Maze Ransomware

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
Maze ransomware is a type of malware that emerged in 2019, employing a double extortion tactic to wreak havoc on its victims. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. The first public reports of such double extortion ransomware surfaced from diverse criminal organizations, including the REvil ransomware gang and the Maze ransomware group TA2102. In the same year, ransomware leak sites appeared, with Maze ransomware being one of the first to use this strategy. One notable breach was against Allied Universal, whose stolen data was subsequently leaked. In 2020, IBM Security X-Force observed an increase in Maze ransomware attacks, accounting for 12% of the ransomware attacks recorded during the year. Prominent among these was an attack on Xerox Corporation, where the Maze Ransomware group claimed to have stolen approximately 100GB of data. Following the attack, Xerox worked with third-party cybersecurity experts to conduct a thorough investigation and took necessary steps to further secure their IT environment. However, despite these efforts, the Maze ransomware gang published 25.8 GB of Xerox's data. To combat the threat posed by Maze ransomware, tools like the decryption tool provided by Emsisoft are available. However, the average ransom demanded by the now-defunct Maze ransomware group from a single victim in 2020 was reportedly $4.8 million, indicating the high cost of these attacks. Under the RaaS (Ransomware as a Service) model, various threat groups are delivering Maze ransomware to organizations, creating a wide variety of tactics, techniques, and procedures associated with Maze ransomware. The Sangria Tempest, aka FIN7, a financially-motivated hacking group, has previously been linked to REvil and Maze ransomware after their involvement in the now-defunct BlackMatter and DarkSide ransomware operations.
What's your take? (Question 1 of 5)
d39acfd8-a712-4f03-a6ac-955ee9a1ec3d Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Maze
4
Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Extortion
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RyukUnspecified
2
Ryuk is a type of malware, specifically ransomware, that has been used extensively by the group ITG23. The group has been encrypting their malware for several years, using crypters with malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware investigations were linked to
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DarkSideUnspecified
2
DarkSide is a notorious threat actor that has been associated with significant cyber attacks, most notably the ransomware attack on the US Colonial Pipeline in 2021. This group was known for its adoption of the ransomware-as-a-service (RaaS) model and had reportedly netted over $90 million in Bitcoi
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Maze Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Pysa Ransomware - NHS Digital
MITRE
a year ago
Maze attackers adopt Ragnar Locker virtual machine technique
CERT-EU
5 months ago
After ransomware claims, Xerox says subsidiary hit with cyberattack | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
MITRE
a year ago
Ransomware Maze | McAfee Blog
CERT-EU
a year ago
Ransomware gang Alphv 'unlikely to be fussed' about law firm's injunction order | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
8 months ago
What is double extortion ransomware? | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data
CERT-EU
5 months ago
Top 3 ransomware headlines trending on Google - Cybersecurity Insiders
CERT-EU
6 months ago
New Phobos ransomware variant implicates VX-Underground
CERT-EU
a year ago
Regis Aged Care upgrades endpoint security
CERT-EU
10 months ago
200+ Free Ransomware Decryption Tools You Need [2022 List]
Secureworks
a year ago
Phases of a Post-Intrusion Ransomware Attack
Unit42
4 months ago
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
CERT-EU
5 months ago
Potential data breach disclosed by Xerox subsidiary
Secureworks
a year ago
Ransomware Evolution
MITRE
a year ago
Ransomware 2020: Attack Trends Affecting Organizations Worldwide
CERT-EU
5 months ago
Microsoft disables MSIX protocol handler abused in malware attacks