A joint operation between French and Ukrainian law enforcement agencies reportedly led to arrests of several individuals suspected of being involved in the Egregor ransomware operation in Ukraine, French radio station France Inter reported.
According to France Inter, the suspects are believed to be the Egregor ransomware affiliates tasked with hacking into corporate networks, or providing logistical and financial support.
The joint effort aimed at dismantling the Egregor ransomware operation was launched by the J3 Cyber Prosecution of the Paris Tribunal de Grande Instance last fall after receiving complaints about the ransomware gang.
French police, together with "European counterparts," were able to track down Egregor members and infrastructure to Ukraine. At present, it is not clear how many people have been arrested, as the police have not formally announced the results of the operation.
The Egregor ransomware group, which appeared on the threat landscape in September 2020, operates based on a Ransomware-as-a-Service (RaaS) model. It involves the gang renting access to the ransomware to other cybercriminals who hack into corporate networks and deploy the malicious software.
The Egregor RaaS is thought to be an updated and rebranded version of the Maze ransomware operation that reportedly closed down last year.
According to a new report from the cybersecurity firm Kivu, Egregor has amassed over 200 victims since it launched, and is comprised of 10-12 core members and 20-25 semi-exclusively vetted members. The list of victims hit by Egregor includes such names as Ubisoft, Crytek, Kmart, Cencosud, Randstad, Vancouver's TransLink metro system, and others.