Menu
On Tuesday 8th of February 2022, the decryption keys for Maze, Egregor, and Sekhmet ransomware operations and the source code for the M0yv ‘modular x86/x64 file infector’ were leaked on the BleepingComputer forums by the alleged malware developer who went by the name of “Topleak” when leaking the keys. The user stated that this leak was planned and had no connections to the recent law enforcement operations against ransomware affiliates.
“Since it will raise too much clues and most of them will be false, it is necessary to emphasize that it is planned leak, and have no any connections to recent arrests and takedowns” – “Topleak”
The decryption keys have been reviewed by cyber professionals from Emsisoft and have claimed as legitimate keys which can be used to decrypt files that have been encrypted by one of these ransomware variants. Since the leak, Emsisoft has released a decryptor which uses these keys to decrypt any Maze, Egregor, and Sekhmet victims’ files for free. The alleged developer also stated that none of their team members will ever return to ransomware and that they destroyed all the source code for their ransomware.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
