Malicious agents use Maze ransomware executives and target users from Italy.
According to the discovery of security researcher JAMESWT, the malicious campaign targets users in Italy via emails purported to come from Agenzia delle Entrate or the Italian Revenue Service. The text of the message informs the recipients that they must begin to comply with the new guidelines issued by the Agency. The e-mail includes an attachment called "VERDI.doc" which describes, as the text claims, these new guidelines.
Once the user open the file "VERDI.doc" is informed that its content is encrypted with the RSA encryption algorithm and that will need to "Enable Content" to see the new instructions. Users who agree, unknowingly execute a built-in macro that downloads a Maze executable to device their.
Maze is a relatively new threat that has so far attracted the attention of the community security, due to various holding kits for distribution. In July for example, h Cisco Talos discovered attackers using the Fallout exploit kit to transmit ransomware. It was only a few months later, when Bleeping Computer discovered a campaign in which the Spelevo operating kit used a defect in Flash Player to distribute the Maze.
In a more recent attack, the ransomware encrypted him computer of the recipient and changed the desktop background by displaying a ransom note. This message asked the victim to visit the payment site to purchase an encryption key.
In its analysis, Bleeping Computer found that Maze operators demanded 1.200 dollars as a ransom.
There is no way for Maze victims to retrieve their files for free right now, so you should always be cautious with the emails you receive, even if they appear to come from known organizations or companies and may not be responded to or opened which they may contain.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.