Earnings of Maze/Egregor Ransomware
The now-defunct ransomware Maze group was a pioneer in its times. Started in mid-2019, the group was shut down for unknown reasons late last year but reincarnated in the form of Egregor ransomware. Most of the code, working mechanism, and other hints point out that Egregor is the new Maze group. At its time, Maze has popularized the concept of the double extortion method, which inspired many other ransomware groups to follow gradually. This included stealing sensitive data before encrypting the target’s network. And this stolen can be used to quickly pressure the victim into paying the ransom. This method has a proven success rate, as many victims bowed down eventually to the ransomware gangs, as they aren’t ready for defaming themselves before the public. Later, they have set up a dedicated leak site to dump the stolen data in installments, to pressure the victim more often. Some have now come up with the idea of calling the victims and their customers and harassing them into paying the ransom.
— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) March 5, 2021 All these means have yielded good returns, as the Maze/Egregor gang has reportedly made about $75 million in ransom payments, says Analyst1, a threat intelligence platform. As per its 58-page report, “We believe this figure to be much more significant, but we can only assess the publicly acknowledged ransom payments. Many victims never publicly report when they pay a ransom.” The Egregor group is crippled now with three of its cartel members’ recent arrests by French and Ukrainian officials. Yet, they stood as one of the highest-earning ransomware groups of all time. Analyst1’s recordings are similar to the Chainalysis report, which estimated the total ransomware earnings in 2020 to be $350 million at least. Ryuk ransomware is said to be the lucrative one with over $150 million in earnings.