Maze Ransomware Group Announced Retirement, Likely To Come Back


The notorious Maze Ransomware Group has recently announced on a dark web platform that it is ceasing its operations. However, it is not yet clear for how long they will not operate or how severe their decision is.

The announcement on the dark web platform from the Maze Ransomware Group said, “Maze Team Project is announcing it’s officially closed. All the links to outside [sic] jobs, with our brand, our work methods should be thought of as a scam.”

Most of the time these types of announcements are barely true and that sometimes they make no sense at all. The Maze Ransomware Group also claimed that they never really existed and that it is found in the brain of the journalists who did write about it. 

The concept that the group has claimed, is fake. Instead, it can state that they did not exist as a formal group or cartel. It is known that whatever form they took, the group was credited for dozens of the attacks demanding heavy ransom. The ransomware group has deliberately gained popularity on account when they stole data and did not receive the ransoms.

The Maze ransomware surfaced the zone back in May 2019 when it was known as a variant of ChaCha ransomware. The ransomware had been known to exploit the Virtual Private Network (VPN) as well as the Remote Desktop Servers (RDP) for launching the targeted attacks against the victim’s networks. Maze became well known for its method of data breach through exfiltration where after they demanded hefty ransom, created websites on the dark web and leaked files on victim’s refusal to provide the demanded ransom.

Some of the top victims of the Maze Ransomware Group that needs mention in this regard are:

  • Cognizant Technology Solutions Corp
  • Chubb Group Holdings Inc. (Ransomware attack in April)
  • Hammersmith Medicines Research Ltd. (Ransomware attack on the 26th of March)
  • A firm creating vaccines for COVID-19 (Ransomware attack on the 22nd of March)
  • VT San Antonio Airspace
  • Canon
  • LG Electronics
  • Visser
  • Xerox

Whatsoever, the security researchers are purely skeptical regarding this statement.

“The group said they would return, so the Maze threat is probably not ended,” Jamie Hart, cyber threat intelligence analyst at digital risk firm Digital Shadows Ltd. told SiliconANGLE. “Though the official reason for the statement is unknown, the ransomware marketplaces oversaturation may have prompted the group to stop operations. Additionally, this may be an identical exit strategy we saw with GandCrab in 2019.”

The security researchers expect a new version of the ransomware to replace the existing Maze Ransomware Group. Jamie added that this is possible as some of the operators have shifted into the Egregor ransomware version. It may move away from the Maze ransomware for enhancing the operational safety whereas decreasing the scope of being caught.

“The claim seems legitimate; the website is no longer hosting any new victim organizations, and all previously posted organizations are archived,” Hart said. “The Maze Group has always known their victims as customers’ as if they thought that the victim organizations hired the team as security professionals. It seems the group thinks they’re somehow valuable and the ransom is only payment for their help.”

A security research senior director at a cybersecurity solutions firm has noted that  “offenders do not only have an epiphany and stop being criminals overnight. They shut down an operation once the return on their investment falls below the costs of conducting the ‘program’ or when they’re going to get caught. This is not any different.”

Bailey mentions that the Maze Ransomware Group is solely switching to something latest like Egregor.

“This is similar to this one furniture store in town that’s going out of business every couple of months just to reopen with a new name but with the exact people and merchandise,” he said.

Source: Dark Web Magazine

Disclaimer: Read the complete disclaimer here.



Please enter your comment!
Please enter your name here