The Maze ransomware team, a pioneer in the cybercrime space, claims it is shutting down operations.
Maze gained notoriety in 2019 for stealing data from organizations and demanding ransom for the data to be returned. This made Maze unique as the operators encrypted files on a corporate network with ransomware, making them inaccessible, and also extracted the data and threatened to make the data public if the ransom was not paid.
Maze official press release
The Maze website contained warnings to victims, such as: all information and details of a security breach would be made public, information of value would be sold to other criminals, stock exchanges would be notified of hacks, and stolen data would be used to attack clients and partners.
Graham Cluley (@gcluley) reported on the Maze retirement Monday morning, sharing what the Maze website looks like today:
Their "official press release" declares that their project is closed, but they did include some interesting quotes which appear to blame victims:
"With all your recklessness, unawareness and stupidity you are pushing the the world into it. You are slowly turning into a controllable flock. You would not even notice when you will be tagged with chips or your DNA will be the only way to access the new digital world. As it will be the only place you can leave in, to get paid and consume.
All your technologies are a symbol of your helplessness. Once going to wheelchair a man will not be able to walk again. And once trusting your mind to a technology you won't be able to recover your consciousness. By delegation the part of your conscious activity to machines you won't be able to watch at the reality with the clear eye.
You are calling the ones who are killing your mind as your friends and support. And you also calling the ones who are showing you your weakness as the foes and mobsters. The modern world is confusing the cause and the effect, the good and the evil.
Think about it. Try to prevent it. You think that the modern world is a hell. But it’s just coming and you are doing much for it.
We will be back to you when the world will be transformed. We will return to show you again the errors and mistakes and to get you out of the Maze."
The most intriguing of these quotes is the last one, where Maze operators hint that this is not the end for their team. They will be back "when the world is transformed." Interpret that however you will.
Hacker group returns from retirement
If Maze ransomware were to make a comeback, it would not surprise anyone. They were a successful team in cybercrime, so why quit? They also would not be the first group to retire and make a comeback.
The infamous hacker group known as GandCrab "retired" last year after claiming to bring in more than $2 billion through its efforts.
GandCrab is believed to be a Russian-based group, which sold customized ransomware to other cybercriminals. Their code would scramble data and they would demand ransom to decrypt it. Estimates show they affected more than 1.5 million machines, including hospitals.
Secureworks says that GandCrab returned using a new ransomware strain REvil or Sondinokibi. Researchers have connected the newer attacks to GandCrab because of similar coding, as well as similar mistakes.
The attacks have caused a major disruption to hundreds of dental practices in the U.S. and 22 municipalities in Texas.
Don Smith, the Director of Secureworks Counter Threat Unit, said this regarding GandCrab's comeback:
"We weren't surprised the group resurfaced. GandCrab offered a good return for criminal actors. It's unlikely an existing and proficient group would just walk away from that.
It's possible that they wanted to reduce the overall attention that was focused on the GandCrab 'brand' and have relaunched with a new product."
It makes sense that a successful cybercrime team would want to reduce the amount of attention they receive. What better way to do that then to announce retirement? This is perhaps what we are seeing now with Maze.
Teenage hacker's retirement note
Last year, SecureWorld News covered a story where a teenage hacker, who went by the name TheHackerGiraffe, quickly became a well-known name in the industry only to retire a few weeks later.
TheHackerGiraffe forced 50,000 people to print fliers telling those who found the printout to subscribe to @pewdiepie, which was the #1 YouTube channel in the world for a while.
To follow up the printer stunt, TheHackerGiraffe breached home networks to access Google Chromecast devices and smart TVs—with messages to follow the hacker's favorite YouTuber.
He started to gain a following from around the world, with many asking to be taught how to hack. In response, he created tutorials, but this was short lived.
He posted a hacker retirement notice online, stating close friends had advised him to stop and the anxiety of eventually being caught was keeping him up at night.
"I guess there is a lesson to be learned here, don't fly too close to the sun and then act like you don't know you'll get burned. Well, here I am, burned and roasted, awaiting my maybe-coming end. I thank you all, thank you all so much for the past month. It's been amazing to see all of you who wanted to learn hacking/cybersecurity. Please do push on, don't give up! Stay safe, stay legal, and most of all, be civil.
What will I do now? Probably suffer from this horrible panic for the next few days before I completely lose my mind until either my end comes or this all flies over and I'll probably never touch a computer again."
Did the Maze ransomware operators also fly too close to the sun and are stepping away to let things cool down? And how long will the cool down last?
All we know for now is that the Maze group promised to leave its "customer service" department open for the next 30 days, in case you were previously victimized and your organization wants to pay the ransom.
14-year-old cybercriminal tells his story
Do you ever wonder how criminal hackers get their start? What is their motivation? How do they go from being young people who love technology to getting into a life of crime?
We asked Cam these very questions in a recent SecureWorld podcast episode. It started with MODS (modifications or digital hacks) in the "Call of Duty" video game, and ended with cyberattacks against targets around the world and an arrest while he was walking to school at age 14.
Listen to his story here: