Names of the arrested aren’t revealed yet but are believed to be affiliates of the Egregor group and not the authors. This ransomware group has infected over 200 victims and earned well in just a short span.
Police Caught Members of Egregor Group
Egregor ransomware, which started its operations in September last year, is believed to be the successor or an updated version of Maze ransomware, which shut down its operations in the same period. It’s reported that many of the Maze group affiliates have then moved to the Egregor eventually. And now, even the new group seems to have an end. This is because a few of the group’s affiliates were reportedly arrested by French police in Ukraine, as reported by French radio station France Inter. It should be noted that the arrested members are the affiliates and not the ransomware’s authors. These are different, as the Egregor works as a Ransomware-as-a-Service model, where the makers of this malware are different from the distributors and ransom payments handlers. While the makers craft the malware, distributors are the hackers and other adversaries who infect the target networks and encrypt their systems. Then, the proceeds from ransom payments are collected by another member who shuffles through the Bitcoin mixing services and safely passes them back to makers and distributors. As per reports, the affiliates (distributors) have been arrested, and their identities aren’t revealed yet. It’s also reported that Egregor’s C2 and data leak site is offline since Friday, which shows a dent made on their infrastructure. Regarding this, Allan Liska from Recorded Future, a cybersecurity firm, said to ZDNet, Whatever, Egregor has made enough fortune to be retired if consequences didn’t turn out well. The ransomware group is in the top 5 list of most earned groups, squeezing somewhere between $40-$50 million in ransoms from its over 200 victims throughout the span.