Eastern Europe, Russian Federation
Twisted Spider is the criminal group behind the development and operation of Maze ransomware.
While the ransomware was first observed in May 2019, the group gained notoriety in November 2019 with their brazen attitude toward victims and their willingness to speak with security researchers as they began using Big Game Hunting (BGH) tactics to target organizations and businesses. While other actors have threatened to release data in the past if the ransom wasn’t paid, Twisted Spider has made this act their anthem and created a dedicated leak site (DLS) if victims are unresponsive to the group or refuse to pay ransoms.
Maze ransomware has been observed distributed via exploit kits (EK), spam campaigns, and through acquiring RDP credentials for access. The group is capable of moving laterally and exfiltrating data for extortion. It is likely that Twisted Spider targets victims opportunistically and does not focus on specific sectors.While Maze ransomware could be operated as a ransomware-as-a-service (RaaS), it is more likely that Maze is being operated by a single group based on their interaction with the media and leakage of data at a central location.
On 1 November 2020, Twisted Spider published a press release indicating they were shutting down all operations related to Maze ransomware. It is possible that Twisted Spider—or a subsection of the criminal group—are responsible for the operation of both Egregor and Maze ransomware.
- Gaining initial access via exploit kits, email delivery, or RDP access via open ports
- Use of ChaCha and RSA-2048 encryption algorithms to encrypt file contents
- Sends information about the victim system to a set of IP addresses, encrypted using ChaCha with a hard-coded key and a randomized nonce
- Drops a ransom note in each directory that files have been encrypted named DECRYPT-FILES.txt
United Arab Emirates
- Consulting & Professional Services
- Consumer Goods
- Financial Management & Hedge Funds
- Food and Beverage
- Industrials and Engineering
- NGOs and Nonprofits
- Oil and Gas
- Real Estate
- State & Municipal Government
Crowdstrike Twisted Spider
I have read and accept the terms and conditions