[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code

Hello, It's developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families.

also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with gazavat.

Each archive with keys have corresponding keys inside the numeric folders which equal to advert id in the config.

In the "OLD" folder of maze leak is keys for it's old version with e-mail based. Consider to make decryptor first for this one, because there were too many regular PC users for this version.

Enjoy!

Since it will raise too much clues and most of them will be false, it is necessary to emphasize that it is planned leak, and have no any connections to recent arrests and takedowns. M0yv source is a bonus, because there was no any major source code of resident software for years now, so here we go.

Neither of our team member will never return to this kind of activity, it was pleasant to work with you. All source code of tools ever made is wiped out.

P.S. Never forget that everything you perceive is only the dream of God. Complete your task.

Link: https://download.bleepingcomputer.com/ransomware-decryption-keys/maze-ransomware-leaked-master-keys.zip

Edited by Grinler, 12 February 2022 - 03:09 PM.
Added link to ransomware decryption keys

Ransomware dev releases Egregor, Maze master decryption keys

Emsisoft's Michael Gillespie and Fabian Wosar has reviewed the decryption keys and confirmed to BleepingComputer that they are legitimate and can be used to decrypt files encrypted by the three ransomware families.

Gillespie told us that the keys are used to decrypt a victim's encrypted keys that are embedded in a ransom note....Emsisoft has released a decryptor to allow any Maze, Egregor, and Sekhmet victims who have been waiting to recover their files for free...To use the decryptor, victims will need ransom note created during the attack as it contains the encrypted decryption key.

​

Could you please send me the link in PM? I can't find any public links anywhere.

Could you please send me the link in PM? I can't find any public links anywhere.

 

Could you please send me the link in PM? I can't find any public links anywhere.

✋ me too, would appreciate the link in my DM pls

 

It's in Quietman's post:  https://www.emsisoft.com/ransomware-decryption-tools/maze-sekhmet-egregor

Edited by cybercynic, 09 February 2022 - 07:50 PM.

don't think the decryptor contains "also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus", right?

Why would you think there might be?  The Emsisoft decrypter is designed by Gillespie and Emsisoft and contains no malware.. 

Edited by cybercynic, 09 February 2022 - 08:03 PM.

Thanks for the decryptor, but I'm looking for the keys themselves.

@quietman7: Could you please give me the link that was removed from Topleak's post?

Edited by Stargate38, 09 February 2022 - 08:07 PM.

Thanks for the decryptor, but I'm looking for the keys themselves.

Did you really read Quietman's post? The ransom note contains the encrypted decryption key. Find the ransom note.

I'm looking for the source code pack that was in the first post. Unfortunately the staff removed it, due to malware source code.

I'm looking for the source code pack that was in the first post. Unfortunately the staff removed it, due to malware source code.

I thought you wanted to decrypt your files. The Emsisoft decrypter and the ransom note will achieve that. 

If you think you need Topleak's source code you'll have to deal with the site Administrator, handle "Grinler".

Ciao!

Edited by cybercynic, 09 February 2022 - 08:22 PM.

Source code snippet for the M0yv malware is in the link to the BC news article I provided in my previous post. If that is not enough, then you need to contact Grinler, the site owner of Bleeping Computer.

Thanks. I sent Grinler a message requesting the link. Hopefully, it'll be possible to make the link public again for others who want to do research on the source, and hopefully someone will figure out how to decrypt ransomware-encrypted files (i.e. variants of known ransomware) without paying the ransom.

Edited by Stargate38, 09 February 2022 - 08:40 PM.

Edited by Amigo-A, 10 February 2022 - 01:14 PM.