Maze Ransomware Group Shuts Down But is the Threat Still Real?

cyber security hacker in clown mask

Maze Ransomware Group Shuts Down But is the Threat Still Real?

The Maze ransomware group, notorious for high profile data stealing, has announced it is closing its doors. The bizarre announcement (spelling mistakes included) made on their site using the dark web states “The Maze Team Project is announcing it is officially closed. All the links out to project, using of our brand, our work methods should be considered a scam”.

It goes on to say “The Maze Cartel was never exists and is not existing now. It can be found only inside the heads of the journalists who wrote about it”. But who were they and is this really the end?

Who are the Maze Ransomware Group?

The Maze ransomware group became known in 2019 after a series of high-profile attacks and threats to expose sensitive files from large organisations on the net. The Maze ransomware group were the first to blackmail users with threats to publish the victim’s data and information online, unless a ransom was paid.

Prior to this, ransomware groups would typically encrypt files with malware and then use ransom demands in order for the victim having to pay to get the files back. In this case the victim could either pay the money or risk losing the file and have to clear up the mess the cyber attacker caused.

The Maze ransomware group took this way of working a step further with the threat of publishing the sensitive and personal files online.

Organisations that have had documents published online include Canon, LG, Xerox, Southwire, Cognizant, Pensacola city government, the big pharmaceutical company ExecuPharm, Chubb cyber security, Tesla, Visser and many more.

This double layered tactic quickly became popular with other ransomware groups on the dark web, who again, used the threat of publishing files online to receive huge amounts of money from ransom. A wire manufacturer in Georgia was claimed to have been threatened to pay $6 million USD, even going up to $15 million USD for another unnamed organisation.

The Maze ransomware group’s earlier attacks consisted of exploit kits and various spam operations to take advantage of unsuspecting users. They then began to step up their game and specifically target high profile organisations, using virtual private networks (VPN) and remote desktop (RDP) servers to find vulnerabilities in big-brand companies. Failure to pay the ransom would end with large amounts of files being uploaded to the dark web, including personal information on employees and internal source codes.

man working on 2 laptops

Is the Maze Ransomware Group Really Shutting Down?

In their closing down statement, the Maze ransomware group says “Our world is shrinking in the recklessness and indifference, in laziness and stupidity. If you are taking the responsibility for other people money and personal data then try to keep it secure. Until you do that there will be more projects like Maze to remind you about secure data storage”. The group could indeed have made enough money for them to be able to shut down and close all operations, but as this statement suggests, ‘there will be more projects like Maze’.

The Maze group ran on an affiliate operation, meaning individual threat actors were able to cash in on a small percentage of the rewards. Maze affiliates are likely to simply move on to other ransomware groups, such as Egregor, thought to be a by-product of the Maze ransomware group.

This same group were emerging just as reports were starting to circulate around the closure of the Maze group- coincidence? Probably not. These ransomware criminals are likely to move on to better opportunities and the Maze group could potentially just be rebranding. There is no way to tell for sure. What we do know is that when one group shuts down, another one will open.

keyboard lit up in blue light

What New Threats are on the Rise?

With remote working becoming ever popular the risks of unsecure domains, weak passwords, more data sharing over the cloud, unprotected remote desktop protocol (RDP) and VPN’s, phishing attacks and malware threats are all on the rise.

Phishing attacks are becoming more sophisticated, fake COVID-19 related sites and scams are on the increase, networks are becoming less secure with people working from their kitchen tables and ransomware tactics are evolving.

The sophistication of such attacks is only ever going to increase, and cyber attackers will always be evolving their techniques. The time to update your security system is now.

At Cube Cyber we have a knowledgeable team of cyber experts to help you and your business. We have helped many organisations implement cost effective and advanced cyber security, to help stop these kinds of attacks.

For more information please get a quote with us today.



Which Industries Are Most Vulnerable to Cyber Attacks in 2021?
Phishing Attacks: What Exactly Are They?