In the past year, ransomware attacks have had a major impact across the U.S. Recent Emsisoft research has emphasized that a cyber blackmail tactic, which was first debuted by the Maze ransomware group, has been widely adopted by several other cybercriminals.

What was revealed?

In 2020, the Maze ransomware had a huge impact on the U.S. From being the first ransomware group to use data exfiltration techniques, Maze’s footsteps have been followed by at least 17 other cyber gangs by the end of the year. It was the first actor group to use leak sites to threaten the publication of the stolen data as additional leverage to extort payment. Cyber gangs have widely adopted this efficient tactic.

Additional insights from the report

According to the Emsisoft report “The State of Ransomware in the US: Report and Statistics 2020," the barrage of ransomware attacks has widely impacted at least 2,354 U.S. government organizations, healthcare facilities, and schools in 2020. Notable incidents included attacks on the following sectors:
  • Educational (1,681 organizations) - Clark County Public Schools, Fairfax County Public Schools, Baltimore County Public School, UCSF, MSU, and the University of Utah.
  • Healthcare (560 organizations) - Universal Health Services, Boston Children’s Hospital, Crozer-Keystone Health System, University of Vermont Health Network, and Lake Region Healthcare.
  • Government (113 organizations) - The cities of Knoxville and Torrance, the Office of Court Administration of Texas, the Texas Department of Transportation, and the 4th Judicial Court of Louisiana.

Do we have a Maze’s heir?

  • After shutting down its operations, Maze affiliates were seen switching over to a newer ransomware operation called Egregor, which is thought to be the successor of Maze.
  • Recently, the FBI had issued a security alert warning private sector companies of Egregor ransomware attacks.


The Maze group has set a new benchmark in ransomware attacks, which is being followed by several other cybercriminal groups. It can be anticipated that threat actors will not just exfiltrate data from public sector bodies, but will also use additional tactics to put pressure on them and get maximum gains.

Cyware Publisher