Notorious Maze Ransomware Gang Closes Up Shop And Releases Decryption Keys

The Maze announcement certainly has the potential to be helpful to the group’s victims. Having access to the master keys allows security researchers to develop decryptors that victims can use to recover their files for free.

In addition to Maze, keys for the Sekhmet and Egregor ransomware were also released. Egregor was launched by the group in September of 2020, a month before Maze operations were shut down. Sekhmet first appeared in the Spring of 2020.

However, as Christopher Boyd of Malwarebytes Labs reported, decryption tools for all three ransomware strains had already been released. Boyd notes that the inclusion of keys is more of an interesting part of the announcement than a breakthrough for those looking to get their files back.

A Question Of Timing

Last February French and Ukranian law enforcement officials made several arrests connected to Egregor. The arrests followed a period of unexpected downtime of Egregor servers, which some in underground forums believed was a sign that its infrastructure had been compromised by the authorities.

The farewell post makes sure to point out that the decision to shut down once and for all was not made because of the arrests.

The poster claims that this was a planned move and that the group has decided to “never return to this kind of activity.”

It sounds encouraging enough to hear an alleged spokesperson to say that a crew that’s responsible for scores of attacks that targeted law firms, municipalities, construction companies and pretty much any other entity with the ability to pay high-dollar ransoms.

That said, the Maze group already claimed it was riding off into the sunset once. This could turn out to be more of an “until we meet again” than a real “goodbye.”