Maze ransomware gang retires

November 3, 2020

The Maze ransomware group announced that they have officially closed down their ransomware operation and will no longer be leaking new companies' data on their site.

In a press release, tweeted by the Malware Hunter Team, the Maze team said, "Maze Team Project is announcing it is officially closed. All the links to ou[r] project, using of our brand, our work methods should be considered a scam."

The group answered the "why" and "what for?" of their operation, explaining, "Our world is sinking in the recklessness and indifference, in laziness and stupidity. If you are taking the responsibility for other people['s] money and personal data[,] then try to keep it secure. Until you do that[,] there will be more projects like Maze to remind you about secure data storage."

The ransomware group also noted they would continue to provide support, and that anyone who wants its private information to be deleted from their website, they could contact the Maze support chat. The group, however, stated they would be back: "We will be back to you when the world [has been] transformed. We will return to show you again the errors and mistakes and to get you out of the Maze."

Ms. Jamie Hart, Cyber Threat Intelligence Analyst at Digital Shadows, a San Francisco, Caif.-based provider of digital risk protection solutions, says, "The group stated they would be back, so the Maze threat is likely not finished. Although the official reason for the announcement is unknown, the ransomware market's oversaturation may have motivated the group to cease operations. It's also possible that this is a similar exit strategy we witnessed with GandCrab in 2019. Another variant may emerge to take Maze's place; some operators have reportedly moved to the Egregor ransomware variant. Finally, they may be moving away from Maze to improve their operational security, decreasing the chance of being caught."

Hart adds, "The claim appears legitimate; the site is no longer hosting any new victim organizations, and all previously posted organizations have been archived. However, the press release stated that the group would be back, so the Maze threat is likely not finished. The Maze Group has always referred to their victims as "clients" as if they believed the victim organizations indirectly hired the group as security professionals. It appears the group thinks they are somehow helpful and that the ransom is simply a payment for their "help”.

Maria Henriquez joined Security Magazine in 2019 as its Associate Editor. Since then, she has been covering the security industry and reporting on issues affecting enterprise security leaders, to include cybersecurity, leadership and management, risk and resilience and more. Within her role at Security, she works to produce stories for the monthly issue, Newswire articles, Web Exclusive features, as well as manage social media, the 5 minutes with series, and the Today’s Cybersecurity Leader and Security enewsletter. She graduated from the University of Illinois at Urbana-Champaign with a bachelor’s in English and Creative Writing.

Microsoft’s Edna Conway, Chief Security and Risk Officer of Azure, will lead this session and provide a real-world, tangible approach to address security and resilience to support you in your journey to operational resilience.

Protecting employees from potential exposure could be a daunting task, but with the right property technology, your office space can become an interactive and responsive asset that helps you ensure new health protocol compliance.