Maze is one of the most notorious ransomware families, active since 2019 when it evolved from ChaCha ransomware. It was among the first to combine data encryption with information theft. The operators behind Maze have recently started colluding with other ransomware groups, including LockBit, SunCrypt and Ragnar Locker, providing them with access to their platform for posting stolen victim data. This appears to have led to a reciprocal sharing of tactics, techniques and procedures (TTPs): in the attack covered here the Maze group borrowed a Ragnar Locker technique that involves using virtual machines.
To learn more please download this whitepaper.