Maze Ransomware

Malware updated 7 days ago (2024-11-29T14:26:15.069Z)
Download STIX
Preview STIX
Maze ransomware is a type of malware that emerged in 2019, employing a double extortion tactic to wreak havoc on its victims. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. The first public reports of such double extortion ransomware surfaced from diverse criminal organizations, including the REvil ransomware gang and the Maze ransomware group TA2102. In the same year, ransomware leak sites appeared, with Maze ransomware being one of the first to use this strategy. One notable breach was against Allied Universal, whose stolen data was subsequently leaked. In 2020, IBM Security X-Force observed an increase in Maze ransomware attacks, accounting for 12% of the ransomware attacks recorded during the year. Prominent among these was an attack on Xerox Corporation, where the Maze Ransomware group claimed to have stolen approximately 100GB of data. Following the attack, Xerox worked with third-party cybersecurity experts to conduct a thorough investigation and took necessary steps to further secure their IT environment. However, despite these efforts, the Maze ransomware gang published 25.8 GB of Xerox's data. To combat the threat posed by Maze ransomware, tools like the decryption tool provided by Emsisoft are available. However, the average ransom demanded by the now-defunct Maze ransomware group from a single victim in 2020 was reportedly $4.8 million, indicating the high cost of these attacks. Under the RaaS (Ransomware as a Service) model, various threat groups are delivering Maze ransomware to organizations, creating a wide variety of tactics, techniques, and procedures associated with Maze ransomware. The Sangria Tempest, aka FIN7, a financially-motivated hacking group, has previously been linked to REvil and Maze ransomware after their involvement in the now-defunct BlackMatter and DarkSide ransomware operations.
Description last updated: 2024-05-04T19:30:57.547Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Maze is a possible alias for Maze Ransomware. Maze is a form of malicious software, or malware, that pioneered a novel double-extortion tactic in the cyber threat landscape. Its modus operandi involves stealing victims' files before encrypting them, thereby enabling the threat actors to threaten both the disruption of operations and the release
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Extortion
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Ryuk Malware is associated with Maze Ransomware. Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware invesUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The DarkSide Threat Actor is associated with Maze Ransomware. DarkSide is a threat actor known for its malicious activities, primarily in the realm of ransomware attacks. One of their most notable exploits occurred on May 7, 2021, when they targeted Colonial Pipeline Co., a major player in the U.S. energy sector. The attack disrupted the gasoline supply acrossUnspecified
2
Source Document References
Information about the Maze Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more