Maze Ransomware Group, Infamous for Adding Doxxing Threats To Attacks, Announces It Is Shutting Down Its Cyber Crime Operation
The Maze ransomware gang made news in 2019 when it became the first high-profile hacking group to exfiltrate sensitive files from victims and threaten to publish them if the ransom was not paid. The group has recently contacted select cybersecurity journalists to announce that it is formally winding down its cyber crime operation, having ceased attacking new targets since September.
While this is nominally good news, it’s certainly not the end of Maze-style ransomware and also most likely not the end of the criminal careers of the hackers behind it.
Before Maze began its cyber crime operation in May of 2019, a ransomware attack was a relatively straightforward thing. You could risk paying the ransom demands in return for the keys, something that actually happened with fair frequency given that it was a solid business strategy for hackers. But if you had a regular and robust backup system, you might not need to bother. In either case, one could opt to ignore the attackers with the only fallout being the need to somehow restore the network.
The Maze ransomware added a significant layer of complication. The Maze group would first steal copies of files from targets before encrypting them; not unusual, but Maze added the unique twist of threatening to publish sensitive information on its own website if the ransom was not paid. The cyber crime operation published large amounts of documents filched from Xerox, LG, Southwire, Canon and the city government of Pensacola among other targets that refused to pay up. Maze would often publish tens of gigabytes of these files on its dark web “leak site” Maze News in retaliation for a failure to pay the ransom by a specified deadline. Sensitive information that it published included employee information files, proprietary information about products and internal source code.