It has been reported that law authorities of France and Ukraine have teamed up against the Egregor ransomware gang to disrupt their cybercriminal operations.

According to the France Inter public radio channel, members of the Egregor cyber-criminal gang were tracked by diagnosing and analyzing blockchain records after casualties of the ransomware settled the extorts in Bitcoin.

The cyber-criminals who were arrested in Ukraine are suspected to be the individuals providing financial and logistic backing to the Egregor ransomware gang.

Critical ransomware impact:

An investigation was initiated by the Paris Tribunal de Grande Instance court in the past year when several French corporations and victims had fallen victim to Egregor. 

Some of the affected organizations included logistics company Gefco, video-game developer Ubisoft, newspaper organization Ouest France as well a hospital system based in the south-west region of France. 

Cybersecurity experts state that ransomware has aggregated more than 200 victims since it was initiated, and consists of 10-12 primary members and 20-25 suspected members.

Investigations of Egregor ransomware are still underway and details of the transpired arrests are yet to be disclosed. 

Taking Egregor ransomware down:

Since the Egregor ransomware is a “ransomware-as-a-service” type of malware, it is yet to be confirmed whether the arrested individuals or cyber-criminals were the primary developers of the ransomware or are they one of the many groups that used the “lease” malware for cyberattacks in exchange for a cut out of the profits.

It is suspected that the cyber-criminal group is also responsible for the Maze ransomware attack and that many members have swapped over to the current Egregor ransomware project.

What drove the speculations of law authorities taking down the ransomware were the observations showcasing a sharp decline in cyberattacks employing the ransomware in the past month or two.

As a fact, the website where all the illegal data leaks were getting posted went offline for about two weeks in the month of January and when it came online again, there were several issues with the site. This peculiar activity led to other hackers becoming suspicious that Egregor was breached by law authorities. 

Investigators have tried accessing the data download links posted on the website but were found to be disabled.

Whether the drop in Egregor ransomware activity is a work of the authorities or simply the back and forths of ransomware mal-activities is yet to be determined.