Recently, the Maze ransomware gang has announced that they are shutting down their ransomware operation. The group said that “Maze Team Project is announcing it is officially closed,” and that it had no partners or official successors, and appeared to confirm that the news website to which it posted details and leaked data from its various attacks would not be updated going forward.
The Maze group was one of the first to use the “double extortion method” of not just encrypting files, but also stealing the data and threatening to release it publicly if the ransom was not paid. The double extortion tactics pioneered by the Maze gang have spread far and wide among the gang’s peers, including the operators of ReVIL/Sodinokibi and Avaddon.
So, is it possible that the Maze group is really “retiring?” Earlier this year, Maze had announced that they would not target the healthcare sector with ransomware due to the COVID-19 pandemic. Not long after that announcement, it was discovered that Maze attacked Hammersmith Medicines Research, a British company that was to perform the medical trials on any COVID-19 vaccine. Malware Bytes is also skeptical about the latest announcement: “history has shown us that when a crime group decides to close its doors, it’s rarely because the criminals have seen the error of their ways and it’s more often due to a new, more powerful threat that the threat actors would prefer to use.”
Even if the news is true about Maze, there are other ransomware cartels out there ready to pick up the slack. ZDNet reports that clients of Maze are now turning to Egregor, a spin-off of Ransom.Sekhmet. An analysis conducted by Appgate shows that Egregor has been active since mid-September, and in this time, has been linked to alleged attacks against organizations including GEFCO and Barnes & Noble. The fact that Maze is “retiring” doesn’t mean that ransomware is going to go away. And if Malware Bytes’ prediction comes true, we could see something more devastating coming in the area of cyber crime.
The best ways to prevent ransomware still involve cyber awareness training, patch management, using security tools, and backing up all sensitive data securely off-site. If your organization is struggling with a ransomware protection plan, contact Uzado today.