maze
Group profile
Maze ransomware group is one of the most known ransomware gangs, they targeted organizations worldwide across many industries. Security researchers believed that Maze operates as an affiliated network model. MAZE was one of the first groups that made a 'Double Extortion Attack' involved Allied Universal, in November 2019, the group leaks their victim's data in the darknet. On November 1, 2020, MAZE announced an official press release that they are closing their operation. is malware targeting organizations worldwide across many industries. Security researchers claim that the threat actor behind the MAZE group is 'TA2101'.
MITRE ATT&CK TTPs
Initial Access
T1189Drive-by Compromise
Maze distributed via exploit kits (Fallout EK, Spelevo EK) through malvertising campaigns and compromised websites.
T1190Exploit Public-Facing Application
Exploitation of Pulse Secure VPN and Citrix ADC (CVE-2019-19781) vulnerabilities to gain initial access.
T1566.001Phishing: Spearphishing Attachment
Maze used malicious Word documents with macros delivered via phishing emails as a primary initial access vector.
Execution
Defense Evasion
Credential Access
T1003.001OS Credential Dumping: LSASS Memory
Mimikatz deployed to harvest credentials from LSASS memory.
Discovery
Lateral Movement
Exfiltration
T1567Exfiltration Over Web Service
Maze pioneered the double extortion model — among the first ransomware groups to exfiltrate data before encryption and publish it on a dedicated leak site ('Maze News') to pressure victims into paying.
Command and Control
T1071.001Application Layer Protocol: Web Protocols
Cobalt Strike used for C2 communications over HTTPS.
Impact
T1486Data Encrypted for Impact
Maze uses ChaCha20 for file encryption with RSA-2048 for key protection. Active 2019-2020, Maze was the pioneer of the double extortion model that became the ransomware industry standard. The group formally announced retirement in November 2020; affiliates migrated to Egregor.
T1490Inhibit System Recovery
Volume Shadow Copies removed; Windows Backup catalog deleted to prevent recovery.
Recent victims
showing 50 of 59| Date | Website / victim | Sector | Country |
|---|---|---|---|
| 2020-09-11 | F Fairfax County Public Schools | Education | US |
| 2020-09-08 | T Toledo Public Schools (TPS) | Education | US |
| 2020-09-01 | A Artech Information Systems | Technology | US |
| 2020-08-05 | C Canon | Manufacturing | US |
| 2020-08-01 | S SK Hynix (semiconductor company) | Manufacturing | |
| 2020-07-25 | S Strata Plus (strata management firm) | Business Services | AU |
| 2020-07-05 | X X-FAB | Manufacturing | US |
| 2020-07-01 | T Thai Beverage Public Company | Agriculture and Food Production | TH |
| 2020-06-29 | O Ostermeir FZE (engineering firm) | Manufacturing | AE |
| 2020-06-28 | V VirtualGuard | Public Sector | US |
| 2020-06-25 |  Xerox Corporationxerox.com | Technology | GB |
| 2020-06-10 | A Ahmed Almazrouei Group | Manufacturing | |
| 2020-06-10 | W Westmoreland Mechanical Testing and Research, Inc. | Manufacturing | US |
| 2020-06-10 | O Omnix Int'l | Technology | AE |
| 2020-06-10 | F FERSPED Inc. (Macedonian shipping company) | Transportation/Logistics | |
| 2020-06-10 | D Daily Thermetrics | Manufacturing | US |
| 2020-06-10 | M Munoz Engineering PC | Manufacturing | US |
| 2020-06-10 | D Domingos Martins | Public Sector | BR |
| 2020-06-10 | J John Christner Trucking | Transportation/Logistics | US |
| 2020-06-10 | M Mead O'Brien, Inc | Manufacturing | US |
| 2020-06-10 | U United Enertech (US construction company | Construction | US |
| 2020-06-08 | C Collabera | Technology | US |
| 2020-06-01 | W Westech International (US military contractor) | Public Sector | US |
| 2020-06-01 | C Columbus Metro Federal Credit Union | Financial Services | US |
| 2020-06-01 | W Webuild SpA (industrial group) | Manufacturing | IT |
| 2020-06-01 | W WorldNet Telecommunications and ISP | Telecommunication | PR |
| 2020-06-01 | F Faxon Machining | Manufacturing | US |
| 2020-06-01 | E Electricity Generating Authority of Thailand | Energy | TH |
| 2020-06-01 | L LG Electronics | Technology | |
| 2020-05-29 | C Conducent | Technology | US |
| 2020-05-24 | M Max Linear (radio- frequency chip maker) | Telecommunication | US |
| 2020-05-09 | P Pitney Bowes | Technology | US |
| 2020-05-07 | H HLB (Belgian accounting firm) | Financial Services | BE |
| 2020-05-05 | P Plastic Surgeon Kristin Tarbet (Bellevue, Wash) | Healthcare | US |
| 2020-05-05 | A Ashville Plastic Surgery Institute | Healthcare | US |
| 2020-05-01 | S Sparboe (egg producer) | Agriculture and Food Production | US |
| 2020-05-01 | B Banco BCR | Financial Services | CR |
| 2020-04-26 | D Dakota Carrier Network (DCN) | Technology | US |
| 2020-04-25 | T Tom Berkowitz Trucking Inc (whitinsville, MA) | Transportation/Logistics | US |
| 2020-04-20 | B Benefit Recovery Specialists Inc (BRSI) | Financial Services | US |
| 2020-04-17 |  Cognizantcognizant.com | Technology | US |
| 2020-04-05 | S Southeastern Wire (wire manufacturer) | Manufacturing | US |
| 2020-04-01 | B Berkine (Algerian Petroleum Joint Venture) | Energy | DZ |
| 2020-04-01 | C Chubb | Financial Services | US |
| 2020-03-15 | H Henning Harders (freight and logistics firm) | Transportation/Logistics | AU |
| 2020-03-14 | H Hammersmith Medicines Research | Business Services | GB |
| 2020-03-07 | V VT San Antonio Aerospace (aerospace and defense contractor) | Manufacturing | US |
| 2020-02-01 | A Affordacare Urgent Care Clinic | Healthcare | US |
| 2020-02-01 | C CU Collections | Business Services | US |
| 2020-02-01 | A Affordacare Urgent Care Clinics | Healthcare | US |