Thursday, March 28, 2024

Operators Behind Egregor Ransomware Arrested by Ukrainian, French Police

French and Ukrainian law enforcement agencies have joined forces to arrest several members of the Egregor ransomware operation in Ukraine. The arrest was carried out early this week.

The regional daily Ouest France, the video game giant Ubisoft and the transporter Gefco were the victims of the arrested group.

Who Arrested?

Ransom payments to individuals located in Ukraine were traced by French authorities on Tuesday, reports French Inter.

The police officials of the two countries have been communicating with each other since then in an attempt to dismantle this group of cybercriminals.

The Egregor group is suspected of being at the origin of several hundred attacks through ransomware since September 2020. Ransomware is malicious software that infects your computer and blocks your data and demands a ransom for freeing up this data.

It has been reported that police officers from the Central Office for the Fight against Cybercrime of the Judicial Police participated in the arrest of several hackers, suspected of having been in contact with Egregor.

The arrested individuals are thought to be Egregor affiliates whose job was to hack into corporate networks and deploy the ransomware. A few of these individuals are also believed to have provided logistical and financial support. However, the number of people arrested is yet to be disclosed.

What did Egregor do?

Some of the well-known companies that have been attacked by Egregor include Ubisoft, Gefco, Barnes and Noble, Kmart, Cencosud, Randstad, Vancouver’s TransLink metro system, and Crytek. 

Egregor predominantly operates as a Ransomware-as-a-Service (RaaS) where affiliates partner with the ransomware developers to conduct attacks and split the ransom payments.

The hackers had used a classic but dreadfully effective method, starting with “ransomware”, malicious software that infiltrates mailboxes. 

The computer virus then not only paralyzes the company’s computer systems and connected production tools but also suck up strategic company data and then distribute it, in the event of non-payment of the ransom claimed.

Generally the ransomware developers are responsible for developing the malware and running the payment site and the affiliates have the responsibility of hacking into the victims’ networks and deploying the ransomware. The ransom is generally split in a 30:70 ratio between the developer and the affiliates.

Egregor launched in the middle of September, just as one of the largest groups known as Maze began shutting down its operation.

In November, the ransomware gang partnered with the Qbot malware to gain access to victims’ networks, increasing the volume of attacks even further.

Due to Egregor’s rapid growth victims faced the unique situation of having to wait in a queue to negotiate a ransomware payment.

 As can be seen from the graph below, Egregor’s activities dwindled after mid-December. Several people believe this may be due to run-ins with the law. It is also possible that this may just be due to the natural ebb and flow associated with the industry.

ID-Ransomware submission stats showing a huge decline

Ransomware attacks explode since the start of the COVID crisis

Several groups of hackers share this juicy market. But we now know the process that caused a paralysis of the establishment’s vital computer systems: the Dax attack, for example, enabled the teams from ANSSI (the National Information Systems Security Agency) to better understand the weaknesses of a large hospital, and especially to see how we can restart “old-fashioned” tools connected to old operating systems, which usually have not been updated for several years.

These are the same ANSSI teams who have been on the move since the start of the week to try to counter this attack, in conjunction with the IT department of Dax hospital and a private provider. 

Here again, a judicial investigation was opened by the cyber prosecution with national jurisdiction in Paris.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

Infamous Maze Ransomware Operators Shuts Down Operations

Hackers Abuse Windows Feature To Launch WastedLocker Ransomware to Evade Detection

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles