Members of the infamous Egregor ransomware arrested in Ukraine

Ukrainian and French police conducted a joint operation to disrupt the Egregor ransomware group. Here’s what we know so far.
Members of the infamous Egregor ransomware arrested in Ukrainian

Last month, authorities dismantled NetWalker ransomware, arrested the gang after seizing their cryptocurrency and domain. Now, authorities have announced arresting culprits behind the infamous Egregor ransomware.

Ukrainian and French police conducted a joint operation to disrupt the Egregor ransomware group. Several arrests were made last week, and the main suspects’ Blockchain records were analyzed to trace them.

The suspects were arrested in Ukraine and are believed to be Egregor affiliates who hacked into corporate networks to deploy ransomware. France Inter also reports some individuals provided logistical and financial support.

Investigation Started in 2020

French court Paris Tribunal de Grande Instance initiated an investigation into the Egregor group’s activities in the autumn of 2020 after several French organizations were targeted by the group, including Ouest France, Ubisoft, and Gefco.

The same group was behind the ransomware attack on Metro Vancouver’s payment systems in December 2020.

A few days back, the Dax-Côte d’ Argent Hospital Center in France also went offline after being attacked by Egregor. Last week, researchers discovered possible links between Egregor and Russia-based attacks and an unusual username that the infamous REvil group employed. 

Ransomware attack discrupts Metro Vancouver's payment systems
The ransom note Egregor ransomware group left on systems run by Metro Vancouver’s payment systems.

Arrestees Offered Logistical and Financial Support

France Inter reported that French law enforcement authorities traced ransom payments to individuals based in Ukraine. The report also suggested that arrested members may also be providing logistical and financial support, in addition to hacking facilities, to the RaaS (ransomware-a-service) group.

It is currently unclear how many arrests have been made and whether the ransomware’s original developers are in custody or this group also hired the malware to carry out attacks. 

Did you enjoy reading this article? Don’t forget to like our page on Facebook and follow us on Twitter

Total
0
Shares
Related Posts