Maze Ransomware

The infamous Maze ransomware gang has announced they will cease operations, effective immediately. 

On November 1, the hacking group behind several high profile ransomware attacks in 2020 issued a rambling press release, riddled with spelling errors, on the dark web announcing, “it is officially closed.”

“All the links to out [sic] project, using of our brand, our work methods should be considered to be a scam,” the announcement stated. “Our world is sinking in the recklessness and indifference, in laziness and stupidity. If you are taking the responsibility for other people [sic] money and personal data then try to keep it secure.”

“We will be back to you when the world will be transformed,” the announcement concluded. 

Maze is a sophisticated form of malware capable of infecting multiple computers connected to a network while simultaneously exfiltrating data for release on dark websites if a ransom isn’t paid. The developers responsible for the malware also maintained and operated a “customer support” portal where their victims could communicate with them and get help with payment, suggesting a more organized structure than most hacking groups. That being the case, the group denied being part of a “cartel” in its press release, insisting that they worked without “partners or official successors.” 

While unusual, the gang’s announcement of their retirements is not unprecedented; another hacking group called GandCrab officially announced its retirement in 2019 after claiming to have raked in $2 billion in ransom-related profits. The group quickly reformed as Sodinokibi or REvil months later and continues to operate.