Maze Group’s Recent Assaults - A Quick Review

Maze ransomware group has been amongst one of the most active and fastest-growing ransomware actors. In around one year, it has targeted a number of large organizations, including the digital printing solutions provider Xerox Corporation, Cognizant, and others within the past few months.


Top targeted sectors

Based on the confirmed attack incidents revealed lately, there were a total of nine notable attacks on organizations across different sectors. The majority of which belongs to IT and healthcare.
  • IT seems to be the favorite sector being targeted with three victims - Lectra (a France based technology company), Westech International Inc. (New Mexico-based Logistics and IT services provider), and Xerox (Connecticut-based IT, digital and print solutions provider).
  • Maze carried out two attacks on organizations in the healthcare sector - Regis Aged Care Pty Ltd (Australia) and the Montana Veterans Affairs Health Care System (USA).
  • Maze also targeted the Thailand-based food and beverage manufacturer ThaiBev, Sydney-based strata management firm Strata Plus, the National Highways Authority Of India (NHAI), and the Texas foundry group X-FAB, suggesting that Maze attacks are not specific to a particular field of interest or geographical area. 

It could be said that Maze works on pure financial motives, grabbing every opportunity they find.


Modus operandi

  • Although the initial attack vector for these attacks is not completely understood, the Maze group has now made it a practice to exfiltrate the entire target system data before encrypting it.
  • In several cases, such as Regis Aged Care and NHAI, the attackers released around 5% data upfront to prove its attack, and hence pressurize the firms to quickly pay the ransom.


Recent associations

Within the past few months, Maze operators have been busy strengthening their tie-ups and association with other threat groups as well.
  • At the beginning of June 2020, Maze operators were seen hosting and promoting data stolen by the LockBit gang, which provides hints about the cartel of ransomware operations between them.
  • Very soon, Ragnar Locker also joined their cartel.

Key takeaways

Looking at its pace, Maze operators have emerged as a consistent threat group to watch out for. Although there is no sure shot way to ensure 100% security, organizations can reduce the risks and extent of damage by ensuring proper security measures, such as using strong passwords, multi-factor authentication, and also having a regular backup of the data.