Hacker gang announces end to activities, but experts warn of new groups

Maze hacker group, which attacked LG and a research group against the coronavirus, published a statement on Dark Web.

Hacker gang announces end to activities, but experts warn of new groupsNOTÍCIAS

One of the largest ransomware groups, the hacker group Maze, announced on Dark Web the end of its activities, according to the Portuguese publication Exame Informática.

The group had published a communiqué – full of spelling mistakes – in which it announced the decision to close its activities.

The group was one of the most active among hacker attacks, having successfully hacked this year a vaccine and medicine research group against the coronavirus, in addition to the systems of the technology giant LG.

With the systems locked, the group called for rescue to unlock the files, usually in cryptomachs. If payment was not made, hackers would publish the files in a Dark Web repository, the same one that today displays the group’s communiqué.

The article explains the hackers’ actions:

“Initially, Maze hackers used exploitative kits and spam campaigns to target victims, but then went on to exploit known security vulnerabilities to get their way. Another tactic was to attack virtual private networks (VPNs) and also remote computer access servers (RDPs) to reach the networks of the organisations they were targeting”.

Despite the announcement of an end to their attacks, experts doubt that all members will now be “retired” from their criminal behaviour. Brett Callow, Emsisoft analyst, told TechCrunch:

“Maze is run as a network of affiliates, so partners in crime may not comply with the ‘reform’ now announced and choose to regroup and come up under another name”.

Another analyst, Jeremy Kennely of FireEye, agrees that hackers should come under new names, commanding other attacks of the same kind:

“We believe with a high degree of certainty that many of the individuals and groups who have collaborated with the Maze ransomware service will continue to command similar operations – either working with existing ransomware services or supporting new operations in the future”.