The infamous Maze ransomware is increasingly becoming a formidable threat to its victims. Cybersecurity experts assert that it has developed to become one of the most dangerous forms of Windows ransomware that target organizations across the world – with cryptocurrency demands forming the center of its spread.
Experts have been able to identity a number of Russian-speaking members who claim to use the Maze ransomware, and are seeking new recruits to their trade.
A host of cybersecurity firms have intimated the latest activities surrounding the spread and effects of the Maze ransomware, indicating its popularity within cybercriminal actors who have been actively deploying it since May 2020.
Ideally, the ransomware exploited the email system to infect breach target computer systems through spam emails and kits. The emails would follow a thematic approach to purport their association with various legitimate subjects such as tax, invoice and package deliveries – along with document attachments that would disguise the Maze ransomware.
LG and Xerox Refuse to Play Ball
In latest news, Maze ransomware leaked massive amounts of stolen data from electronic company LG and print products firm Xerox.
In terms of numbers, reports indicate that the ransomware group stole data worth 50.2 GB from LG and 25.8GB from Xerox.
A statement by the Maze ransomware group alleges that both organizations were compromised in June, and that the hackers resorted to leaking the data following failed extortion attempts on their part. Today, the ransomware group is exposing the stolen data through their leak platform on the dark web.
A quick scan over the activities carried out by the Maze ransomware group indicates an interesting pattern – the group sticks to the trend of encrypting a compromised network once they steal data from the target. The group would then threaten to leak the data if ransom is not paid.
Maze Avoided Data Encryption This Time
Findings from an analysis done by ZDNet expose interesting details to the case, including an indication that the severity of Maze ransomware’s attack on Xerox was greater than the breach in LG’s context.
ZDNet established that the threat actors targeted the Xerox customer support operations owing to the cache of information that the investigators encountered online.
Separately, it’s been reported that LG has declined to share additional information about the cyberattack – an aspect that sends mixed suggestions towards anyone trying to understand the current cyber circumstance.
Otherwise, according to a statement issued by the Maze group, the team of hackers intimated that they chose not to encrypt the stolen data – an aspect that contradicted their standard operational framework. The decision was rationalized by LG and Xerox’s social significance that would otherwise lead to an impediment of their services.
Further, even as ZDNet reports being snubbed by the team at Xerox, the online listings by the ransomware group provide a clear indication that the threat actors targeted the firm’s customer support operations.
Although customers support operations does not match to the high value of actual customer data, ZDNet analysts have acknowledged the significance of the cyberattack that has shaken both firms.
In light of the fact that both LG and Xerox have remained adamant in the wake of the hackers’ extortion demands, the Maze group created leak entries for both firms in an online platform where the stolen data was leaked via dark web.
What Makes Maze Ransomware Attacks So Devastating?
A high number of cybercriminal enterprises have been known to deploy the Maze ransomware against victim companies and organizations. The threat actors behind the ransomware tool operate an online site where stolen data belonging to noncompliant victims is posted.
Otherwise, the fact that Maze is designed to expose sensitive data while disrupting victim networks makes it a dangerous tool used by hackers.
Join us on Dread, Tape and Hotmilk forum
