Maze ransomware gang retires

The Maze ransomware group announced that they have officially closed down their ransomware operation and will no longer be leaking new companies' data on their site.

In a press release, tweeted by the Malware Hunter Team, the Maze team said, "Maze Team Project is announcing it is officially closed. All the links to ou[r] project, using of our brand, our work methods should be considered a scam."

The group answered the "why" and "what for?" of their operation, explaining, "Our world is sinking in the recklessness and indifference, in laziness and stupidity. If you are taking the responsibility for other people['s] money and personal data[,] then try to keep it secure. Until you do that[,] there will be more projects like Maze to remind you about secure data storage."

The ransomware group also noted they would continue to provide support, and that anyone who wants its private information to be deleted from their website, they could contact the Maze support chat. The group, however, stated they would be back: "We will be back to you when the world [has been] transformed. We will return to show you again the errors and mistakes and to get you out of the Maze."

Ms. Jamie Hart, Cyber Threat Intelligence Analyst at Digital Shadows, a San Francisco, Caif.-based provider of digital risk protection solutions, says, "The group stated they would be back, so the Maze threat is likely not finished. Although the official reason for the announcement is unknown, the ransomware market's oversaturation may have motivated the group to cease operations. It's also possible that this is a similar exit strategy we witnessed with GandCrab in 2019. Another variant may emerge to take Maze's place; some operators have reportedly moved to the Egregor ransomware variant. Finally, they may be moving away from Maze to improve their operational security, decreasing the chance of being caught."

Hart adds, "The claim appears legitimate; the site is no longer hosting any new victim organizations, and all previously posted organizations have been archived. However, the press release stated that the group would be back, so the Maze threat is likely not finished. The Maze Group has always referred to their victims as "clients" as if they believed the victim organizations indirectly hired the group as security professionals. It appears the group thinks they are somehow helpful and that the ransom is simply a payment for their "help”.

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?