A new variant of the Maze Ransomware, also known as ChaCha, has been detected being distributed via the Fallout exploit kit. The interesting difference behind the new Maze is that it changes the ransom amount depending on what the computer system the victim is using. The ransomware is deployed through malicious websites pretending to be cryptocurrency trading sites. The Maze Ransomware uses a very complicated encryption process just like so many other viruses. The interesting difference with this version is that it attempts to detect whether the victim is using a home computer, workstation, domain controller, or server and adjusts its ransomware accordingly. When the victim is successfully infected, the Maze Ransomware displays a wallpaper on the victim’s screen with instructions and what type of system the victim is using.
Analyst Notes
It cannot be stressed enough how important it is to have secure backups of the user’s files. Quality backups are the first line of defense for any ransomware. Users can simply delete all encrypted files and replace them with the backups. Never open attachments if the sender is unknown. It is also advisable to have tools available to scan attachments prior to being opened.
