fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Egregor Ransomware Members Arrested By Ukrainian, French Police

Egregor Ransomware Members Arrested By Ukrainian, French Police

A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine.

As reported first by France Inter, on Tuesday, law enforcement made the arrests after French authorities could trace ransom payments to individuals located in Ukraine.

The arrested individuals are thought to be Egregor affiliates whose job was to hack into corporate networks and deploy the ransomware. France Inter also reports some individuals provided logistical and financial support.

Over this past year, Egregor has attacked numerous French organizations, including UbisoftOuest France, and, more recently Gefko.

The operation was reported launched through an investigation opened last fall by the Tribunal de grande instance de Paris after receiving complaints about the ransomware gang.

It is not known at this time how many people were arrested.

BleepingComputer.com has contacted French law enforcement but has not heard back at this time.

Also Read: What Do 4 Messaging Apps Get From You? Read The iOS Privacy App Labels

Rise and fall of Egregor

Egregor operates as a ransomware-as-a-service (RaaS) where affiliates partner with the ransomware developers to conduct attacks and split the ransom payments.

In partnerships like this, the ransomware developers are responsible for developing the malware and running the payment site. At the same time, the affiliates are responsible for hacking into victims’ networks and deploying the ransomware.

As part of this arrangement, developers earn between 20-30% of a ransom payment, while affiliates make the other 70-80%.

Egregor launched in the middle of September, just as one of the largest groups known as Maze began shutting down its operation.

At the time, threat actors told BleepingComputer that Maze affiliates moved to the Egregor RaaS, allowing the new ransomware operation to launch with experienced and skilled hackers.

In November, the ransomware gang partnered with the Qbot malware to gain access to victims’ networks, increasing the volume of attacks even further.

Due to Egregor growing so quickly in a relatively short period, victims had to wait in a queue to negotiate a ransomware payment.

Victim told to wait in queue for negotiation

In early December, Egregor suddenly started slowing down with far fewer attacks conducted by the operation. You can see this dramatic decrease beginning on December 9th, 2020, in the graph below of Egregor submissions to ID Ransomware.

ID-Ransomware submission stats showing a huge decline

Last month, Bill Siegel, CEO of ransom negotiation firm Coveware, told BleepingComputer that they too had seen a decline in Egregor attacks and told us affiliates might have moved to another RaaS.

In January, Egregor’s data leak site went offline for approximately two weeks, and when it came online again, there were issues with the site. This unusual activity led other threat actors to become suspicious that Egregor was hacked or breached by aw enforcement.

Hackers concerned Egregor may have been 

Whether the decline of Egregor activity is law enforcement related or simply the ebbs and flows of ransomware operations is not currently known.

In a new report released last week by cybersecurity firm Kivu, researchers state that Egregor has amassed over 200 victims since it launched, and is comprised of 10-12 core members and 20-25 semi-exclusively vetted members.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

Some of the well-known companies that have been attacked by Egregor include Barnes and NobleKmartCencosudRandstad, Vancouver’s TransLink metro system, and Crytek. 

Thx to pancak3 for the tip!

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us