NuriLab analyzes Maui ransomware, a file-encryption malware family reported in U.S. advisories as affecting public health and healthcare organizations since 2021. The report says Maui likely spread through X-PopUp, an open-source messenger used by small and mid-sized Korean hospitals, and accepts runtime options for target path, thread count, logging, and self-deletion. Its encryption flow generates per-file AES-256 keys, protects them with RSA-1024 material, overwrites and deletes originals, and stores encrypted data with key metadata. The write-up is useful for defenders tracking Maui file structure, key handling, and recovery constraints.