By 
According to news reports, the Maze cybercrime gang is closing down its operations after rising to become one of the most leading players carrying out ransomware attacks.
The Maze ransomware started operating in May 2019 but became more active in November, by introducing a double-extortion approach.
Ransomware operations have always appreciated mocking news sites and researchers, but mostly they tended to disregard journalists’ emails.
Maze said that if Allied didn’t pay a ransom, their data would be openly released. Eventually, the ransom was not paid, and Maze issued the stolen data.
Shortly afterwards, Maze unveiled a ‘Maze News’ site that they use to publish non-paying victims’ data and issue “press releases” for reporters who follow their activities.
This double-extortion method was rapidly adopted by other large ransomware operations, including REvil, Clop, DoppelPaymer, who issued their own data leak sites.
Maze went on to evolve ransomware operations by founding a ransomware cartel with Ragnar Locker and LockBit, to share information and strategies.
The concluding of operations was later confirmed after BleepingComputer was contacted by a threat actor involved in the Barnes and Noble ransomware attack.
Several Maze affiliates have switched over to a new ransomware operation called Egregor that started operating in the middle of September.
