The decryption keys for the ransomware Maze, Egregor, and Sekhmet have been released, Here is how you can get it
Another indicator that hackers are shaken by recent law enforcement activity is the publication of a decryptor for the Maze, Egregor, and Sekhmet ransomware families.
Maze was originally regarded as one of the most active and well-known ransomware organisations. The gang acquired notoriety for pioneering the double-extortion strategy, in which hackers first exfiltrate a victim’s data then threatening to publish the stolen files unless a ransom is paid. Typical ransomware gangs infect a victim’s computer with file-encrypting malware and demand cryptocurrency in exchange for the victim’s files.
Egregor debuted in September 2020, just as the Maze operation was winding down, and used the same double-extortion strategy as its predecessor. Despite the fact that the operation claimed a number of victims, including Ubisoft, Barnes & Noble, Kmart, and Vancouver’s subway system, it was short-lived, as some members of Egregor were apprehended in Ukraine in February 2021.
Sekhmet, which debuted in March 2020, has a lot in common with Maze and Egregor. Although it appeared before the latter, cybersecurity researchers have noticed similarities in the two in terms of methods, obfuscation, API calls, and ransom notes.
In a Bleeping Computer forum post on Wednesday, someone claiming to be “Topleak,” the developer of all three ransomware families, revealed decryption keys for all three ransomware families.
“Because it will raise too many clues, the majority of which will be false, it is necessary to emphasise that it is a planned leak, with no connections to recent arrests and takedowns,” Topleak said, adding that none of their team members will ever return to ransomware and that all of the source code for their ransomware has been destroyed.
Emsisoft has provided a decryptor to allow victims of Maze, Egregor, and Sekhmet to retrieve their files for free, after confirming that the decryption keys are genuine.
According to Brett Callow, a ransomware expert and threat analyst at Emsisoft, the release of the decryption keys is just another indicator that hackers are worried.
“While the gang says that the release of the keys has nothing to do with REvil’s recent arrests – yeah, right. “The reality is that both their costs and dangers are rising,” Callow remarked. “Ransomware grew in popularity because thieves could operate with near-complete impunity. That isn’t the case now. While the situation is far from addressed, the risk/reward ratio now has significantly more ‘risk.'”