Ransomware
Maze
aka ChaCha ransomware
The ransomware that popularised double extortion — stealing data and threatening to leak it — reshaping the entire ransomware economy before retiring in 2020.
Maze changed ransomware forever. In late 2019 it became the first major operation to steal data before encrypting and threaten to publish it on a public leak site if the victim refused to pay — the double-extortion model now used by nearly every ransomware crew.
Influence
Maze also formed a "cartel," sharing infrastructure and leak space with other groups. Its tactics pressured victims who could otherwise restore from backups, dramatically raising payment rates across the industry.
Retirement
The operators announced a shutdown in November 2020, with personnel and techniques flowing into Egregor and other successors. Campaign history is on Cyber Breaches; an encryptor analysis lives on the Reverse Engineering Hub.
Defense
Assume any ransomware incident is also a data breach; protect backups and watch for large outbound transfers preceding encryption.