Last month, authorities dismantled NetWalker ransomware, arrested the gang after seizing their cryptocurrency and domain. Now, authorities have announced arresting culprits behind the infamous Egregor ransomware.
Ukrainian and French police conducted a joint operation to disrupt the Egregor ransomware group. Several arrests were made last week, and the main suspects’ Blockchain records were analyzed to trace them.
The suspects were arrested in Ukraine and are believed to be Egregor affiliates who hacked into corporate networks to deploy ransomware. France Inter also reports some individuals provided logistical and financial support.
Investigation Started in 2020
French court Paris Tribunal de Grande Instance initiated an investigation into the Egregor group’s activities in the autumn of 2020 after several French organizations were targeted by the group, including Ouest France, Ubisoft, and Gefco.
The same group was behind the ransomware attack on Metro Vancouver’s payment systems in December 2020.
A few days back, the Dax-Côte d’ Argent Hospital Center in France also went offline after being attacked by Egregor. Last week, researchers discovered possible links between Egregor and Russia-based attacks and an unusual username that the infamous REvil group employed.
Arrestees Offered Logistical and Financial Support
France Inter reported that French law enforcement authorities traced ransom payments to individuals based in Ukraine. The report also suggested that arrested members may also be providing logistical and financial support, in addition to hacking facilities, to the RaaS (ransomware-a-service) group.
It is currently unclear how many arrests have been made and whether the ransomware’s original developers are in custody or this group also hired the malware to carry out attacks.