| SYMBOL | COMMON_NAME | aka. SYNONYMS |
win.maze (Back to overview)
Maze
aka: ChaCha
Maze Ransomware encrypts files and makes them inaccessible while adding a custom extension containing part of the ID of the victim. The ransom note is placed inside a text file and an htm file. There are a few different extensions appended to files which are randomly generated.
Actors are known to exfiltrate the data from the network for further extortion. It spreads mainly using email spam and various exploit kits (Spelevo, Fallout).
The code of Maze ransomware is highly complicated and obfuscated, which helps to evade security solutions using signature-based detections.
References
| 2021-02-25 ⋅ FireEye ⋅ So Unchill: Melting UNC2198 ICEDID to Ransomware Operations Cobalt Strike IcedID Maze SystemBC |
| 2021-02-23 ⋅ CrowdStrike ⋅ 2021 Global Threat Report RansomEXX Amadey Anchor Avaddon Ransomware BazarBackdoor Clop Cobalt Strike Conti Ransomware Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet Ransomware ShadowPad SmokeLoader Snake Ransomware SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader |
| 2021-02-11 ⋅ CTI LEAGUE ⋅ CTIL Darknet Report – 2021 Conti Ransomware Mailto Maze REvil Ryuk |
| 2021-02-04 ⋅ Chainanalysis ⋅ Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains DoppelPaymer Egregor Maze SunCrypt |
| 2020-12-16 ⋅ Accenture ⋅ Tracking and combatting an evolving danger: Ransomware extortion DarkSide Egregor Maze Nefilim Ransomware RagnarLocker REvil Ryuk SunCrypt |
| 2020-12-14 ⋅ Medium Killbit ⋅ Applying the Diamond Model to Cognizant (MSP) vs. Maze Ransomware Maze |
| 2020-12-10 ⋅ US-CERT ⋅ Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim Ransomware REvil Ryuk Zeus |
| 2020-12-09 ⋅ Cisco ⋅ Quarterly Report: Incident Response trends from Fall 2020 Cobalt Strike IcedID Maze RansomEXX Ryuk |
| 2020-12-08 ⋅ Sophos ⋅ Egregor ransomware: Maze’s heir apparent Egregor Maze |
| 2020-12-07 ⋅ Minerva Labs ⋅ Egregor Ransomware - An In-Depth Analysis Egregor Maze Sekhmet Ransomware |
| 2020-12-01 ⋅ Trend Micro ⋅ The Impact of Modern Ransomware on Manufacturing Networks Maze Petya REvil |
| 2020-11-18 ⋅ KELA ⋅ Zooming into Darknet Threats Targeting Japanese Organizations Conti Ransomware DoppelPaymer Egregor LockBit Maze REvil Snake Ransomware |
| 2020-11-16 ⋅ Intel 471 ⋅ Ransomware-as-a-service: The pandemic within a pandemic Avaddon Ransomware Clop Conti Ransomware DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX Ransomware |
| 2020-11-11 ⋅ Kaspersky Labs ⋅ Targeted ransomware: it’s not just about encrypting your data! Part 1 - “Old and New Friends” Egregor Maze RagnarLocker |
| 2020-11-06 ⋅ Telsy ⋅ Malware Analysis Report: Trying not to walk in the dark woods. A way out of the Maze Maze |
| 2020-10-29 ⋅ Bleeping Computer ⋅ Maze ransomware is shutting down its cybercrime operation Egregor Maze |
| 2020-10-28 ⋅ Bitdefender ⋅ A Decade of WMI Abuse – an Overview of Techniques in Modern Malware sLoad Emotet Maze |
| 2020-10-26 ⋅ Checkpoint ⋅ Exploit Developer Spotlight: The Story of PlayBit Dyre Maze PyLocky Ramnit REvil |
| 2020-10-23 ⋅ Hornetsecurity ⋅ Leakware-Ransomware-Hybrid Attacks Avaddon Ransomware Clop Conti Ransomware DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim Ransomware RagnarLocker REvil Sekhmet Ransomware SunCrypt |
| 2020-10-21 ⋅ Kaspersky Labs ⋅ Life of Maze ransomware Maze |
| 2020-10-06 ⋅ CrowdStrike ⋅ Double Trouble: Ransomware with Data Leak Extortion, Part 2 Maze MedusaLocker REvil |
| 2020-09-29 ⋅ Microsoft ⋅ Microsoft Digital Defense Report Emotet IcedID Mailto Maze QakBot REvil RobinHood TrickBot |
| 2020-09-25 ⋅ CrowdStrike ⋅ Double Trouble: Ransomware with Data Leak Extortion, Part 1 DoppelPaymer FriedEx LockBit Maze MedusaLocker RagnarLocker REvil RobinHood SamSam WastedLocker |
| 2020-09-17 ⋅ Bleeping Computer ⋅ Maze ransomware now encrypts via virtual machines to evade detection Maze |
| 2020-09-17 ⋅ SophosLabs Uncut ⋅ Maze attackers adopt Ragnar Locker virtual machine technique Maze |
