SECURITY
SECURITY
SECURITY
Hackers using Egregor ransomware arrested in Ukraine
Hackers using Egregor ransomware have been arrested in Ukraine as part of the joint operation between French police and Ukrainian law enforcement.
First reported Feb. 12 by France Inter, the arrests are said to have involved hackers suspected of being in contact with the Egregor ransomware gang as opposed to direct members of the gang themselves.
Egregor operates on a ransomware-as-a-service basis and other hackers can partner with those behind the ransomware for attacks. Any ransom paid is split between the developers and those who have successfully deployed the ransomware.
Among those arrested are said to be users of Egregor ransomware, along with some who provide logistical and financial support to the gang. The extent of the arrests on the core Egregor ransomware group is not known although IT Wire reported today that Egregor sites on both the regular internet and the dark web, the area of the web where illicit goods and services are sold, are currently down.
Egregor first emerged in September and has been regularly in the news since with its so-called double-tap attacks. Whereas traditional ransomware simply encrypts files and demands a ransom payment for a decryption key, double-tap attacks such as with Egregor also steal data on infected systems. Then those behind the attack demand a ransom payment not only for a decryption key but also with a promise not to publish the stolen data if the ransom is paid.
Egregor is not the only type of ransomware undertaking double-tap attacks, but it’s considered to be the most aggressive ransomware family in terms of negotiation. Victims are given only 72 hours to negotiate payment before their stolen data is published on the gang’s website “Egregor News.”
Recent Egregor attacks include the Scottish Environmental Protection Agency Christmas Eve, Translink, the public transport system of Vancouver, Canada, and big-box retailer Kmart Corp. In all three cases, services were disrupted. “Russian organized cybercriminals” have been previously linked to Egregor. But Ukraine, though a former Soviet republic, is not Russia, no more than Canada is part of the U.S.
Image: Cybereason
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
