Skip to content ↓ | Skip to navigation ↓

Security researchers learned that the Maze digital crime gang is in the process of shutting down its ransomware operations.

Bleeping Computer began hearing rumors of the shutdown in early September 2020.

In an email conversation, a ransomware attacker told the computer self-help site that the Maze gang had stopped encrypting new victims in September 2020 and that it was attempting to compel its existing victims to pay their ransoms in anticipation of winding down its activity.

BleepingComputer told that Maze is shutting down.

Following that conversation, Bleeping Computer reached out to the Maze gang to confirm the rumors. The ransomware attackers responded by telling the site to await a press release.

It wasn’t long thereafter that those responsible for Maze began cleaning up its data leaks site by removing all but two victims whose data had previously been published in their entirety on the portal.

In the meantime, Bleeping Computer learned that many affiliates associated with Maze have since moved over to Egregor, another ransomware gang that shares code, ransom notes and the naming schemes of payment sites with both Maze and Sekhmet.

Maze ransomware made headlines in November 2019 when it was the first crypto-malware strain to steal victims’ unencrypted data before activating its encryption routine. Since then, numerous other ransomware operations have adopted this technique.

The Maze gang went on from there to form an “extortion cartel” in which it shared resources and techniques with some of the attack groups who joined as members.

News of Maze’s shutdown and the exodus of affiliates to Egregor highlights the ongoing dynamism of the ransomware threat landscape. Notwithstanding these changes, one thing remains constant: organizations and users alike need to take steps to protect themselves. One of the best ways they can do that is by working to prevent a ransomware infection from occurring in the first place.