maze (5)

7330777658?profile=RESIZE_400xMaze ransomware is a complex piece of malware that uses some tricks to frustrate analysis right from the beginning. The malware starts preparing some functions that appear to save memory addresses in global variables to use later in dynamic calls though it does not actually use these functions later. The operators of the Maze ransomware have published tens of GB of internal data from the networks of enterprise business giants LG and Xerox following two failed extortion attempts.

The hackers leake

6244931697?profile=RESIZE_400x2020, a year that will be remembered for many reasons.  Stories will be told to children and grandchildren of when we all had to wear face masks, stand 6 feet apart, there were no sports, and where people were not permitted to hug or shake hands.  Then there was the next economic collapse and subsequent worldwide insurrection.  For those who hunt cybercriminals and attempt to expose criminal and state-sponsored hacking operations and techniques, the blurring of the lines between what constitutes

6014420079?profile=RESIZE_400xMaze Ransomware hackers, previously known in the hacker community as “ChaCha Ransomware,” was discovered on 29 May 2020 by Jerome Segura, a malware intelligence officer.  The main goal of ransomware is to encrypt all files in an infected system and subsequently demand a ransom to recover the files.  The threat actor who took credit for compromising an insurance giant , seems to continue its attacking spree with full intensity.  It is currently targeting the aerospace sector, specifically mainten

5887188088?profile=RESIZE_400xLike any profitable business model, ransomware gangs continue to innovate and increase their business.  Recently, reports have emerged of a collaboration between the Maze and Lockbit gangs, as well as the REvil, aka Sodinokibi, operators not leaking stolen data for free when victims do not pay, but instead auctioning it off to the highest bidder.

Here are some of the latest ransomware trends noted by cyber analysts: IR-20-164-002_Ransomware Trends.pdf

3794386206?profile=RESIZE_710xFBI Flash Bulletin / TLP GREEN

Unknown cyber actors have targeted multiple US and international businesses with Maze ransomware since early 2019.  Maze encrypts files on an infected computer’s file system and associated network file shares.  Once the victim has been compromised, but prior to the encryption event, the actors exfiltrate data.  After the encryption event, the actors demand a victimspecific ransom amount paid in Bitcoin (BTC) in order to obtain the decryption key.  An international