11-03-2020 , 12:01 PM
Quote:The notorious Maze ransomware group claims to be shutting down operations in an announcement published on their website. The group is one of the most active data stealing ransomware groups. Yet the group claims they did not setup operations to extort businesses for financial gain. Rather to highlight the lax security measures utilized by their victims.
Maze Ransomware’s History
Maze began operations in May 2019 as yet another ransomware group infecting victims with file-encrypting malware. However, Maze became infamous towards the end of the same year for being the first ransomware group to exfiltrate data. The group was the first to steal victims’ data before encrypting it and then leaking it online if they didn’t pay the ransom. Since then, many other ransomware groups have copied this double extortion technique, including REvil, Nemty, Ryuk and Clop.
Maze initially used spam campaigns to infect victims. However, later it started using known security vulnerabilities to specifically target well-known large organizations such as Chub Insurance. Maze is known for using vulnerabilities in VPNs and the Remote Desktop Protocol (RDP) to launch targeted attacks. According to research conducted by FireEye, there have been more than 100 Maze victims in the past year alone. Furthermore, the group have targeted virtually every geographic region and industry sector.
Then in June 2020, the group went on to form a cartel with fellow ransomware groups LockBit, RagnarLocker and SunCrypt. Experts believe that the Maze ransomware group shared resources as well as attack techniques and expertise with cartel members. However, in an announcement written in broken English and published yesterday on their website, the group denied the cartel had ever existed. This is despite Maze having referred to themselves as a cartel in the past.
“We never had partners or official successors. Our specialists do not works with any other software. Nobody and never will be able to host new partners at our news website. The Maze cartel was never exists and is not existing now. It can be found only inside the heads of the journalists who wrote about it,” the group stated.
The Announcement
In September 2020 rumors started surfacing that the Maze ransomware group was shutting down operations. Not long after reports appeared stating that Maze had stopped encrypting new victims and were cleaning up their website. Data stolen by Maze was being removed from their website and was thus no longer available on the dark web.
Source : https://vpnoverview.com/news/maze-ransom...perations/