Maze Ransomware encrypts files and makes them inaccessible while adding a custom

extension containing part of the ID of the victim. The ransom note is placed inside a text
file and an htm file. There are a few different extensions appended to files which are
randomly generated.

Actors are known to exfiltrate the data from the network for further extortion. It spreads
mainly using email spam and various exploit kits (Spelevo, Fallout).

The code of Maze ransomware is highly complicated and obfuscated, which helps to
evade security solutions using signature-based detections.

References

2020-04-18 ⋅ Cognizant ⋅ Cognizant
Cognizant Security Incident Update
 Maze
2020-04-18 ⋅ Bleeping Computer ⋅ Lawrence Abrams
IT services giant Cognizant suffers Maze Ransomware cyber attack
 Maze
2020-03-26 ⋅ TechCrunch ⋅ Zack Whittaker
Cyber insurer Chubb had data stolen in Maze ransomware attack
 Maze
2020-03-26 ⋅ McAfee ⋅ Alexandre Mundo
Ransomware Maze
 Maze
2020-03-25 ⋅ Bitdefender ⋅ Bitdefender Team
A Technical Look into Maze Ransomware
 Maze
2020-03-24 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Three More Ransomware Families Create Sites to Leak Stolen Data
 Clop DoppelPaymer Maze Nefilim Ransomware Nemty REvil
2020-03-12 ⋅ Cyberbit ⋅ Dor Neemani, Omer Fishel, Hod Gavriel
Lost in the Maze
 Maze
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike
2020 CrowdStrike Global Threat Report
 MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon
System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown 
Backdoor Phobos Ransomware Predator The
Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vid
SPIDER Anunak APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Judg
SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER
2020-03-03 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Ransomware Attackers Use Your Cloud Backups Against You
 DoppelPaymer Maze
2020-01-30 ⋅ ZATAZ ⋅ Damien Bancal
Cyber attaque à l’encontre des serveurs de Bouygues Construction
 Maze
2020-01-29 ⋅ ANSSI ⋅ ANSSI
État de la menace rançongiciel
 Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam
2020-01-22 ⋅ Deloitte ⋅ Deloitte
Project Lurus
 Maze
2019-12-24 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Maze Ransomware Releases Files Stolen from City of Pensacola
 Maze
2019-12-18 ⋅ Github (albertzsigovits) ⋅ Albert Zsigovits
Maze ransomware
 Maze
2019-12-17 ⋅ Cisco ⋅ JJ Cummings, Dave Liebenberg
Incident Response lessons from recent Maze ransomware attacks
 Maze
2019-12-16 ⋅ KrebsOnSecurity ⋅ Brian Krebs
Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
 Maze
2019-12-11 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand
 Maze
2019-11-21 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Allied Universal Breached by Maze Ransomware, Stolen Data Leaked
 Maze
2019-11-14 ⋅ Proofpoint ⋅ Bryan Campbell, Proofpoint Threat Insight Team
TA2101 plays government imposter to distribute malware to German, Italian,
 Maze TA2101
2019-11-08 ⋅ Twitter (@certbund) ⋅ CERT-Bund
Tweet on Spam Mails containing MAZE
 Maze
2019-10-18 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
Maze Ransomware Now Delivered by Spelevo Exploit Kit
 Maze
2019-05-13 ⋅ Amigo A
ChaCha Ransomware
 Maze