A developer claiming to be from the ransomware groups of Maze, Egregor, and Sekhmet have dumped their decryption keys last night, in a public forum.
Stating that the members of the above three ransomware groups will never get back into this business again, he also dumped the source code of a malware too. The decryption keys he leaked are verified to be true and working.
Decryptors For Ransomware Malware
Threat actors dumping their malware decryptors for free after shutdown is usual, but leaking them while working actively is unusual. Yet, we see one such incident happened last night in a BleepingComputer forum. According to it, an account going by the name “Topleak” has dumped the decryption keys of Maze, Egregor, and Sekhmet ransomware malware.
In his leak note, the account claims to be the malware developer of the above three ransomware groups! Also, he confirms that no member of the above three ransomware groups will ever return to this business again, and they have destroyed all the source code of their encryptors.
The download link he shared is a 7zip folder, containing archives of four files as below;
- Maze: 9 master decryption keys for the original malware that targeted non-corporate users, and Maze: 30 master decryption keys.
- Egregor: 19 master decryption keys.
- Sekhmet: 1 master decryption key.
- M0yv: Source Code
The source code of M0yv is additional. Including it in the dump, the developer said, “M0yv is a bonus because there was not any major source code of resident software for years now, so here we go”. The decryption keys of all three ransomware groups leaked by him are stated to be working, by Emsisoft’s Michael Gillespie and Fabian Wosar to BleepingComputer.
Finally, the developer said the dump is a planned leak and is not due to any of the recent triggering incidents like the arrests made by police.
Other Trending News:- News