MazeRansomware
Maze Ransomware - Advanced ransomware group that carried out large-scale attacks on Fortune 500 companies in 2019-2020. It uses RSA-2048+ChaCha20 encryption, VSS deletion over WMI (without cmd.exe), double extortion (data exfiltration + encryption) techniques. It ceased its activities at the end of 2020.
Threat Profile
Type
Ransomware
Programming LanguageC++
C2 ProtocolHTTP
First Seen2019
Targets
Kuresel/Kurumsal
Purpose / Capabilities
- Ransomware/Double Extortion
No C2 servers have been identified for this family yet.
Research Reports (1)
MazeRansomware 4263eacd -- RSA2048-ChaCha20 DECRYPT-FILES-txt WMI-Win32ShadowCopy-delete autorun-inf-USB InternetOpenA-HTTP-C2 CryptAcquireContextW 1-section-PE | Kritik
MazeRansomware 4263eacd PE32 x86 920KB 1-section. RSA-2048+ChaCha20. DECRYPT-FILES.txt. WMI Win32_ShadowCopy shadowcopy delete (cmd.exe yok). autorun.inf USB yayilim. HTTP C2.
Read Report →