How Does Maze Ransomware Work

"Maze ransomware was discovered on May 29, 2019. The Maze authors created a fake Abra cryptocurrency site in order to buy traffic from ad networks. Visitors to the cryptocurrency site would then be redirected to the exploit kit landing page under certain conditions. Using RSA and ChaCha20 encryption as part of the process, the ransomware scans for files to encrypt and appends different extensions to the files" as per Bleepingcomputer reports.

Being a ransomware, Maze initially spreads across a corporate network of the target & infects computers it finds and encrypts data so it cannot be accessed. The fundamental operation of this ransomware is it steals the data it finds and ex-filtrates it to servers controlled by malicious hackers who then threaten to release it on the internet if a ransom is not paid.

The Maze ransomware is hard programmed with some tricks to prevent reversing of it and to make static analysis more difficult, according to McAfee Labs.

In addition to all of this they also have a website they list their targets. The website includes details of when victims had their computer systems hit by the Maze ransomware as well as links to downloads of stolen data and documents as “proof.” There are even convenient buttons on the website to share details of breaches via social media.