29 October 2020

Maze ransomware gang prepares for shut down


Maze ransomware gang prepares for shut down

Cybercriminals behind the Maze ransomware operation are closing down their service. In September 2020, one of the most prominent players in the ransomware field had stopped attacking new targets and is now deleting the victims from its leak site, Bleeping Computer reports.

The Maze ransomware gang, which has been active since May 2019, has become the first group using so called double-extortion tactic, which involves stealing the victim’s data before encrypting the files and releasing the data if the ransom is not paid. The group’s track record includes highly recognized names such as Southwire, City of Pensacola, Canon, LG Electronics, Xerox, and others.

The double-extortion technique has quickly spread among other ransomware operations - REvil, Clop, and DoppelPaymer, to name a few, who established their own leak sites.

Last month, rumors appeared that the Maze ransomware gang is shutting down their operations. This was later confirmed to Bleeping Computer by a threat actor involved in the Barnes & Noble cyber-attack which occurred mid-October. According to the source, the Maze group had stopped encrypting new victims in September 2020, and is now trying to get the last payments from their victims.

When asked for confirmation, the Maze ransomware gang said “You should wait for the press release.”

Maze has already started to remove victims that they had listed on their data leak site. At a present, there are two victims on the leak site and those who previously and had all of their data released.

However, the demise of Maze does not necessarily mean that cybercriminals involved in the ransomware operation will cease their activity. In fact, many Maze affiliates have switched over to a newer ransomware operation dubbed Egregor, which appeared in mid-September and quickly became very active.

Back to the list

Latest Posts

Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak

Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak

An employee of the Albert Einstein Hospital uploaded on his personal GitHub account a spreadsheet containing usernames, passwords, and access keys to electronic systems of the Ministry of Health.
27 November 2020
Sophos security breach exposes customers’ data

Sophos security breach exposes customers’ data

The company said that the incident affected "only a small subset of customers."
27 November 2020
3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

3 Nigerian BEC scammers arrested for targeting thousands of companies across the globe

The gang is believed to have compromised more than 500,000 government and private sector companies in more than 150 countries since 2017.
26 November 2020