotiation with Andrew Agencies and came to the conclusion that the money will be transferred until the end of November this year.

However, the vice president of Andrew Agencies, Dave Schioler, claims that the company refused to pay the demanded price after all. The firm believes that they provide enough security for protecting private data and claim that there was no evidence been found that any type of sensitive data was stolen or lost even though Maze ransomware developers claim that they have managed to steal 1.5 GB information involving the clients:

We also wish to emphasize that as a result of our investigation, we have uncovered no evidence of sensitive personal information or data being stolen or otherwise compromised.

A view on Maze ransomware itself

Maze ransomware[3] is a file-encrypting malware that is related to another cyber threat known as ChaCha ransomware. This parasite uses the RSA-2048 encryption cipher[4] to lock up all files and documents that are found on the infected Windows computer system. The appendix that is added to each blocked component consists of several random letters/numbers and a file market that is 0x66116166.

Afterward, the criminals encourage to write them via filedecryptor@nuke.africa to discuss all the matters regarding the ransom price. Besides encrypting valuable data and demanding a ransom, Maze ransomware might damage the Windows hosts file to prevent the users from accessing various security-related websites where the users might get useful information towards the virus's removal process and data recovery solutions.

Maze ransomware also has an interesting distribution method. The criminals drop phishing email messages to ransom users and pretend to be from reliable government institutions, agencies, and various companies in order to create a look of legitimacy. Even though this ransomware virus was used to target Italia by pretending to be from the Revenue Agency or Agenzia Delle Entrate, the developers currently see, to have decided to change their target and infect a bigger country such as Canada. Additionally, a week ago security resources reported that Maze ransomware also targeted Pensacola city that is located in Florida.[5]

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References
Files
Software
Compare