Hackers using Egregor ransomware have been arrested in Ukraine as part of the joint operation between French police and Ukrainian law enforcement.

First reported Feb. 12 by France Inter, the arrests are said to have involved hackers suspected of being in contact with the Egregor ransomware gang as opposed to direct members of the gang themselves.

Egregor operates on a ransomware-as-a-service basis and other hackers can partner with those behind the ransomware for attacks. Any ransom paid is split between the developers and those who have successfully deployed the ransomware.

Among those arrested are said to be users of Egregor ransomware, along with some who provide logistical and financial support to the gang. The extent of the arrests on the core Egregor ransomware group is not known although IT Wire reported today that Egregor sites on both the regular internet and the dark web, the area of the web where illicit goods and services are sold, are currently down.

Egregor first emerged in September and has been regularly in the news since with its so-called double-tap attacks. Whereas traditional ransomware simply encrypts files and demands a ransom payment for a decryption key, double-tap attacks such as with Egregor also steal data on infected systems. Then those behind the attack demand a ransom payment not only for a decryption key but also with a promise not to publish the stolen data if the ransom is paid.

Egregor is not the only type of ransomware undertaking double-tap attacks, but it’s considered to be the most aggressive ransomware family in terms of negotiation. Victims are given only 72 hours to negotiate payment before their stolen data is published on the gang’s website “Egregor News.”

Recent Egregor attacks include the Scottish Environmental Protection Agency Christmas Eve, Translink, the public transport system of Vancouver, Canada, and big-box retailer Kmart Corp. In all three cases, services were disrupted. “Russian organized cybercriminals” have been previously linked to Egregor. But Ukraine, though a former Soviet republic, is not Russia, no more than Canada is part of the U.S.

Image: Cybereason