- Joined
- Jun 13, 2020
- Messages
- 7,515
- Reaction score
- 916
- Points
- 212
- Awards
- 2
French and European investigators tracked the ransom paid in bitcoins via the blockchain to suspects in Ukraine.
A joint operation of law enforcement officers from France and Ukraine led to the arrest of several clients of the Egregor RaaS service in Ukraine. The police made the arrests after French authorities were able to track the ransom payments to people in Ukraine. It is currently unknown how many people were arrested, France Inter radio reported.
Egregor operates on a Ransomware-as-a-Service (RaaS) business model, in which criminals partner with ransomware developers to launch attacks and split ransom. In such partnerships, malware developers are responsible for creating malware and running the payment site. At the same time, operators are responsible for hacking victims' networks and deploying ransomware. As part of this arrangement, developers earn 20 to 30% of the ransom amount, while affiliates receive the remaining 70-80%.
Recall that in October last year, the extortionist group Maze stopped its criminal activities, and Maze partners switched to using ransomware called Egregor. Presumably, Egregor is the same software as Maze and Sekhmet in that they use the same ransom notes, the same payment site names, and have most of the same code.
In January, the data breach site Egregor was down for about two weeks, and when it came back online, there were problems with the site. This unusual action led other attackers to suspect that the ransomware had been compromised by hackers or law enforcement agencies.
In the last quarter of 2020, Egregor accounted for a third of ransomware attacks, including attacks on Barnes & Noble, game maker Ubisoft and Epicor Software.
__________________
A joint operation of law enforcement officers from France and Ukraine led to the arrest of several clients of the Egregor RaaS service in Ukraine. The police made the arrests after French authorities were able to track the ransom payments to people in Ukraine. It is currently unknown how many people were arrested, France Inter radio reported.
Egregor operates on a Ransomware-as-a-Service (RaaS) business model, in which criminals partner with ransomware developers to launch attacks and split ransom. In such partnerships, malware developers are responsible for creating malware and running the payment site. At the same time, operators are responsible for hacking victims' networks and deploying ransomware. As part of this arrangement, developers earn 20 to 30% of the ransom amount, while affiliates receive the remaining 70-80%.
Recall that in October last year, the extortionist group Maze stopped its criminal activities, and Maze partners switched to using ransomware called Egregor. Presumably, Egregor is the same software as Maze and Sekhmet in that they use the same ransom notes, the same payment site names, and have most of the same code.
In January, the data breach site Egregor was down for about two weeks, and when it came back online, there were problems with the site. This unusual action led other attackers to suspect that the ransomware had been compromised by hackers or law enforcement agencies.
In the last quarter of 2020, Egregor accounted for a third of ransomware attacks, including attacks on Barnes & Noble, game maker Ubisoft and Epicor Software.
__________________
