Maze ransomware

Introduction

One of the many recurring themes in cybersecurity echoes one of the great mottos in life of “the only thing constant is change.” Ransomware is no exception to this rule, and this is best demonstrated by new types of ransomware which are redefining what this category of malware is capable of. Attackers leverage these new ransomware types to push their attacks further with devastating results. 

This article will go into detail about the Maze ransomware and will explore what Maze is, how Maze is different from other types of ransomware and how Maze works. It will also highlight some real-world examples of this malware in the wild. Those researching malware will find this article to be the go-to guide to Maze that they’re searching for.

What is Maze?

Maze, also known as ChaCha, is ransomware that was first observed in May 2019. At first, Maze was a rather unremarkable instance of ransomware that was involved in extortion campaigns. Beginning around October of 2019, Maze became more aggressive and more public. 

Going a step beyond nearly any malware ever seen, in November of 2019 Maze began publicly outing their campaign victims by posting the names of the companies that have not complied with their ransom demands. Attack campaigns employing Maze typically pose as legitimate government agencies and security vendors to steal and encrypt data to then attempt to extort the data owner. 

Maze is used as a part of a multi-pronged cyberattack. Generally speaking, Maze is observed appearing in the second or third step of these campaigns and is less likely to be used as an initial access technique. 

What makes Maze different from other ransomware?

If anything can be said about cyberattacks in the last five years or so, ransomware has really moved into (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/mG7tMGqnXWw/