Level 55
Top poster
Content Creator
Apr 24, 2016
One of the most active and notorious data-stealing ransomware groups, Maze, says it is “officially closed.”

The announcement came as a waffling statement, riddled with spelling mistakes, and published on its website on the dark web, which for the past year has published vast troves of stolen internal documents and files from the companies it targeted, including Cognizant, cybersecurity insurance firm Chubb, pharmaceutical giant ExecuPharm, Tesla and SpaceX parts supplier Visser, and defense contractor Kimchuk.

Where typical ransomware groups would infect a victim with file-encrypting malware and hold the files for a ransom, Maze gained its notoriety for first exfiltrating a victim’s data and threatening to publish the stolen files unless the ransom was paid.

It quickly became the preferred tactic of ransomware groups, which set up websites — often on the dark web — to leak the files it stole if the victim refused to pay up.

Maze initially used exploit kits and spam campaigns to infect its victims, but later began using known security vulnerabilities to specifically target big name companies. Maze was known to use vulnerable virtual private network (VPN) and remote desktop (RDP) servers to launch targeted attacks against its victim’s network.

Some of the demanded ransoms reached into the millions of dollars. Maze reportedly demanded $6 million from one Georgia-based wire and cable manufacturer, and $15 million from one unnamed organization after the group encrypted its network. But after COVID-19 was declared a pandemic in March, Maze — as well as other ransomware groups — promised to not target hospitals and medical facilities.

But security experts aren’t celebrating just yet. After all, ransomware gangs are still criminal enterprises, many of which are driven by profits.
Read the full article with comments from security experts here at TechCrunch: