15 February 2021

Several members of Egregor ransomware operation arrested in Ukraine


Several members of Egregor ransomware operation arrested in Ukraine

A joint operation between French and Ukrainian law enforcement agencies reportedly led to arrests of several individuals suspected of being involved in the Egregor ransomware operation in Ukraine, French radio station France Inter reported.

According to France Inter, the suspects are believed to be the Egregor ransomware affiliates tasked with hacking into corporate networks, or providing logistical and financial support.

The joint effort aimed at dismantling the Egregor ransomware operation was launched by the J3 Cyber Prosecution of the Paris Tribunal de Grande Instance last fall after receiving complaints about the ransomware gang.

French police, together with "European counterparts," were able to track down Egregor members and infrastructure to Ukraine. At present, it is not clear how many people have been arrested, as the police have not formally announced the results of the operation.

The Egregor ransomware group, which appeared on the threat landscape in September 2020, operates based on a Ransomware-as-a-Service (RaaS) model. It involves the gang renting access to the ransomware to other cybercriminals who hack into corporate networks and deploy the malicious software.

The Egregor RaaS is thought to be an updated and rebranded version of the Maze ransomware operation that reportedly closed down last year.

According to a new report from the cybersecurity firm Kivu, Egregor has amassed over 200 victims since it launched, and is comprised of 10-12 core members and 20-25 semi-exclusively vetted members. The list of victims hit by Egregor includes such names as Ubisoft, Crytek, Kmart, Cencosud, Randstad, Vancouver's TransLink metro system, and others.

Back to the list

Latest Posts

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

Researchers discover connection between SunCrypt and QNAPCrypt ransomware

SunCrypt may be an updated version of the QNAPCrypt ransomware.
4 March 2021
Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

Cybersecurity firm Qualys appears to be the latest victim of Accellion FTA zero-day attacks

The cybercriminals behind the Clop ransomware operation have posted screenshots of files allegedly stolen from Qualys on their leak site.
4 March 2021
CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

CISA orders federal agencies to ‘immediately’ patch Exchange flaws exploited by hackers

Several APT groups are exploiting "at least" the CVE-2021-26855 Microsoft Exchange Server vulnerability as part of ongoing attacks, ESET says.
4 March 2021