Menu
Egregor ransomware takes a hit after arrests in Ukraine

Egregor ransomware takes a hit after arrests in Ukraine

Ukrainian, French and US operation targets ransomware group members and takes down its infrastructure

Credit: Dreamstime

A cyber criminal group associated with the Egregor ransomware was dismantled in Ukraine following a joint action by US, French and Ukrainian authorities.

The website used by the Egregor group to post information about victims in an attempt to coerce them has been shut down and the command-and-control server has also been disrupted.

Egregor is a ransomware program that appeared in September 2020 and saw rapid growth after the retirement of Maze, another prominent ransomware group. Both Maze and Egregor use a ransomware-as-a-service model that relies on other cyber criminals called affiliates breaking into corporate networks and distributing the ransomware for a cut of the ransoms.

Both Maze and Egregor also use a double extortion technique, where in addition to encrypting files, the attackers steal data from victims and threaten to release it if the ransom is not paid. The victims are listed and publicly shamed on an extortion website maintained by the group.

After the creators of Maze announced that they're shutting down the project, most of their affiliates immediately moved to Egregor, leading security researchers to believe that at least part of the Maze team was involved in the creation of Egregor, potentially in collaboration with the creators of an older ransomware program called Sekhmet that shares a lot of code similarities with Egregor and is likely its predecessor. The FBI issued a private industry alert in January about Egregor.

Last week, the extortion website used by ransomware group went offline, as well as its command-and-control infrastructure.

French public radio station France Inter reported on February 12 that several Egregor-related arrests were made in Ukraine following a joint investigation between Ukrainian and French authorities who got involved after Egregor was used against French companies including game studio Ubisoft and logistics firm Gefco.

These reports were not confirmed officially until Wednesday, February 17, when the Security Service of Ukraine (SSU) announced the arrest of a group that was using Egregor including its suspected organiser. While it's not clear if this was an affiliate group or the development team behind Egregor, it seems the arrests did have a serious impact on the ransomware's operations, suggesting the group played a significant role. This is confirmed by other private reports.

"On Feb. 9, 2021, Ukrainian law enforcement conducted a joint operation with US and French authorities against several Ukrainian nationals believed to be deeply involved with Egregor ransomware operations," cyber security firm Intel 471 said Wednesday in a blog post. "Intel 471 has learned that authorities targeted the purported ring leaders, as well as associates who helped run the related affiliate programs."

The SSU seized information about the compromised networks and other evidence and advised law enforcement agencies from around the world with information about victims to contact the service. It estimates that Egregor impacted over 150 companies in Europe and the United States, leading to losses of over $80 million.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ransomware

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments