Blue Hexagon Blog

Ransomware Families – Maze

Maze Ransomware was first identified in early 2019, the FBI released a flash alert in December of 2019 commenting that businesses have been targeted since early 2019, but the first activity against US victims occurred in November 2019. 

Maze ransomware is delivered through macro-enabled documents attached to phishing emails. These phishing emails have been observed to be spoofing security vendors or government agencies.  

Once on the system, Maze exfiltrates sensitive data to a remote server, focusing on files that may help pressure the victim into paying the ransom. Maze then posts on their shaming site as well as sending press releases to the press threatening to release sensitive data if the ransom is not paid. 

Maze creates a file titled DECRYPT-FILES.txt on the desktop with instructions on how to pay the ransom to decrypt the files on the machine. 

If you are interested in learning about other Ransomware families that we have published research reports on you can read more here