Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Developer releases decryption key for Maze ransomware, Egregor
Maze started operating in May 2019 and quickly became famous for its unique type of data theft and double blackmail. Currently, many other ransomware have followed Maze's tactics to force victims to pay ransom for data.
The guys behind Maze announced their shutdown in October 2020. However, they actually renamed the ransomware to Egregor in September 2020 and continue to work. Then they were captured in Ukraine and Egregor also disappeared.
Sekhmet is also a strain of ransomware similar to Maze, but started operating in March 2020 when Maze has not declared "shelter of swords".
14 months later, the master decryption key for both Maze, Egregor and Sekhmet was posted on the BleepingComputer forum by a user named "Topleak". This person claims to be the developer of all three ransomware mentioned above.
This person said that the posting of the decryption key was planned in advance and had nothing to do with recent raids by law enforcement. Many servers and affiliates of the Maze and Egregor ransomware have been seized and destroyed.
The developer also shared that team members will no longer do ransomware. They also destroyed all the source code for their ransomware.
The BleepingComputer forum post includes a download link to a 7zip file with four subfiles that store the Maze, Egregor, Sekhmet decryption keys and the source code of the "M0yv" malware they use.
Each subdirectory contains the public master decryption key and the private master decryption key associated with the affiliates or distribution units.
Here are the number of RSA-2048 master decryption keys for each ransomware:
- Maze: 9 key decryption keys for malware that originally targeted non-business users.
- Maze: 30 key decryption key.
- Sekhmet: 1 master decryption key.
Emsisoft's Michael Gillespie and Fabian Wosar, two security researchers, confirmed to BleepingComputer that these keys are standard and can be used to decrypt files encrypted by the three ransomware mentioned above.
Emisoft has also released a decryption software for victims of Maze, Egregor and Sekhmet ransomware infections. However, to use Emisoft's decryption software you need to have the extortion note generated during the attack because it contains the decryption key.
Good luck!
David PacYou should read it
- How to decrypt encrypted files, recover data encrypted by Ransomware
- List of the 3 most dangerous and scary Ransomware viruses
- This is the world's fastest ransomware, encrypting 53GB of data in just over 4 minutes
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- Network security researcher claims to find a way to decode WannaCry
May be interested
- List of the 3 most dangerous and scary Ransomware viruses
while security solutions to protect us from threats, hackers are increasingly improving, while malicious programs (malware) are also becoming more and more 'cunning'. and one of the recent threats is how to extort money through ransomware. - There is a tool to decrypt the ransomware that specializes in attacking businessesthis new ransomware is still in development.
- Ransomware can encrypt cloud dataransomware is as small as a grain of sand, they are everywhere around us. and they can encrypt hard drive attacks but also attack other system drives, and cloud drives don't get out of sight.
- General guidelines for decoding ransomwarein this guide, tipsmake.com will try to help unfortunate readers infected with ransomware and encrypted files on the computer.
- What is Ransomware Task Force (RTF)?ransomware has become one of the top security threats in the past three years. the first ransomware strain and one of the worst nightmares in the history of global cybersecurity - wannacry - was discovered in may 2017.
- [Infographic] 7 effective ways to protect businesses from Ransomwarehow to protect your business from ransomware? join tipsmake.com to follow the article to find the answer.
- How to decode ransomware InsaneCrypt (Everbe 1.0)ransomware insanecrypt or everbe 1.0 is a ransomware family based on an open source project. this ransomware family is distributed through spam and hacked into remote desktop services, but this is not yet confirmed.
- Why is Ransomware the perfect hack?it is difficult to get an accurate number of cyber attacks, but the available data on ransomware give a poor picture.
- Learn about Ransomware: 6 ransomware on computerswhat is ransomware? are there any other ransomware? how does ransomware attack computers and demand ransom from users?
- Detecting two unusual versions of ransomware, shows that the world of ransomware has become diversifiedinternational cybersecurity researchers recently found two completely new types of ransomware that are quite strange. they carry very different and rarely recorded features, which are the alarm bells, showing that the world of ransomware has become diverse.
![[Infographic] 7 effective ways to protect businesses from Ransomware](https://tipsmake.com/data/thumbs_80x80/[infographic]-7-effective-ways-to-protect-businesses-from-ransomware_thumbs_80x80_RmVUGjsQC.jpg)
Technology story
- Mozilla patches a vulnerability in Firefox that helps hackers gain admin rights of Windows
- UEFI firmware from Microsoft, Intel, HP, Dell etc., can be at risk from nearly 20 different vulnerabilities
- Detecting fake 2FA security apps that can steal bank accounts on Android phones
- Microsoft Outlook RCE Vulnerability Can Sell For $400,000
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- Microsoft 'turns the wheel' to bring the old Network Connections settings back to Windows 11
Mozilla patches a vulnerability in Firefox that helps hackers gain admin rights of Windows
UEFI firmware from Microsoft, Intel, HP, Dell etc., can be at risk from nearly 20 different vulnerabilities
Detecting fake 2FA security apps that can steal bank accounts on Android phones
Microsoft Outlook RCE Vulnerability Can Sell For $400,000
Immediately patch CWP vulnerability that allows code execution as root on Linux servers
Microsoft 'turns the wheel' to bring the old Network Connections settings back to Windows 11