MazeRansomware

Maze Ransomware - Advanced ransomware group that carried out large-scale attacks on Fortune 500 companies in 2019-2020. It uses RSA-2048+ChaCha20 encryption, VSS deletion over WMI (without cmd.exe), double extortion (data exfiltration + encryption) techniques. It ceased its activities at the end of 2020.

Threat Profile
Type Ransomware
Programming LanguageC++
C2 ProtocolHTTP
First Seen2019
Targets Kuresel/Kurumsal
Purpose / Capabilities
  • Ransomware/Double Extortion
No C2 servers have been identified for this family yet.

Research Reports (1)

Critical

MazeRansomware 4263eacd -- RSA2048-ChaCha20 DECRYPT-FILES-txt WMI-Win32ShadowCopy-delete autorun-inf-USB InternetOpenA-HTTP-C2 CryptAcquireContextW 1-section-PE | Kritik

MazeRansomware 4263eacd PE32 x86 920KB 1-section. RSA-2048+ChaCha20. DECRYPT-FILES.txt. WMI Win32_ShadowCopy shadowcopy delete (cmd.exe yok). autorun.inf USB yayilim. HTTP C2.

Read Report →