Maze Ransomware

Malware updated 4 months ago (2024-05-04T20:19:03.553Z)

Download STIX

Preview STIX

Maze ransomware is a type of malware that emerged in 2019, employing a double extortion tactic to wreak havoc on its victims. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. The first public reports of such double extortion ransomware surfaced from diverse criminal organizations, including the REvil ransomware gang and the Maze ransomware group TA2102. In the same year, ransomware leak sites appeared, with Maze ransomware being one of the first to use this strategy. One notable breach was against Allied Universal, whose stolen data was subsequently leaked. In 2020, IBM Security X-Force observed an increase in Maze ransomware attacks, accounting for 12% of the ransomware attacks recorded during the year. Prominent among these was an attack on Xerox Corporation, where the Maze Ransomware group claimed to have stolen approximately 100GB of data. Following the attack, Xerox worked with third-party cybersecurity experts to conduct a thorough investigation and took necessary steps to further secure their IT environment. However, despite these efforts, the Maze ransomware gang published 25.8 GB of Xerox's data. To combat the threat posed by Maze ransomware, tools like the decryption tool provided by Emsisoft are available. However, the average ransom demanded by the now-defunct Maze ransomware group from a single victim in 2020 was reportedly $4.8 million, indicating the high cost of these attacks. Under the RaaS (Ransomware as a Service) model, various threat groups are delivering Maze ransomware to organizations, creating a wide variety of tactics, techniques, and procedures associated with Maze ransomware. The Sangria Tempest, aka FIN7, a financially-motivated hacking group, has previously been linked to REvil and Maze ransomware after their involvement in the now-defunct BlackMatter and DarkSide ransomware operations.

Description last updated: 2024-05-04T19:30:57.547Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Maze	4	Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

Extortion

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Ryuk	Unspecified	2	Ryuk is a type of malware known as ransomware, which has been utilized by the threat group ITG23 for several years. This group has been notorious for crypting their malware, with crypters seen in use with other malware such as Trickbot, Emotet, Cobalt Strike, and Ryuk. In 2019, most ransomware inves

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
DarkSide	Unspecified	2	DarkSide is a threat actor known for its malicious activities, particularly in the realm of ransomware. This group was notably responsible for the major attack on the U.S. energy sector that targeted Colonial Pipeline Co. on May 7, 2021, using a ransomware-as-a-service operation. The DarkSide ransom

Source Document References

Information about the Maze Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Unit42	7 months ago	Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
CERT-EU	8 months ago	Potential data breach disclosed by Xerox subsidiary
CERT-EU	8 months ago	Top 3 ransomware headlines trending on Google - Cybersecurity Insiders
CERT-EU	8 months ago	After ransomware claims, Xerox says subsidiary hit with cyberattack \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data
CERT-EU	8 months ago	Microsoft disables MSIX protocol handler abused in malware attacks
CERT-EU	10 months ago	New Phobos ransomware variant implicates VX-Underground
CERT-EU	a year ago	What is double extortion ransomware? \| #ransomware \| #cybercrime \| National Cyber Security Consulting
MITRE	2 years ago	Ransomware 2020: Attack Trends Affecting Organizations Worldwide
Secureworks	2 years ago	Ransomware Evolution
Secureworks	2 years ago	Phases of a Post-Intrusion Ransomware Attack
MITRE	2 years ago	Maze attackers adopt Ragnar Locker virtual machine technique
CERT-EU	a year ago	Ransomware gang Alphv 'unlikely to be fussed' about law firm's injunction order \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	200+ Free Ransomware Decryption Tools You Need [2022 List]
CERT-EU	a year ago	Regis Aged Care upgrades endpoint security
MITRE	2 years ago	Ransomware Maze \| McAfee Blog
MITRE	2 years ago	Pysa Ransomware - NHS Digital