Community
User Guides
Support
Community
Help Forums
English Forum
General
About our Community
General Discussion
News and Feedback
Products
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Beta programs
Feature Requests
Finnish Forum (Tukifoorumi)
Tuotteet Kotiin
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Muut tietoturvatuotteet
Support Articles
Language
English
Suomi
Deutsch
Français
日本語
Svenska
Dansk
Italiano
Nederlands
Norsk
Polski
中文 (繁體)
Products & Services
F-Secure TOTAL
F-Secure SAFE / Internet Security / Anti-Virus
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Common topics
User Guides
Support
Login
|
Register
Am I protected against Maze, a new ransomware spreading with a hoax Coronavirus document? - F-Secure Community
<main> <article class="userContent"> <h3 data-version="2" data-article="000022435" data-id="issue">Issue:</h3> <p>The security company CSIS has informed us that there is a brand new ransomware out now in the 'Maze' family, which takes advantage of the Corona virus fear, and the hackers are approaching users through emails with a new cure for COVID-19. If the document is opened and a macro is allowed / executed, a powershell script will be run which will fetch a dropper with 'Maze' at various http addresses.<br><br>Are are we protected from this new threat?</p> <h3 data-id="resolution">Resolution:</h3> <p>Our security products can help in a few stages to prevent the ransomware attack. Firstly, we have a generic detection on documents file containing malicious macro to stop the infection vector. If the documents can somehow still sneak under the radar, our DeepGuard engine can detect suspicious behaviour of the document executing Powershell script and block the attempts of the script execution. Additionally, our ongoing effort to block malicious URL related to malware attacks can also prevent the ransomware to fetch the dropper/next stages. Lastly, we also have coverage on the Maze ransomware IOCs found/reported and they should be detected with our antivirus engine.</p> <p>Article no: 000022435</p> </article> </main>