Does Maze ransomware shutting down operations mean anything?

Share on facebook
Share on twitter
Share on linkedin
Share on email

The cybercriminals behind the Maze ransomware appear to be closing up shop according to several reports – but does this mean an end to its extortion tactics? Probably not.

As reported by BleepingComputer the group behind Maze stopped encrypting new victims as far back as September 2020. This is according to an attacker who claimed to be involved in a hack of Barnes and Noble in the US last month.

That same attacker told BleepingComputer that the group is winding down its operations and data being removed from the ransomware operation’s website seem to point to this being real.

This news was confirmed by Maze itself which wrote, “Maze Team Project is announcing it is officially closed. All the links to out [sic] project, using of our brand, our work methods should be considered to be a scam.”

But this group of cybercriminals closing up this shop is not like Apple deciding Fortnite shouldn’t be on the App Store.

Many of the Maze affiliates are moving to another ransomware operation called Egregor. It’s believed that Egregor uses the same software as Maze and Sekhmet ransomware with similar notes, payment site naming and code-base.

So Maze isn’t exactly shutting down and instead evolving. That sounds frightening.

With the fear of a deity within us, incident response manager at Sophos Rapid Response, Peter Mackenzie, says that businesses must not become complacent with this news.

“We’ve seen it all before and this is likely to be more of a revolving door than a dramatic exit. In June 2019, the operators behind GrandCab announced their retirement and all its affiliates moved to REvil; now the Maze affiliates are apparently moving across to a new group, Egregor, which according to public reports has access to Maze tools and infrastructure. They may even share some of the same operators,” wrote Mackenzie.

“Organisations will not be any safer than they were before. They need to stay focused not on who attacks them but how – and to continue to bolster their defenses against cyberthreats of all kinds, regardless of where they come from,” the manager advises.

And Maze was quick to point out the same thing, albeit with a bit more bite.

“Our world is sinking in the recklessness and indifference, in laziness and stupidity. If you are taking the responsibility for other people money and personal data then try to keep it secure. Until you do that there will be more projects like Maze to remind you about secure data storage,” the group wrote.

We couldn’t have said it better ourselves.

Maze press release regarding shut down of operations.

[Image – CC 0 Pixabay]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.