1 min read

Ransomware Dev Releases Master Encryption Keys for Maze, Egregor, Sekhmet Ransomware

Vlad CONSTANTINESCU

February 10, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ransomware Dev Releases Master Encryption Keys for Maze, Egregor, Sekhmet Ransomware

The alleged developer of Maze, Sekhmet and Egregor ransomware released this week the master decryption keys for the malicious operations on the BleepingComputer forum.

A user named Topleak, claiming to be the developer for all three ransomware operations, has released the master decryption keys, saying that this was a planned leak and is in no way connected with the recent arrests of ransomware affiliates and the seizure of servers they used.

“Since it will raise too much clues and most of them will be false, it is necessary to emphasize that it is planned leak, and have no any connections to recent arrests and takedowns,” says the author of the post.

The post also stated that no team members will return to ransomware operations, and that the team destroyed all source code of their malicious projects. The blog post includes a download link that points to a 7z file, consisting of archived Maze, Sekhmet and Egregor decryption keys.

The encryption key archives each hold a public master encryption key and its private decryption counterpart associated with a specific affiliate of the ransomware operation.

The number of released RSA-2048 master decryption keys per operation is as follows:

  • Maze: 30 master decryption keys plus nine master decryption keys for the older version of the malware that targeted non-corporate users
  • Sekhmet: one master decryption key
  • Egregor: 19 master decryption keys

Additionally, the 7z file hosts a fourth archive that holds the source code of the M0yv malware, also a tool the ransomware gang used as part of their operation.

"M0yv source is a bonus, because there was no any major source code of resident software for years now, so here we go," said the developer in its forum post.

M0yv is a modular x86/x64 file infector that Maze developers created and previously used in their attacks. The archived source code included in the 7z file is available as a Microsoft Visual Studio project and hosts some DLL files that are already compiled.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members US State Department Offers $10 Million Bounty for Tips on Conti Ransomware Members
Alina BÎZGĂ

August 12, 2022

2 min read
Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch Years after claiming DogWalk wasn't a vulnerability, Microsoft confirms flaw is being exploited and issues patch
Graham CLULEY

August 11, 2022

1 min read
Creative scammers send their senior victim an Uber to take her to the bank Creative scammers send their senior victim an Uber to take her to the bank
Alina BÎZGĂ

August 11, 2022

2 min read