Maze Ransomware and its Various Campaigns Continue to Threaten the Cyber World – Disposable mail news

Ever since this year began, the Maze ransomware has been hitting headlines. Recently researchers discovered more samples of Maze in numerous industries making it one of the major threats for the cyber-world.

Another form of the “ChaCha” ransomware, Maze surfaced in mid-2019 and has been wreaking havoc ever since, across continents and any organization it could get it hands-on.

Per sources, Maze is most usually dispensed by way of emails loaded with malicious Exel and Word attachments. But that’s not the only method of distribution.

According to reports, cyber-criminals also use “exploit kits” by the name of “Spelevo”. Sources mention that in previous cases it has been used to exploit Flash Player vulnerabilities, CVE-2018-15982 and CVE-2018-4878. Other exploits that Maze has abused include CVE-2018-8174 (Internet Explorer) and CVE-2018-1150 (Pulse VPN).

Maze ransomware initially tries to get a strong idea of the target device’s internal surroundings and begins to create a place for itself. Once that’s done it tries to access user privileges to carry lateral movements and kick start the file encryption throughout drives. But, before the encryption, files are exfiltrated so as to be used for future compulsion in any way possible.

If the security system of a device isn’t laden with necessary protective gauges it could possibly crash completely under the pressure of Maze ransomware. The infection could put sensitive information at large and incapacitate operations almost killing the company’s finances.

Per sources, Maze ransomware has shown its hold across industries like construction, education, energy, finance, government, healthcare, hospitality, law, life sciences, media and communications, pharma, technology, and telecommunications. McAfee, in March, made available a detailed report about the Maze ransomware.

According to a report, there’s an “Anti-Ransomware Protection module” which hunts ransomware related encryption-based activities. It allows users to keep track of the activities.

Per sources, lately, Maze ransomware was spotted compromising several IT service providers. It also set up a footing in another victim device’s network via insecure Remote Desktop Protocol or by using brute-force on the account of the local administrator.
Cloud backups too aren’t safe from the Maze ransomware because they are widely tracked on the vulnerable networks. With the login credentials, all backed-up data could be sent to the threat-actors via a server under their control.

The solution for any such occurrences is as repetitive as ever; stronger security mechanisms, better passwords especially remote systems with remote access possibilities and of course, heftier protection measures.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Maze Ransomware: What you need to know and How to protect from being hit by Maze! – Disposable mail news


Cognizant Technology Solutions Corp., an IT giant with 3000 employees was recently hit by a strain of sophisticated Windows Ransomware called Maze, encrypting its systems and threatening to make its data public if they don’t pay the supposed ransom.

is particular malware is proving to be quite lethal and is making headlines every week with their new victim. It has spread quite a disarray and chaos not only in the IT sector but even in other companies and firms which deal with sensitive user data. Maze, also known as “ChaCha Ransomware”, was first discovered in May 2019 and started attacking firms by encrypting files and blackmailing them by exposing their data to the public. It attacked Andrew Agencies in October then the city of Pensacola, US Insurance Company Chubb, the leading cable manufacturer Southwire Company (America), Medical Diagnostic Laboratories (MDLabs), Manitoba Law Firm (Canada) and now Cognizant.

How is it more Different and Lethal than other Ransomware? 

There have been other malware that encrypt files and demand ransom but what makes Maze more dangerous is that it encrypts the system and steal the data and export it to hackers or threaten to release it on their own website (yes, they have a website where they publish their new victim and their data) if the ransom is not paid thus it’s not just a malware attack but a fusion of ransomware attack and data breach.

So, the previous tactics like keeping backups and restoring backups and running again fail for Maze as they have your data and can use it maliciously.

How does it infect? 

This ransomware has been seen to use various ways to infect computers like emails, attachments, links, exploiting passwords, and even exploit kits like Fallout and Spelevo. After infiltrating the system it uses two different ciphers (RSA+ChaCha20) to encrypt files. When the file is successfully encrypted it adds more random extensions with 6-7 charts (For Example-“.rC0syGH”, “.DL1fZE”).

How to protect from Maze Ransomware?

Though Backups don’t do much with Maze, you should still deploy secure offsite backups, running up-to-date security measures and solutions and employee training in installing strong passwords and identifying unsecure and spam email attachments and files.

Most corporate use AppData to run the program and most malware like Maze, MedusaLocker, Sage exploit this and run files from here (AppData). Instead, if we install software from program files only administrators can install/copy files and since malware won’t have the license and permission, they won’t be able to run.

Even Chrome and Microsoft Teams are installed in AppData Local, instead, they should be installed from program files.
Using software like “Ransomware Defender”, where AppData, User Profiles, and this kind of folders are blocked and blacklisted and provides for strong protection against ransomware like Maze.

Windows users can install ‘Ransomware Defender’ by clicking here. 


