All these days, those distributing Ragnar Locker Ransomware were seen using virtual machines to administer the file encrypting malware into a corporate network. Now the same is being mimicked by Maze Ransomware group to remain concealed and undetected from anti-malware solutions.
Maze is a malware group that is seen demanding a 6 figure or higher amounts in Bitcoins from its victims. Also, they pressurize the victims by threatening them to publish the stolen data if their ransom demands are not met on time.
Recently, Cybersecurity Firm Sophos has detected that the said ransomware group is copying hiding tactics used by those distributing Ragnar Locker ransomware.
Technically, hackers are seen invading a virtual machine and installing all the components related to the ransomware. They remain undetected by doing so until their objective of encrypting the database is fulfilled.
“Virtual machines are acting as hosts for hackers to launch ransomware attacks”, said Peter McKenzie, Incident Response Manager at Sophos.
McKenzie added that such type of attacks can be blocked by removing access of the virtual machines to unnecessary or unused applications. Applying security patches from time to time can also block hackers from exploiting vulnerabilities to gain access to a network.
Detecting unusual behavior in a network through automated software can also help Cybersecurity professionals spot malware attacks on time, added Peter.
Note- Maze is often seen targeting corporate networks by using exposed RDP endpoints.