MAZE (to) shutdown

This threat actor stated that they take part in ransomware attacks by compromising networks and stealing Windows domain credentials. The compromised networks are then passed to affiliates who deploy the ransomware.

The group compromising networks, the affiliate, and ransomware developers then take equal shares of any ransom payments.

As part of our conversation, BleepingComputer was told that Maze was in the process of shutting down its operation, had stopped encrypting new victims in September 2020, and are trying to squeeze the last ransom payments from victims

BleepingComputer told that Maze is shut down

When BleepingComputer reached out to Maze to confirm if they were shutting down, we were told, "You should wait for the press release."

This week, Maze has started to remove victims that they had listed on their data leak site. All that is left on the site are two victims and those who previously and had all of their data published.

The cleaning up of the data leak site indicates that the ransomware operation's shutdown is imminent.

It is not uncommon for ransomware operations to release the master decryption keys when they shut down their operation, as was done with Crysis, TeslaCrypt, and Shade.

BleepingComputer has reached out to Maze to ask if they will release their keys when they shut down their operation but have not heard back.