This year has proved to be an opportune one for threat actors and it has been noticed that several among them have accelerated their malicious activities. While they have been making merry, a prominent ransomware group is in news again, this time providing relief to security personnel around the world.
The news
Maze ransomware has been very proactive in recent times, from creating a ransomware cartel with other malware groups to share information and tactics to introducing a double-extortion tactic to launching a data leak site.
- Researchers discovered that the Maze ransomware group has been preparing to shut down its cybercrime operations from the last six weeks at least.
- The rumors of shutdown are justified by their actions, they have stopped targeting any new victims since September. Furthermore, it has started cleaning up its data leak site and is trying to squeeze the last ransom payments from already compromised victims.
- The rumor was later confirmed by an associated threat actor involved in the earlier Maze attacks that Maze is in the process of shutting down its operations.
Before retiring, Maze collected a few more victims to add to its list.
- Recently the Toledo Public school was targeted by the Maze Ransomware and dumped more than 9GB of compressed data containing confidential and classified student and employee data.
- Fairfax county public schools were also hit with a cyberattack and several hundreds of employee names, social security numbers, and other data were leaked in October.
Since the rumors started doing rounds, several Maze affiliates have started switching over to a newer ransomware operation, called Egregor, which shares the same capabilities as Maze.
No press release has been disseminated regarding any retirement announcement by the Maze group. However, the quick shift of affiliates over to Egregor shows that even when a cybercrime operation shuts down. This indicates that the threat actors affiliated with it might not retire, They might just move on to their next operation.
To read more, please check eScan Blog
