The Maze ransomware gang, best known for attacking health care organisations and corporations around the world to extort them by encrypting and threatening to publish their data, claims it has ceased activities.
On a web page written in broken English and published on a site protected by Cloudflare’s reverse proxy network, the ransomware criminals said “Maze Team Project is announcing it is officially closed.”
Maze added that links and use of their name and methods, “should be considered to be a scam”, in an apparent effort to preempt copycats riding on the criminals’ infamy.
As part of the announcement, Maze blamed its many victims for stupidity and poor security practices that allowed the gang’s attacks.
UK-based security industry commentator Graham Cluley expressed doubts as to how sincere Maze were.
“Who is to say if they have really quit or not,” Cluley asked.
“Maybe they have truly given up. I do hope so, but it would be no surprise at all if they turned out not to keep their word.”
Indeed, Maze seems to say that they could be plotting a return.
“We will be back to you when the world will be transformed [sic],” the group wrote in what they called their “official press release”.
“We will return to show you again the errors and mistakes and to get you out of the Maze.”
As of recently, Maze – which claims to only use its own software – has had to resort to borrowed techniques from other ransomware criminals, after security vendors improved their endpoint protection and foiled many of their attacks.
Cybersecurity expert The Grugq speculated that Maze might be feeling the heat from officialdom after some high-profile attacks this year.
“Well. I have a guess that ransomware is getting a bit hotter now,” The Grugq told iTnews.
“The recent hospital attacks freaked out some US triple letters, and there was the Treasury notice [outlawing] payments [to the groups], etc.
“Maybe they’re just getting out before it gets too dangerous,” the security researcher said.