Appeared on the radars of cybersecurity experts last fall after an intense data blackmail campaign, the group of hackers operating the Egregor ransomware has not shown any signs of life for 10 days.
This lull in their misdeeds results from the arrest of several members of the network as part of a high-profile international investigation.
According to the first elements of investigation communicated by the Ukrainian security services (SBU), at least 150 companies were attacked, mainly in the United States and in Europe, for losses estimated at around 66 M €.
Cybercriminals carried out ransomware attacks with encryption of victim data and threats to disclose it without payment of a ransom.
Trilateral action
After the video game publishers Ubisoft or Crytek, the regional newspaper Ouest-France or even major SMEs from the Rhône or Haute-Garonne, the list of victims and complaints filed had grown thicker at the end of 2020. It is a report by Europol in September which led the Paris public prosecutor's office to open an investigation in France, entrusted to the sub-directorate for the fight against cybercrime (SDLC).
After having traced their trail with “technical information” which it prefers to keep secret, the SDLC had consulted with the FBI and the Ukrainian specialized services to intervene in regions where hackers thought they were safe from prosecution.
Their arrests came a few weeks after the dismantling in this same country of the Emotet network which served as a vector of infection.
According to several cybersecurity experts consulted, French investigators simply followed the famous “money trail”, or path taken by ransom money paid in virtual currencies not as untraceable as expected.
Заблокувала діяльність транснаціонального хакерського СБУ угруповання
Масштабна спецоперація проводилась у межах міжнародного співробітництва із компетентними органами США та Франції.
➡️ https://t.co/6rFwTtAklU pic.twitter.com/p1oCWsNwjB
- СБ України (@ServiceSsu) February 17, 2021
"The message of these arrests is that their impunity does not resist the work of investigators and that in France we have a strategy and skills that work", assures Catherine Chambon, the patron of the SDLC.
Accompanied by a liaison officer from the J3 Section (Cybercrime) of the Paris prosecutor's office, five specialized police officers headed to Ukraine at the beginning of the month to compare the evidence accumulated against the individuals arrested with the files assembled by the investigators. Ukrainian.
It could well be the heads of the cybergang, the creators of the ransomware who rent it out to affiliates.
READ ALSO>
Cyber attacks: hospitals, a prime target for "unethical hackers"
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
"We are clearly on the top of the basket," says Catherine Chambon.
What to cut off the thinking heads of the network?
"It is possible but these criminal groups are nebulas with temporary sleepovers", she tempers.
After last week's dismantling, Egregor's DarkNet claim site was no longer showing updates.
These arrested cybercriminals can be prosecuted in France but will not be extradited.
PJ experts returned with computer hardware under analysis but have already discovered "parenthood" in the Egregor malware code with one of its predecessors, Maze, which notably affected Bouygues Construction last year.
One more sign that this cybercrime is recycling the right formulas and is often reborn from these ashes.