One of the most active and notorious data-stealing ransomware groups, Maze, has announced that it has officially shut down.
The announcement came with a lot of spelling mistakes and published on the website on the dark Web, which is notorious for many things, like child pornography.
In the past several years, it published multiple internal documents from companies, like cybersecurity insurance firm Chubb, Cognizant, pharmaceutical giant ExecuPharm, defense contractor Kimchuk and Tesla and SpaceX parts supplier Visser.
Maze quickly gained popularity and became the preferred tactic of ransomware groups.
Initially, Maze used spam campaigns and kits to infect its victims. However, later it started to use security vulnerabilities to target big companies. Maze used remote desktop and virtual private network server to launch the targeted attacks against the network of the victims.
Some ransoms reached millions of dollars. Maze demanded around $6 million from a Georgia-based wire and cable manufacturer. It also demanded $15 million from an unnamed organization after the group encrypted the network. However, after the COVID-19 pandemic in March, the group promised that it won’t target medical facilities and hospitals.
However, security experts aren’t celebrating yet. Ransome gangs are criminal enterprises that thrive on profit.
Brett Callow, a ransomware expert and threat analyst at the security firm, Emsisoft said that the disbanding leaves questions about Maze’s connections and involvement with other groups.
In its statement, Maze denied that it was a “cartel” of ransomware groups, however, experts disagree with it. Steve Regan, a security researcher at Akamal, stated that Maze posted on its website the data from other ransomware.
Ragan stated, “They claim that they weren’t working together which is wrong. These groups were working on several different levels.”
Jeremy Kennelly at FireEye’s Mandiant threat Intelligence unit stated that, although Maze is dead, its operators aren’t gone.
Kennelly stated, “We access the groups and individuals which enabled maze service to engage in similar operations, either supporting novel future operations or supporting the existing ransomware services.”
Have a tip we should know? email@example.com