It has been reported that Ukrainian law enforcement officers have arrested several affiliate members of the Egregor ransomware gang. The operation was carried out with the assistance of French authorities, and it is reported that the French investigation which began last Fall traced Bitcoin payments from French victims of the ransomware to individuals in Ukraine. Egregor has been responsible for attacks on French companies such as Ubisoft, Ouest France, and Gefko, as well as other attacks worldwide. Egregor operates on an “affiliate” model, where the software developers who create and maintain the ransomware provide it to other criminals to deploy against victim companies that they have gained unauthorized access to, with the illicit profits from extortion payments split between the developers and the affiliates. The criminal organization began in September of 2020 and is believed to have partnered with Qbot malware in November of 2020. Binary Defense analysts monitored the Egregor leak site and reported several outages in early December, the site appeared to have been taken down in late 2020. It is currently unknown if this was due to law enforcement action, but Binary Defense will continue to monitor the situation.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is