Last night, a forum account claiming to be the malware developer of Maze, Egregor, Sekhmet ransomware groups has dumped the decryption keys of all these gangs’ malware.
Also, there’s the source code for M0yv malware too is dumped. Saying that it’s a planned leak, the developer confirms that the team members of these three ransomware gangs will never return to this business again. The decryption keys they shared are verified to be working.
Free Ransomware Decryption Keys
Ransomware groups dumping the master decryption keys of their encryption malware after shutting down business is common. But making it public while working actively is weird. And that’s what the developer of Maze, Egregor, and Sekhmet just it, in BleepingComputer forums.
Last night, an account going by the name ‘Topleak‘ claiming to be the malware developer of Maze, Egregor and Sekhmet ransomware groups has leaked the master decryption keys of all of them. He stated that it’s a planned leak, and is not due to the recent arrests made by police around the world (1,2,3).
Also, he assured that no member of the above ransomware groups will ever return to this business again, and have destroyed the source code of all of them. The download link he stated opens as a 7zip file, containing four archives as below;
- Maze: 9 master decryption keys for the original malware that targeted non-corporate users, and Maze: 30 master decryption keys.
- Egregor: 19 master decryption keys.
- Sekhmet: 1 master decryption key.
- M0yv: Source Code
Emsisoft’s Michael Gillespie and Fabian Wosar have verified these keys to be working, with BleepingComputer. While the decryptors of all three ransomware gangs are to be noted, the dump also consists of a source code to M0yv, which the developer stated as;
“M0yv is a bonus because there was no any major source code of resident software for years now, so here we go.”