MAZE, a “famous” and active Criminal Hacker group notorious for its Ransomware attacks that made even multinational corporations tremble — has officially decided to close its doors. At the end of last year, MAZE made an announcement on a Dark Web page, about its termination of activities with immediate effect.
By Pierguido Iezzi, CEO of Swascan
This, on the surface, seemed like a piece of “good news” in 2020.
A few months have passed but can we breathe a sigh of relief? Should we be happy because one of the great “enemies” that sided with cybercrime has decided to throw in the towel?
Not so fast!
Look at the announcement, and you’ll notice it is filled with grammatical errors and published within the same corner of the dark web. A corner where, for a long time, these attackers used to “post” all the data they had been able to steal from their victims, as some sort of trophy room.
Victims also included companies linked to big names like Tesla and SpaceX.
Is it possible that these Criminal Hackers have decided to pull the oars in the boat because they were already satisfied with the earnings obtained with their attacks?
At first glance, it could be a hypothesis to consider. On the other hand, MAZE has been an innovator in the world of Criminal Hacking for a long time.
For instance, the group was the first to introduce the “double blackmail” strategy. In addition to completely blocking the systems of its victims in exchange for a ransom, the attackers threatened to release all the targeted companies’ data until this was paid (strictly in bitcoin).
Do not celebrate yet
All these innovations, unfortunately, have also borne their fruits and reaped illustrious victims. More fuel on the fire of the theory that the announcement could be true, then?
Unfortunately, it is not that simple.
Although criminalistic, these groups operate in a business-like manner: profit is the ultimate goal. And which business closes its doors after a good year?
We should therefore take this announcement with a great deal of skepticism.
Surely there are people within this group who are “satisfied” with what they have achieved over years of criminal activity and are happy to “enjoy” the spoils, but it is also likely that this closure is simply a strategic move to reorganize under a different name – a rebranding if you will.
Whatever the future of MAZE may be, the possibility that all its operators (another name for those Criminal Hackers who decide to work as part of a single group) are currently holding their suitcases – COVID permitting – with sombreros on their heads ready to enjoy their “retirement” on a Caribbean island is almost zero.
On the contrary – the dissolution of the Group leaves many questions open, especially regarding this sudden skill surplus and the collaborative relationship they had with other Cyber-criminal organizations.
These, probably, having closed the MAZE chapter, are already looking for something else to put their criminal “skills” to good use.
On the contrary, it is not even a hypothetical question.
We already know that MAZE had close relations with two other groups of Criminal Hackers: LockBit and Ragnar Locker, as well as having been compared several times, for methodology and code, to the new entry Egregor.
The latter two groups have already claimed victims in Italy.
In short, the most plausible scenario is that nobody really “retired” or decided to dedicate their time to activities that did not include cybercrime.
Those who greeted MAZE’s closure with a sigh of relief will be forced to think again.
In a certain way, MAZE became the Hydra of cybercrime: once one head was cut off, two (or maybe even three!) were born.
All its expertise has not been lost, nor taken off the market. It has been divided and passed on to other groups that have picked up right where MAZE decided to stop — hitting small and big organizations and causing huge economic and brand reputation damages.
They may have also tried to put on a good face with their statement, claiming they were not a cybercrime cartel, but MAZE had been working with its “descendants” for some time already — and now they have already taken its place.
Hardly anything will change, Criminal Hackers and ransomware will always be “out there” and will continue to target public and private organizations with their vast arsenal of tactics and techniques honed over years and years of practice.
We will just have to maintain a high state of alert and not let our guard down!
About the Author
Pierguido Lezzi is the Cyber Security Director and Co-founder of Swascan with over 30 years of experience in the world of cybersecurity. With a degree in Information Sciences, he has had the opportunity to work nationally and internationally in large corporate contexts and in the largest multinationals as a cybersecurity representative. Author of several publications, he regularly collaborates as author and contributor to a number of newspapers and publications. He has also been a keynote speaker and testimonial at universities, national, and international events.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.