The Maze cybercrime gang is shutting down its operations, it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019.
At the end of 2019, the Maze ransomware implemented data harvesting capabilities and started threatening the victims to release the stolen data for all those victims who refuse to pay the ransom.
The operators behind the Maze ransomware set up a leak site, dubbed Maze News, where they were publishing the list of the companies that allegedly refused to pay the ransom.
The leak site contains for each victim the data related to the infection, including the date of the attack, some stolen documents (Office, text and PDF files), the size of stolen data, and the list of IP addresses and machine names of the infected servers.
The Maze News site was also and used to publish press releases for the activities of the group.
According to BleepingComputer, Maze had stopped encrypting new victims since September 2020 and is collecting the last ransom payments from victims.
This week, Maze has started to remove victims from their data leak site except for two organizations that already had all of their data published.
At the time it is not clear if Maze operators plan to release the keys to allow its victims to decrypt their files after they shut down the operations.
BleepingComputer speculates that Maze affiliates have switched to the Egregor operations, the gang that recently hit the game developer Crytek and leaked files allegedly stolen from the systems of the gaming firm Ubisoft.
“Egregor is believed to be the same underlying software as both Maze and Sekhmet as they utilize the same ransom notes, similar payment site naming, and share much of the same code.” states BleepingComputer.
“This was also confirmed by a ransomware threat actor who stated that Maze, Sekhmet, and Egregor were the same software.”
(SecurityAffairs – hacking, Maze)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.