The hackers who had been using the Egregor Ransomware for long got arrested in Ukraine due to a joint operation between the Ukrainian law enforcement and the French Police.
The France Inter had first reported about the hackers back on the 12th of February while the arrests had been said to involve the hackers who were suspected of being in direct contact with the Egregor Ransomware gang as opposed to the immediate gang members themselves.
The Egregor Ransomware operates on a ransomware-as-a-service basis while it enables the other hackers to partner with the hackers behind the ransomware attacks. Thus, any ransom that gets paid is generally split between the ones deployed with the ransomware and the developers.
Those individuals who had been arrested are believed to be the users of the Egregor Ransomware. Some others used to provide financial and logistical support to the alleged gang. A news outlet had reported that the extent of the arrests on the focused Egregor Ransomware group is yet to be known. But the Egregor websites on both the dark web and the surface web are currently down.
Egregor initially emerged back in September and since had been regularly in the news owing to its double-tap attacks. The conventional ransomware solely encrypts files demanding a ransom payment against a decryption key. But the Egregor’s double-tap attacks steal data on the infected systems. Then the malicious attackers demand a ransom payment for the decryption key. They also promise not to release the stolen data only if the ransom is paid.
The Egregor Ransomware is not the only type of malware attack that undertakes the double-tap method but is considered to be the most aggressive ransomware in its family in terms of negotiation. The malware attackers provide the victims with 72 hours for negotiating the payment before they publish their stolen data on the website of the gang named “Egregor News”.
The latest Egregor attacks comprise the Scottish Environmental Protection Agency, Translink (the public transport system of Canada and Vancouver) and Kmart Corp (a big box retailer). In all of these cases, the services of the respective had been disrupted when the attack took place on the 24th of December. Earlier, the “Russian organized cybercriminals” had been linked to Egregor.
Disclaimer: Read the complete disclaimer here.