Ransomware

Maze

First seen: 2019-05 • Status: inactive

Currently Inactive

Maze invented the ransomware trick of stealing your data before encrypting it, then threatening to publish it online. Many ransomware groups copied this approach.

Overview

Maze pioneered the double extortion ransomware model, threatening to leak stolen data. The group retired in 2020 but influenced many successors.

Also Known As

Maze Ransomware, ChaCha

How It Spreads

  • Phishing
  • RDP exploitation
  • Exploit kits

What It Does

  • Data exfiltration
  • File encryption
  • Public shaming websites

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for data exfiltration
  • Watch for Maze indicators

MITRE ATT&CK Techniques

T1486, T1567, T1490

If You're Infected

  1. 1.

    Assume data was stolen

  2. 2.

    Engage legal counsel for data breach

Related Malware

Egregor, Sekhmet

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices