Egregor s data-leaking site remains offline. (Source: Malwarebytes)
Individuals suspected of being affiliates of the Egregor ransomware-as-a-service operation have reportedly been arrested in Ukraine.
The arrests were announced on Friday by radio station France Inter, which said French police had launched an investigation last fall, spurred by attacks against domestic organizations, and had begun working with police in Ukraine to investigate.
France Inter reports that the arrests of the individuals - who provided hacking, and logistical and financial support for Egregor - are the result of an investigation being run by the anti-cybercrime division of the Central Directorate of the Judicial Police, part of France s national police force, working with police in Ukraine and with the EU s law enforcement agency Europol coordinating.
Get Permission
A post to RaidForums offers to share the identities of a ransomware-as-a-service operation s leadership - for a price.
Maze was one of the most notorious and successful ransomware operations of recent years until its retirement last November. The group pioneered the data-leaking model that involves first stealing victims data, then using the threat of leaking it to try to force victims to pay.
The strategy worked, helping fuel a boom in ransomware profits and leading numerous other operations to follow suit.
Unsubstantiated cybercrime forum chatter has suggested that Russian national Maxim Yakubets was a core member of the Maze ransomware gang and its successor, Egregor. (Source: FBI; click to enlarge)