The Maze virus spreads through a fake email sent by the Inland Revenue Agency. Here are the risks and how to defend yourself
What is the worst nightmare for an Italian citizen? Receiving an email from the Internal Revenue Service warning of a financial irregularity in your tax return. And if you add that the e-mail message hides a ransomware (a particular type of virus that blocks the access to the computer and forces the user to pay a ransom), the nightmare turns into a real tragedy.
Unfortunately, this is what is happening in these days to thousands of Italian users. In fact, there is a real spam campaign that has targeted Italy and is trying to hit the highest number of users possible. To make the announcement is Cert-Pa, the Computer Emergency Response Team of the public administration. It is necessary to specify that the Italian Revenue Agency has no role in this spam campaign, on the contrary it is a victim. The hackers are improperly using the name of the agency to be sure that the citizen, alarmed by reading the sender of the email (Agenzia delle Entrate, precisely), will open the message and download the attachment.
The risks for the users are very high. Downloading the Word file attached to the email (named GREEN.doc) installs the Maze virus on the PC that blocks access to any file on the computer. Defending yourself against this type of cyber attacks is not easy. You need to have a good antivirus installed on your PC, but most of all you need to have computer skills that allow you to immediately recognize scam emails.
Maze virus: what it is and how it works
The new nightmare for Italian users is Maze virus. It is a ransomware that spreads through an attachment in an email message. Apparently, the email is sent by the Italian Revenue Agency, but in reality, a hacker group is hiding behind the email address.
To be infected by the virus, you do not have to open the email message, but you have to download the word file VERDI.doc attached to the email. As soon as you download the document, the ransomware takes over the PC and blocks access to all files on the hard disk. Among the encrypted files there is also a text file DECRYPT-FILES.txt that explains how to unlock the PC and get access to your documents again. That is, you have to pay a ransom in Bitcoin.
What risks does the user run
Of the various types of viruses, ransomware is definitely the most dangerous. It locks access to the PC and finding a key to unlock it is anything but simple. In the past years, ransomware attacks such as WannaCry have caused multi-billion dollar damages to companies. Paying the ransom to get the key is not the best solution: in many cases the hackers collect the money and disappear, leaving the user with “the candle in the hand”.
Another serious danger you run with ransomware is selling your data on the dark web. In addition to decrypting the hard drive, in fact, hackers are also able to steal our personal information, selling it to the highest bidder.
How to defend yourself against ransomware viruses
Ransomware is difficult to defeat. It’s a particular malware that blocks access to your PC, encrypts all the data on your hard drive and demands a ransom to unlock access to your computer. And in many cases the ransom payment is not even used to get the key to decrypt the hard drive. Inoltre, gli hacker rubano le informazioni degli utenti e le rivendono nel dark web.
Come difendersi dai ransomware? Non esiste un metodo vincente. Ma bisogna seguire tante semplici regole che permettono di stare lontani da questo tipo di virus. In primis, i ransomware si diffondono tramite e-mail spam. Quando ricevete un messaggio da un mittente che non conoscete, cercate di approfondire il più possibile e se non trovate informazioni certe, eliminatelo. In questo caso gli hacker hanno registrato tre domini che sembrano essere quelli ufficiali dell’Agenzia delle entrate, ma in realtà non è così (agenziaentrateinformazioni.icu, agenziaentrate.icu e agenziainformazioni.icu.). Inoltre non scaricate allegati di cui non conoscete il mittente, soprattutto se sono file Word e Excel. Infine, installare un buon antivirus è una regola che funziona sempre. Ecco un piccolo schema riassuntivo con qualche consiglio extra:
- Verificare il mittente delle e-mail sospette
- Non scaricare allegati di cui non si conosce il mittente
- Installare un antivirus
- Aggiornare il sistema operativo e l’antivirus
- Non pagare il riscato
- Denunciare l’accaduto alle forze dell’ordine