Maze ransomware spree continues amid advisories from French, FBI officials

Officials have tied at least some of the Maze attacks to a group known only as TA-2101.

Roughly a month after the FBI advised U.S. companies to protect themselves against a pernicious strain of ransomware, hackers have continued to attack victims and threaten to publicize their private information.

A hacking group deploying Maze ransomware has used a network of websites to publicly identify organizations it claimed to hack, and which of them refused to pay a ransom.

In one recent note, the group said it would release confidential data if three small law firms based in South Dakota didn’t meet their demands. While it remains unclear if the Maze group has made any information public in this case, this incident only is the latest example of scammers promising to publish data, rather than leaving it encrypted or deleting it outright.

A French government cybersecurity agency on Wednesday published a Maze alert suggesting TA-2101, a hacker group which previously targeted German government agencies and U.S. tax professionals, was behind a spate of recent ransomware attacks.


In an alert at the end of December, the FBI issued a private sector bulletin warning that Maze hackers were impersonating government agencies, well-known security vendors and other seemingly trustworthy organizations to infiltrate victim networks. Maze emerged as a serious issue for U.S. organizations in November, the FBI said, becoming the latest in a long line of ransomware strains to torment companies and government bodies.

Since then, Maze attackers breached a number of medical providers throughout the U.S. In one case, hackers demanded the equivalent of $832,880 from a New Jersey laboratory company to unlock stolen files, and additional payment of $832,880 to delete that data, according to Health IT Security. During that process, Maze published 9.5 GB of information belonging to the company.

In December, Georgia-based cable and wire manufacturer Southwire filed a lawsuit against unnamed Maze hackers, which forced the takedown of a website that Maze used to distribute hacked information. The site, a variation on the name “mazenews,” disappeared, though victims’ relief would have been short lived as other sites, hosted on servers outside U.S. jurisdiction in China and Singapore, surfaced within days.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts