Peter Mackenzie, the company's incident response manager for Sophos Rapid Response, told iTWire that this kind of "shutting down" had been seen with other malware groups in the past.
"The announcement by the Maze operators that they are ceasing operations after just over a year of activity is probably not as significant as it might appear," he said.
"We've seen it all before and this is likely to be more of a revolving door than a dramatic exit."
|
|
iTWire contacted the Maze operators, asking whether they were indeed shutting down operations as reported, but has not heard back.
The operators have cleaned up their dark web site, leaving the name of only two companies whose data has not been leaked in full. All others are not listed any more in the main area of the site.
Said Mackenzie: "In June 2019, the operators behind GandCrab announced their retirement and all its affiliates moved to REvil; now the Maze affiliates are apparently moving across to a new group, Egregor, which according to public reports has access to Maze tools and infrastructure.
"They may even share some of the same operators. Organisations will not be any safer than they were before. They need to stay focused not on who attacks them, but how – and to continue to bolster their defences against cyber threats of all kinds, regardless of where they come from."
Notable attacks this year which used Maze have been on the world's second largest memory chip maker SK hynix. global technology firm Pitney Bowes, Texas foundry group X-FAB, a Thai power authority, the Belgian accounting firm HLB, the global defence group ST Engineering and the Sydney strata management company Strata Plus.
Others who were attacked with the same ransomware were South Korean electronics giant LG, the Thai Beverage Public Company, Japanese multinational optical and imaging products vendor Canon and Indian sweets maker Haldiram's.
