Ukrainian, French and US operation targets ransomware group members and takes down its infrastructure. Credit: Getty Images A cybercriminal group associated with the Egregor ransomware was dismantled in Ukraine following a joint action by US, French and Ukrainian authorities. The website used by the Egregor group to post information about victims in an attempt to coerce them has been shut down and the command-and-control server has also been disrupted.Egregor is a ransomware program that appeared in September 2020 and saw rapid growth after the retirement of Maze, another prominent ransomware group. Both Maze and Egregor use a ransomware-as-a-service model that relies on other cybercriminals called affiliates breaking into corporate networks and distributing the ransomware for a cut of the ransoms.Both Maze and Egregor also use a double extortion technique, where in addition to encrypting files, the attackers steal data from victims and threaten to release it if the ransom is not paid. The victims are listed and publicly shamed on an extortion website maintained by the group. After the creators of Maze announced that they’re shutting down the project, most of their affiliates immediately moved to Egregor, leading security researchers to believe that at least part of the Maze team was involved in the creation of Egregor, potentially in collaboration with the creators of an older ransomware program called Sekhmet that shares a lot of code similarities with Egregor and is likely its predecessor. The FBI issued a private industry alert in January about Egregor.. Last week, the extortion website used by ransomware group went offline, as well as its command-and-control infrastructure. French public radio station France Inter reported on February 12 that several Egregor-related arrests were made in Ukraine following a joint investigation between Ukrainian and French authorities who got involved after Egregor was used against French companies including game studio Ubisoft and logistics firm Gefco.These reports were not confirmed officially until Wednesday, February 17, when the Security Service of Ukraine (SSU) announced the arrest of a group that was using Egregor including its suspected organizer. While it’s not clear if this was an affiliate group or the development team behind Egregor, it seems the arrests did have a serious impact on the ransomware’s operations, suggesting the group played a significant role. This is confirmed by other private reports. “On Feb. 9, 2021, Ukrainian law enforcement conducted a joint operation with US and French authorities against several Ukrainian nationals believed to be deeply involved with Egregor ransomware operations,” cybersecurity firm Intel 471 said Wednesday in a blog post. “Intel 471 has learned that authorities targeted the purported ring leaders, as well as associates who helped run the related affiliate programs.”The SSU seized information about the compromised networks and other evidence and advised law enforcement agencies from around the world with information about victims to contact the service. It estimates that Egregor impacted over 150 companies in Europe and the United States, leading to losses of over $80 million. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe