Developer releases decryption key for Maze ransomware, Egregor
The master decryption key of the Maze, Egregor and Sekhmet ransomware has just been posted by a user on the BleepingComputer forum. This person claims to be the developer of the above ransomware.
Maze started operating in May 2019 and quickly became famous for its unique type of data theft and double blackmail. Currently, many other ransomware have followed Maze's tactics to force victims to pay ransom for data.
The guys behind Maze announced their shutdown in October 2020. However, they actually renamed the ransomware to Egregor in September 2020 and continue to work. Then they were captured in Ukraine and Egregor also disappeared.
Sekhmet is also a strain of ransomware similar to Maze, but started operating in March 2020 when Maze has not declared "shelter of swords".
14 months later, the master decryption key for both Maze, Egregor and Sekhmet was posted on the BleepingComputer forum by a user named "Topleak". This person claims to be the developer of all three ransomware mentioned above.
This person said that the posting of the decryption key was planned in advance and had nothing to do with recent raids by law enforcement. Many servers and affiliates of the Maze and Egregor ransomware have been seized and destroyed.
The developer also shared that team members will no longer do ransomware. They also destroyed all the source code for their ransomware.
The BleepingComputer forum post includes a download link to a 7zip file with four subfiles that store the Maze, Egregor, Sekhmet decryption keys and the source code of the "M0yv" malware they use.
Each subdirectory contains the public master decryption key and the private master decryption key associated with the affiliates or distribution units.
Here are the number of RSA-2048 master decryption keys for each ransomware:
- Maze: 9 key decryption keys for malware that originally targeted non-business users.
- Maze: 30 key decryption key.
- Sekhmet: 1 master decryption key.
Emsisoft's Michael Gillespie and Fabian Wosar, two security researchers, confirmed to BleepingComputer that these keys are standard and can be used to decrypt files encrypted by the three ransomware mentioned above.
Emisoft has also released a decryption software for victims of Maze, Egregor and Sekhmet ransomware infections. However, to use Emisoft's decryption software you need to have the extortion note generated during the attack because it contains the decryption key.
Good luck!
You should read it
- 7 kinds of ransomware you didn't expect
- What is Ransomware CryptoWall 4.0? How to clean up Ransomware CryptoWall 4.0?
- How to decrypt encrypted files, recover data encrypted by Ransomware
- List of the 3 most dangerous and scary Ransomware viruses
- This is the world's fastest ransomware, encrypting 53GB of data in just over 4 minutes
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- Network security researcher claims to find a way to decode WannaCry
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- Why is Ransomware the perfect hack?
Maybe you are interested
How to safely erase an SSD without destroying it Combat tips to overcome Monster Sanctuary How to get free Gems in Empires & Puzzles Jack Ma returned Russia with 1 million masks and 200,000 corona virus test kits Few philanthropies, but every time Jeff Bezos played, he played big: Spending $ 10 billion on the fight to save Earth YouTube's source code leaked, revealing the entire platform measure used to control YouTubers