Maze… Into limelight for so long time

Maze ransomware group has been amongst one of the most active and fastest-growing ransomware actors. In around one year, it has targeted a number of large organizations, including the digital printing solutions provider Xerox Corporation, Cognizant, and others within the past few months.

Top targeted sectors


Based on the confirmed attack incidents revealed lately, there were a total of nine notable attacks on organizations across different sectors. The majority of which belongs to IT and healthcare.

IT seems to be the favorite sector being targeted with three victims – Lectra (a France based technology company), Westech International Inc. (New Mexico-based Logistics and IT services provider), and Xerox (Connecticut-based IT, digital and print solutions provider).

Maze carried out two attacks on organizations in the healthcare sector – Regis Aged Care Pty Ltd (Australia) and the Montana Veterans Affairs Health Care System (USA).

Maze also targeted the Thailand-based food and beverage manufacturer ThaiBev, Sydney-based strata management firm Strata Plus, the National Highways Authority Of India (NHAI), and the Texas foundry group X-FAB, suggesting that Maze attacks are not specific to a particular field of interest or geographical area.

Mode of operation

Although the initial attack vector for these attacks is not completely understood, the Maze group has now made it a practice to exfiltrate the entire target system data before encrypting it.
In several cases, such as Regis Aged Care and NHAI, the attackers released around 5% data upfront to prove its attack, and hence pressurize the firms to quickly pay the ransom.

Recent History

Within the past few months, Maze operators have been busy strengthening their tie-ups and association with other threat groups as well.

At the beginning of June 2020, Maze operators were seen hosting and promoting data stolen by the LockBit gang, which provides hints about the cartel of ransomware operations between them.
Very soon, Ragnar Locker also joined their cartel.

Key takeaways

Looking at its pace, Maze operators have emerged as a consistent threat group to watch out for. Although there is no sure shot way to ensure 100% security, organizations can reduce the risks and extent of damage by ensuring proper security measures, such as using strong passwords, multi-factor authentication, and also having a regular backup of the data.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s