| 2020-09-01 ⋅ Cisco Talos ⋅ Quarterly Report: Incident Response trends in Summer 2020 Cobalt Strike LockBit Mailto Maze Ryuk |
| 2020-08-20 ⋅ sensecy ⋅ Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities Clop Maze REvil Ryuk |
| 2020-08-13 ⋅ SentinelOne ⋅ Case Study: Catching a Human-Operated Maze Ransomware Attack In Action Maze |
| 2020-08-04 ⋅ ZDNet ⋅ Ransomware gang publishes tens of GBs of internal data from LG and Xerox Maze |
| 2020-08 ⋅ Temple University ⋅ Critical Infrastructure Ransomware Attacks CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor |
| 2020-07-29 ⋅ ESET Research ⋅ THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos Ransomware PlugX Pony REvil Socelars STOP Ransomware Tinba TrickBot WannaCryptor |
| 2020-07-22 ⋅ SentinelOne ⋅ Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW) ISFB Maze TrickBot Zloader |
| 2020-07-15 ⋅ FireEye ⋅ Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families DoppelPaymer LockerGoga Maze MegaCortex Nefilim Ransomware Snake Ransomware |
| 2020-06-18 ⋅ Quick Heal ⋅ Maze ransomware continues to be a threat to the consumers Maze |
| 2020-06-17 ⋅ Cognizant ⋅ Notice of Data Breach Maze |
| 2020-06-16 ⋅ BleepingComputer ⋅ Chipmaker MaxLinear reports data breach after Maze Ransomware attack Maze |
| 2020-06-04 ⋅ Sophos Naked Security ⋅ Nuclear missile contractor hacked in Maze ransomware attack Maze |
| 2020-05-21 ⋅ BrightTALK (FireEye) ⋅ Navigating MAZE: Analysis of a Rising Ransomware Threat Maze |
| 2020-05-07 ⋅ FireEye Inc ⋅ Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents Maze |
| 2020-05-07 ⋅ REDTEAM.PL ⋅ Sodinokibi / REvil ransomware Maze MimiKatz REvil |
| 2020-05-04 ⋅ Blueliv ⋅ Escape from the Maze Maze |
| 2020-05-01 ⋅ CrowdStrike ⋅ The Many Paths Through Maze Maze |
| 2020-04-28 ⋅ Microsoft ⋅ Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk LockBit Mailto Maze MedusaLocker Paradise Ransomware RagnarLocker REvil RobinHood |
| 2020-04-18 ⋅ Cognizant ⋅ Cognizant Security Incident Update Maze |
| 2020-04-18 ⋅ Bleeping Computer ⋅ IT services giant Cognizant suffers Maze Ransomware cyber attack Maze |
| 2020-03-26 ⋅ TechCrunch ⋅ Cyber insurer Chubb had data stolen in Maze ransomware attack Maze |
| 2020-03-26 ⋅ McAfee ⋅ Ransomware Maze Maze |
| 2020-03-25 ⋅ Bitdefender ⋅ A Technical Look into Maze Ransomware Maze |
| 2020-03-24 ⋅ Bleeping Computer ⋅ Three More Ransomware Families Create Sites to Leak Stolen Data Clop DoppelPaymer Maze Nefilim Ransomware Nemty REvil |
| 2020-03-12 ⋅ Cyberbit ⋅ Lost in the Maze Maze |
| 2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
| 2020-03-03 ⋅ Bleeping Computer ⋅ Ransomware Attackers Use Your Cloud Backups Against You DoppelPaymer Maze |
| 2020-01-30 ⋅ ZATAZ ⋅ Cyber attaque à l’encontre des serveurs de Bouygues Construction Maze |
| 2020-01-29 ⋅ ANSSI ⋅ État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
| 2020-01-22 ⋅ Deloitte ⋅ Project Lurus Maze |
| 2020 ⋅ Secureworks ⋅ GOLD VILLAGE Maze |
| 2020 ⋅ Blackberry ⋅ State of Ransomware Maze MedusaLocker Nefilim Ransomware Phobos Ransomware REvil Ryuk STOP Ransomware Zeppelin Ransomware |
| 2019-12-24 ⋅ Bleeping Computer ⋅ Maze Ransomware Releases Files Stolen from City of Pensacola Maze |
| 2019-12-18 ⋅ Github (albertzsigovits) ⋅ Maze ransomware Maze |
| 2019-12-17 ⋅ Cisco ⋅ Incident Response lessons from recent Maze ransomware attacks Maze |
| 2019-12-16 ⋅ KrebsOnSecurity ⋅ Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up Maze |
| 2019-12-11 ⋅ Bleeping Computer ⋅ Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand Maze |
| 2019-11-21 ⋅ Bleeping Computer ⋅ Allied Universal Breached by Maze Ransomware, Stolen Data Leaked Maze |
| 2019-11-14 ⋅ Proofpoint ⋅ TA2101 plays government imposter to distribute malware to German, Italian, and US organizations Maze TA2101 |
| 2019-11-08 ⋅ Twitter (@certbund) ⋅ Tweet on Spam Mails containing MAZE Maze |
| 2019-10-18 ⋅ Bleeping Computer ⋅ Maze Ransomware Now Delivered by Spelevo Exploit Kit Maze |
| 2019-05-13 ⋅ ChaCha Ransomware Maze |