Maze.Ransomware is a sophisticated windows strain that has been hitting companies since at least May 2019. By the end of September 2019, Maze started becoming infamous for encrypting files and demanding ransom. Malicious actors behind Maze have been intruding into confidential data systems, encrypting sensitive files, and demanding for ransom in bitcoins.
Initially, the actors behind Maze.Ransomware distributed the malware using phishing campaigns and exploit kits. The malware is now reportedly spreading via post-compromise, a method to maximize the spread to more networks. Maze attackers are maintaining a public-facing website where they release all the compromised data when a victim refuses to pay ransom.
Until the first quarter of 2020, the malware, victimized companies belonging to health care, government, retail, insurance, and finance, spanned across multiple global regions, disrupting operations.
Read the advisory to understand the history, background, and recent developments concerning Maze ransomware. The advisory gives complete details about the Indicators of Compromise (IoCs) of Maze and elaborates on techniques to detect malware and respond to it to minimize the impacts.