Many Maze affiliates have moved to the operators of a new ransomware called Egregor.
Cybercriminal group Maze stops its malicious activities. According to one of the sources of BleepingComputer, Maze is stopping its work, and has also stopped encrypting new victims since September 2020 and is trying to get ransom payments from the latter. The criminals also began to delete information about their victims, whom they listed on the data breach site.
Many Maze subsidiaries have moved to the operators of a new ransomware called Egregor, sources said. Egregor began operations in mid-September when Maze ceased operations. Presumably, Egregor is the same software as Maze and Sekhmet in that they use the same ransom notes, the same payment site names, and have most of the same code.
The Maze group began operating in May 2019, but only became active in November. Criminals have revolutionized ransomware attacks with double-extortion tactics. In December 2019, they set up a website that listed the latest victim companies who decided to self-repair their computer systems without paying the ransom.
The double extortion method was quickly adopted by other major ransomware operators, including REvil, Clop, DoppelPaymer, who launched their own data breach sites. Maze continued to develop its ransomware operations, partnering with Ragnar Locker and LockBit to share information and tactics.
__________________
Cybercriminal group Maze stops its malicious activities. According to one of the sources of BleepingComputer, Maze is stopping its work, and has also stopped encrypting new victims since September 2020 and is trying to get ransom payments from the latter. The criminals also began to delete information about their victims, whom they listed on the data breach site.
Many Maze subsidiaries have moved to the operators of a new ransomware called Egregor, sources said. Egregor began operations in mid-September when Maze ceased operations. Presumably, Egregor is the same software as Maze and Sekhmet in that they use the same ransom notes, the same payment site names, and have most of the same code.
The Maze group began operating in May 2019, but only became active in November. Criminals have revolutionized ransomware attacks with double-extortion tactics. In December 2019, they set up a website that listed the latest victim companies who decided to self-repair their computer systems without paying the ransom.
The double extortion method was quickly adopted by other major ransomware operators, including REvil, Clop, DoppelPaymer, who launched their own data breach sites. Maze continued to develop its ransomware operations, partnering with Ragnar Locker and LockBit to share information and tactics.
__________________