The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of recent ransomware campaigns targeting the aged care and healthcare sectors. Cybercriminals view the aged care and healthcare sectors as lucrative targets for ransomware attacks. This is because of the sensitive personal and medical information they hold, and how critical this information is to maintaining operations and patient care. A significant ransomware attack against a hospital or aged care facility would have a major impact.
The ‘Maze’ ransomware is designed to lock or encrypt an organisation’s valuable information, so that it can no longer be used, and has been observed being used alongside other tools which steal important business information. Cybercriminals may then threaten to post this information online unless a further ransom is paid. This is especially effective in the aged care and healthcare sectors.
Recommendations
If Australian organisations are infected by the Maze ransomware, they should seek assistance in the first instance from the ASD's ACSC via 1300 CYBER1. We encourage reporting cyber security incidents to enable the ASD's ACSC to alert and assist a broader range of organisations, and understand the scope and nature of cyber intrusions.
Read the ASD's ACSC advice on mitigating the threat of ransomware. Keeping software up to date and having current backups stored offline is the best way to protect your organisation from a ransomware attack.
Never pay a ransom demand
We recommend you do not pay the ransom if affected by the Maze ransomware. There is no guarantee paying the ransom will fix your devices, and it could make you vulnerable to further attacks. Restore your files from backup and seek technical advice.
Identify and backup critical information and systems
Backing up and restoring your files offers peace of mind and makes it faster and easier to get up and running again following a ransomware attack.
Keep your systems and software up to date through regular patching
All your personal or business devices including your phone, tablet, computer or laptop use software to run, such as operating systems like Microsoft Windows or Apple MacOS; and antivirus, web browsers or word processors at work. Read more about patching software.
Use antivirus software and keep it up to date
Install antivirus software on all devices and set the software to automatically check for updates on a daily basis.
Further information
Further information on the Maze ransomware can be found at:
- https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html
- https://blog.malwarebytes.com/threat-spotlight/2020/05/maze-the-ransomware-that-introduced-an-extra-twist/
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/
- https://www.tripwire.com/state-of-security/featured/maze-ransomware-what-you-need-to-know/.
Contact details
If you have any questions regarding this guidance you can contact us or phone 1300 CYBER1 (1300 292 371).