A Malware Researcher's Guide to Reversing Maze Ransomware
At the end of May 2019, a new family of ransomware called Maze emerged into the gaping void left by the demise of the GandCrab ransomware.
Unlike run-of-the-mill commercial ransomware, Maze authors implemented a data theft mechanism to exfiltrate information from compromised systems. This information is used as leverage for payment and to transform an operational issue into a data breach.
In November 2019, the Bitdefender Active Threat Control team spotted spikes in reports of the ‘random’ process name being blocked from escalating privileges, by the Bitdefender Anti-Exploit module. We were curious about the executable, and how it tried to achieve System privileges.
Further investigation revealed that the process belongs to the Maze/ChaCha ransomware, so we took a deeper look.
We documented our findings in a whitepaper that attempts to shed some light on how Maze performs evasion, exploitation,obfuscation and finally, system encryption.
Sounds interesting? Download the whitepaper using the link below:
Vulnerabilities Identified in Wyze Cam IoT Device
March 29, 2022
New FluBot and TeaBot Global Malware Campaigns Discovered
January 26, 2022
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately
December 10, 2021
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
November 08, 2021
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
September 16, 2021
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021