Egregor Ransomware Members Arrested

Law enforcement authorities arrested members of the Egregor ransomware cartel in Ukraine last week, the result of a joint investigation by French and Ukrainian police. The arrested suspects are believed to be some of these “affiliates” (or partners) of the Egregor gang, whose job was to hack into corporate networks and deploy the ransomware. They are also believed to have provided logistical and financial support to help prop up operations. Although the suspects are not believed to comprise the Egregor gang itself, the arrests appear to have had a significant big impact on Egregor operations. Following the arrests Egregor’s Tor websites were offline, including the payment site and the operation’s data leak site. With the Tor payment site inaccessible, victims are unable to contact the ransomware gang, pay a ransom, or download decryptors for previously paid ransoms. Still, it’s not known whether the decline of Egregor activity is law enforcement related or simply the ebbs and flows of ransomware operations. For more on Egregror, read this WaterISAC advisory published in late October and this FBI Private Industry Notification (PIN) released early last month. Read more at ZDNet and Bleeping Computer.