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Double Extortion- A Ransomware Tactic That Leaves The Victims With No Choice! – Disposable mail news

In addition to all the reasons ransomware were already dangerous and compulsive, there’s another one that the recent operators are employing to scare the wits out of their targets.

Cyber-criminals now tend to be threatening their victims with publishing and compromising their stolen data if the ransom doesn’t get paid or any other conditions aren’t followed through with.

The tactic in question is referred to as “Double Extortion” and quite aptly so. Per sources, its usage emerged in the latter half of 2019 apparently in use, by the Sodinokibi, DopplePaymer and Clop ransomware families.

Double extortion is all about doubling the malicious impact a normal ransomware attack could create. So the cyber-criminals try and stack up all sorts of pressure on the victims in the form of leaked information on the dark web, etc.

They just want to make sure that the victims are left with no other option but to pay the ransom and meet all the conditions of the attack, no matter how outrageous they are.

The pattern of Double Extortion was tracked after a well-known security staffing company from America experienced the “Maze ransomware” attack and didn’t pay up the 300 Bitcoin which totaled up to $2.3 Million. Even after they were threatened that their stolen email data and domain name certificates would be used for impersonating the company!

Per sources, all of the threatening wasn’t without proof. The attackers released 700 MB of data which allegedly was only 10% of what they had wrested from the company! And what’s more, they HIKED the ransom demand by 50%!

According to sources, the Maze ransomware group has a website especially fabricated to release data of the disobliging organizations and parties that don’t accept their highly interesting “deals” in exchange for the data.

Reportedly, ranging from extra sensitive to averagely confidential data of dozens of companies and firms from all the industries has found its way to the Maze ransomware website.

Clearly impressed by it many other operators of similar intentions opened up their own versions of the above-mentioned website to carry forward their “business” of threatening companies for digital currency and whatnot! They sure seem to have a good sense of humor because per sources the blog names are the likes of “Happy Blog”.

Per reports, the Sodinokibi ransomware bullied to leak a complete database from the global currency exchange, Travelex. The company had to pay $2.3 Million worth Bitcoin to get the attackers to bring their company back online.

Per reports of the researchers, the attackers would always release some kind of proof that they have the extremely valuable data of the company, before publishing it, to give the company a fair chance at paying up the ransom demanded.

Usually, these attacks are a win-win for the attackers and a “lose-lose” for the victims because if they decide not to pay up they would be putting their company in a very dangerous situation with all the valuable data compromised online for anyone to exploit, they would have to report the breach and they would have to pay a considerably high fine to the data privacy regulator. And if they pay up, they would be losing a giant plop of money! And sadly the latter feels like a better option.

Hospitals happen to be the organizations that are the most vulnerable to these attacks because of all the sensitive health-related data their databases are jam-packed with on any other day and additionally due to the Coronavirus outbreak.

The organizations could always follow the most widely adapted multi-layered security measures for keeping their data safe obviously including updating systems, keeping backups and keeping data protected in any way they possibly can.

The most conscientious gangs of the many ransomware families, per sources, have promised to not attack hospitals amidst this pandemic. But that doesn’t stop the other mal-actors from employing cyber-attacks.

The cyber-crime forecasters have mentioned that the year 2020 would be quite a difficult year for these organizations what with the lock-down and no easier (malicious) way to earn money, apparently? Food for thought!


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Law Firms in Manitoba at a virtual standstill after being attacked by Maze ransomware! – Disposable mail news

Two law firms of Manitoba Law society have been hit by ransomware named Maze locking up their whole system and even their cloud backups in demand of a large sum of ransom.

 “At this point, we do not know when or if they will ever regain complete access to their kidnapped data,” the Law Society of Manitoba said in a statement. 

The law firms have been asked to give “an enormous ransom” (exact numbers not specified by the firms) if they want their data and system back but for a law firm, the greatest danger lies in unlawful access to all that sensitive data of hundreds of cases. The ransomware Maze is popular for finding sensitive data and use it to blackmail their victim by threatening to release it to the public and for a law firm it could lead to grave consequences for their clients.

Though they are not exactly sure how the computer system was infected by the malware, the firm suspects it was one of the employees that clicked on a link that downloaded the malicious file.


 “It is suspected that someone clicked on a link or an attachment in an email that was infected with a virus which in turn infected the firms’ entire systems,” read a notice on the society’s website.

Kristin Dangerfield, the chief executive officer of the Law Society of Manitoba says that this isn’t the first time they are attacked but coming down with a problem like this during COVID-19 lock-down creates quite some issues in resolving this attack.
“At any time this would be a challenge, but in this environment, even more so,” Dangerfield said.

She neither commented on naming the attacked firms nor she said if they would pay the ransom.
“It would be inappropriate for us to do that and we expect the firms to notify their clients directly,” Dangerfield said.

These types of attacks are quite common in law firms as they contain important and sensitive data of their client that could be devastating if released in public. It’s better to invest in proper security measures and employee training to protect their data then to spend in finding solutions later.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.