The Maze ransomware group seems to be working hard to maintain its name in news headlines. Besides actively targeting several victims, it is also getting involved in marketing activities on a regular basis.

A new set of victims

In June, Maze ransomware operators claimed to have branched and then leaked the data of several organizations.
  • For one of its victims, LG Electronics, the Maze operators released three screenshots of the stolen data. One of the screenshots shows the source code file of LG’s products, while the other two show the official firmware or software update of LG Electronics products.
  • On June 24, Maze ransomware also posted details about new victims on its portal, naming Xerox Corporation, WorldNet Telecommunications, Columbus Metro Federal Credit Union, and Webuild SpA (an Italian industrial group) as the targeted organizations.

Marketing endeavors

Besides targeting its victims, it has also been doing all sorts of marketing activities, by posting pre-leak warnings (even before leaking the sample data), and sometimes just giving a press release for its victims.
  • Just a few days ago, on June 22, Maze operators had published a press release, warning its victims not to try decrypting the locked files. At the end of that press release, they had mentioned that they will be soon leaking the data of LG Electronics.
  • In one of the posts, the Maze group even provided examples of stolen data from four companies - ST engineering, MaxLinear, Conduent, and M.J. Brunner - that used a negotiator to restore their hijacked data but failed to do so.

What is it up to?

Within the month of June, the Maze group has targeted a wide range of organizations.
  • It has targeted several high-profile government and defense organizations, consultants, engineering services, electric authority companies, hardware manufacturers, financial organizations, and many more.
  • Apparently they are not seeking any specific target area or domain but trying to put their foot in all possible doors they can.
  • Most of the targeted organizations are in the US, while others are in South Korea, Thailand, Canada, Latin America, and Brazil.

Cyware Publisher