Use stolen information to attack clients and partners as well as inform them that the company was hacked.Inform any relevant stock exchanges about the hack and loss of sensitive information to drive down the company’s share price.Sell stolen information with commercial value on the dark web.Release public details of security breaches and inform the media.The Maze ransomware website warns victims that, if the ransom is not paid, they will: Provocatively, the website features the ironic slogan “Keeping the world safe” and even includes social sharing buttons so details of data breaches can be shared via social media. The website includes details of when victims were hit by Maze ransomware as well as links to downloads of stolen data and documents as “proof”. On this website, they frequently publish samples of stolen data as a form of punishment. The creators of Maze operate a website where they list their victims (who they refer to as “clients”). Essentially, Maze is a combination of a ransomware attack and a data breach. Organizations may be able to restore their data from a secure backup to get up and running again (if the backup itself has not been compromised), but that doesn’t undo the fact that criminals now have a copy of the organization’s data. Maze is particularly dangerous because it also steals the data it finds and exfiltrates it to servers controlled by malicious hackers who then threaten to release it if a ransom is not paid. Once Maze gains access to a network, the operators then try to get elevated privileges so they can deploy file encryption across all drives. In some cases, the attack may come from an organization’s client or partner who has already fallen victim to the hackers. Spam emails, often using malicious links or attachments (mostly Word or Excel files).How does Maze ransomware work? Maze is typically distributed through: Since December 2019, Maze has been very active in targeting victims across numerous industries.
What is maze ransomware?ĭeveloped as a variant of ChaCha ransomware, Maze was initially discovered in May 2019.
This behavior is increasingly seen in newer forms of ransomware, including REvil/Sodinokibi, JSWorm/Nemty/Nefilim, Clop, and others. If maze ransomware victims refuse to pay, the criminals threaten to leak the victims’ confidential data.
As with other forms of ransomware, Maze demands a cryptocurrency payment in exchange for the safe recovery of encrypted data.
Maze ransomware is a sophisticated strain of Windows ransomware which targets organizations worldwide across many industries.