Maze ransomware emerged in May 2019, initially identified as 'ChaCha ransomware,' and quickly distinguished itself by pioneering the double extortion technique. This method involved not only encrypting victims' data but also exfiltrating sensitive information and threatening its public release if a ransom was not paid. Operating with an affiliate-based model, Maze operators also maintained a dedicated public-facing website, 'Maze News,' to list victims and publish stolen data, significantly increasing pressure on organizations. While the group claimed to officially cease operations in November 2020, its tactics and a potential rebranding have been observed in subsequent ransomware variants like Egregor and Sekhmet. The group's primary motivation was financial gain through extortion, and it is assessed with high confidence to be of Russian origin, indicated by its malware avoiding systems configured with Russian or former Soviet Union languages.

URLs nuevas detectadas en IntelTracker