Egregor ransomware gang members arrested

Paragraph[German]Law enforcement has struck another blow against cybercriminals. Investigators from the French and Ukrainian police were able to identify members of the Egregor ransomware group and now arrested them in Ukraine – according to a media report by Inter France.


The Egregor-Ransomware Egregor ransomware has been responsible for a number of infections of companies and government agencies, particularly since Sept. 2020. The gang was responsible for attacks on about 200 victims(such as bookseller Barnes & Noble and game developers Ubisoft and Crytek) in the United States. The assumption there was that the group was only at the beginning of its success, and Sophos published an article on the subject. The tenor: the group's success is due to the disappearance of the Maze ransomware group. There are similarities in the code of Maze and Egregor, with the Egregor gang using different tactics, techniques and procedures (TTPs) in attacks.

Successful Attacks

The Egregor group has been responsible for several spectacular ransomware attacks since its emergence in September 2020. On November 14, South American distribution giant Cencosud announced that it had fallen victim to a very aggressive ransomware (Egregor). Then, on the night of November 20-21, it was the turn of SIPA-Ouest France Group and one of its subsidiaries, whose rotary presses and printers failed one by one due to the ransomware infection. Randstad Temporary Employment also fell victim to the group (see Egregor ransomware infection at Randstad).

The ransomware was distributed via compromised email attachments and not only encrypted the companies' files, the group also pulled files and threatened to publish them, forcing the payment of ransom. Some ransomware also arrived directly in paper form , via hacked photocopiers. Most often, the hackers gave their victims three days to pay in order to recover their data, computers or printers.

But the air is definitely getting thinner for cyber criminals lately (see links at the end of the article). There have been some cyber groups taken down in recent weeks. And some individual ransomware groups have gone out of business for fear of prosecution. Now the next blow against the Egregor ransomware gang has been achieved.

Members arrested in Ukraine

Inter France reported a law enforcement success in this post on February 12, 2020. The J3 cyber prosecutor's office of the Tribunal de Grande Instance in Paris launched an investigation in the fall of 2020 after several complaints and reports were filed at the Europol level in the Netherlands. French investigators and their European counterparts were able to track down ransomware paid in Bitcoin via the blockchain and locate several suspects in Ukraine. Now they say several hackers responsible for attacks on regional daily Ouest France, video game giant Ubisoft and carrier Gefco were arrested in Ukraine early last week.


According to France Inter, police officers from the Central Office for Combating Cybercrime of the Criminal Investigation Department took part in the arrest of the hackers. The latter are suspected of being linked to the cybercriminal group Egregor by providing logistical and financial support.

Egregor-Webseite down

Bleeping Computer notes in the above tweet that the Egregor Group leak page was offline in January 2021 and had not been functioning since its return. It was assumed that the site had been hacked by the competitor or law enforcement. Both ZDNet and Bleeping Computer have published English-language articles on the arrests. Bleeping Computer notes that the Egregor Group's activity had already dropped dramatically by December 2020.

Similar articles
Egregor ransomware infection at Randstad
Metro of Vancouver is victim of a ransomware infection
VPN services seized by law enforcement officials
Netwalker Ransomware Darknet Website Seized, First Indictment
German BKA initiate a takedown of Emotet malware infrastructure
Emotet reportedly uninstalls itself on April 25, 2021
Details of Emotet uninstallation by law enforcement officials
The 1 billion US $ Bitcoin-Wallet-'Hack' – it was the US government
German police seized a darknet server farm in a shelter

Cookies helps to fund this blog: Cookie settings

This entry was posted in General, Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *