An alleged malware developer has released the master decryption keys for Maze, Egregor, and Sekhmet ransomware.

The release of master keys

The decryption keys for these ransomware groups were leaked in BleepingComputer forums by a user named Topleak. The user claims to be the dev for all three operations (Maze, Egregor, and Sekhmet).
  • The poster on the forum said that this was a planned leak and did not have any relation to law enforcement operations that led to the arrests of ransomware partners and the seizing of servers.
  • Further, they stated that their team members have destroyed the source code of their ransomware and will never return to the ransomware scene.
  • The post includes a download link for a 7zip file with four archives, including all three decryption keys and a source code for an M0yv malware used by the ransomware group.
  • Each of these archives includes the private master decryption key and public master encryption key associated with a particular advert or affiliate of the ransomware operation.

Emsisoft’s researchers have reviewed the decryption keys and confirmed that they are legitimate. Further, the firm has released a decryptor tool to restore the encrypted files for free.

More information

The following are the number of master decryption keys released for the three ransomware:
  • Maze has nine master decryption keys for the original malware that targeted non-corporate users and 30 master decryption keys for other victims.
  • Egregor has 19 master decryption keys and Sekhmet has one master decryption key.

Conclusion

The recent release of master decryption keys for major ransomware is good news for victims waiting to recover their files. Besides, the release of the master keys may help in developing decrypter tools. However, experts also suspect that the release of keys could be an attempt to fool law enforcement agencies, while these groups are busy preparing new versions of their malware.

Cyware Publisher

Publisher

Cyware