Security News > 2020 > November > Pioneers of "Double Extortion" Say Maze Ransomware Project is Over
The Maze ransomware group issued a press release on November, 1 2020 announcing, "It is officially closed." Maze was one of the pioneers of 'double extortion' - stealing data before encrypting the victim's files.
It seems to have originated from the discovery of data from competing ransomware groups on the Maze victim shaming website; but now Maze says there was never a cartel.
Jeremy Kennelly, Manager of Analysis at Mandiant Threat Intelligence, told SecurityWeek, "Mandiant has collected significant evidence suggesting that MAZE was operated via a profit-sharing arrangement where multiple discrete criminal groups collaborated to perpetrate their crimes - one group operating the central MAZE infrastructure and various other individuals and teams working together to obtain access to victim networks and deploy MAZE ransomware. Furthermore," he added, "Mandiant has also seen clear cases where named threat actors such as FIN6 have worked with MAZE to monetize intrusions via ransomware distribution."
"Although the official reason for the announcement is unknown, the ransomware market's oversaturation may have motivated the group to cease operations. It's also possible that this is a similar exit strategy we witnessed with GandCrab in 2019. Another variant may emerge to take Maze's place; some operators have reportedly moved to the Egregor ransomware variant. Finally, they may be moving away from Maze to improve their operational security, decreasing the chance of being caught."
"We assess with high confidence," concluded Kennelly, "That many of the individuals and groups that collaborated to enable the MAZE ransomware service will likely to continue to engage in similar operations - either working to support existing ransomware services or supporting novel operations in the future."