Ukraine arrests suspects linked to Egregor ransomware operators

As a result of a joint investigation by Ukrainian and French law enforcement, suspects linked to the administrators of the Egregor ransomware were arrested in Ukraine. This is reported by ZDNet, citing French media.

The group behind Egregor operated under a Ransomware-as-a-Service (RaaS) model. If victims paid the ransom, the cybercriminals and operators of Egregor shared the proceeds. They then laundered them through Bitcoin mixers.

The detainees are believed to be affiliated individuals assisting Egregor in conducting operations, and its clients, rather than part of the hacker group.

Researchers noted that the Egregor site and its command-and-control infrastructure stopped working on Friday.

Officials have not yet announced the arrests, but media sources have confirmed the operation.

Egregor began operating in September 2020, but many experts believe that its operators are behind the more well-known ransomware Maze.

According toChainalysis report, Egregor/Maze is among the five largest ransomware operators with revenues of up to $50 million.

Last year, Maze attacked five American firms, demanding 200 bitcoins from each, and a major Costa Rican bank, also demanding cryptocurrency.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.