Maze ransomware gang shuts down operations, states their press release

The Maze ransomware operators finally announced that they have officially shut down their operations and denies the creation of a cartel.

Today the Maze ransomware gang announced that they have officially shut down their operations, the news was anticipated last week.

The cybercrime gang announced that it will no longer leak data of new companies infected with their ransomware.

it was considered one of the most prominent and active ransomware crew since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019.

At the end of 2019, the Maze ransomware implemented data harvesting capabilities and started threatening the victims to release the stolen data for all those victims who refuse to pay the ransom.

The operators behind the Maze ransomware set up a leak site, dubbed Maze News, where they were publishing the list of the companies that allegedly refused to pay the ransom.

The leak site contains for each victim the data related to the infection, including the date of the attack, some stolen documents (Office, text and PDF files), the size of stolen data, and the list of IP addresses and machine names of the infected servers.

The Maze News site was also and used to publish press releases for the activities of the group.

Today, Maze operators released a press release on their site, the message titled “The Project is closed” warns that any other ransomware operation that will abuse its brand must be considered a scam.

“Maze Team Project is announcing it is officially closed.
All the links to out project, using of our brand, our work methods should be considered to be a scam.

We never had partners or official successors. Our specialists do not works with any other software. Nobody and never will be able to host new partners at our news website. The Maze cartel was never exists and is not existing now. It can be found only inside the heads of the journalists who wrote about it.”

The list of victims of the gang is long and includes the Steel sheet giant Hoa Sen Group, Southwire, Canon, LG Electronics, Xerox, and City of Pensacola. 

Malware researchers that collaborate with Bleeping Computer first speculated that other malware, such as Egregor and Sekhmet ransomware borrows the code from Maze ransomware.

Since May, 2020, the Maze gang also started publishing information stolen from a different ransomware operation called LockBit, a circumstance that suggested the creation of a cartel with other gangs.

The press release published by Maze pointed out that ‘Maze Cartel only existed inside the heads of journalists who wrote about it.’

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Maze ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]