Maze Ransomware – Newer Generation of Cybercrime Ransomware Operators

Maze Ransomware was discovered in May 2019 and has become increasingly popular since Fall 2019.
Since October 2019, Maze activities have increased with a number of high-profile attacks occurring in November and December. Maze operators are among the newer generation of cybercrime ransomware operators who tend to combine scalable infections with targeted attacks against a specific entity, requiring long-term presence in the victim’s environment.
On December 9, 2019, Maze extorted the City of Pensacola, Florida demanding a $1,000,000 USD ransom for a decryptor. Maze operators emphasized that they would not disrupt the operations of healthcare or emergency services and would provide a free decrypter in case any of those services were impacted.
Notably, this actor claims to have a certain ethical dilemma dealing with healthcare services preferring to attack business-only applications.
By and large, the group relies on automated botnet infections, targeted ransomware intrusions, and data leaks to pressure its victims into complying with the ransom demand.