World Sophisticated ransomware arrested in Ukraine

Sophisticated ransomware arrested in Ukraine


- Advertisment -

648x415 des milliers de bases de donnees effacees par des hackers

Thousands of databases erased by hackers – Geeko

The police arrested, on February 9 in Ukraine, several members of a group of cybercriminals, at the origin of several computer attacks in the world including that of everyday life West France, police sources and close to the case announced this Thursday.

This “international operation”, which was carried out in coordination with French and Ukrainian police officers as well as the FBI, put a “stop” to the distribution of ransomware called “Egregor”, details the police in a press release. .

“Double extortion”

According to the first elements of investigation communicated by the Ukrainian security services (SBU), at least 150 companies were attacked, mainly in the United States and in Europe, for losses estimated at around 66 million euros. At least three people were arrested in this crackdown, according to a source close to the file. The homes of the suspects were searched and the computer equipment seized is “still in use” by French investigators sent there, according to the police.

It was a report by Europol in September which led the Paris prosecutor’s office to open an investigation in France, entrusted to the sub-directorate for the fight against cybercrime (SDLC). The group practiced the technique of “double extortion”: on the one hand the encryption and theft of the data of the targeted company, on the other hand the threat of publication of this compromised data on a website if the company refused to pay a ransom in bitcoins, the most famous of virtual currencies.

Different attacks for French hospitals

The ransomware was spread by a prior intrusion “via the sending of phishing emails and poorly secured Windows remote desktop access”, details the French police. Particularly sophisticated, “Egregor” could take control of printers connected to infected computers and print the ransom note, “further amplifying the psychological impact of the extortion”, the same source said.

Several French companies have been targeted by “Egregor”, including the daily West France, the transporter Gefco or the video game giant Ubisoft. Two ransomware attacks have targeted the hospitals of Villefranche-sur-Saône (Rhône) and Dax (Landes) in recent days, but they do not bear the signature of “Egregor”. This worked on the model of software on demand (Raas, Ransomware as a Service): its creators made it available to other hackers, “affiliates”, who took charge of the attacks before sharing the profits.

“A nebula”?

Those arrested are part “rather of the design and production team”, confides Catherine Chambon, the deputy director of the fight against cybercrime at the central directorate of the judicial police. If Catherine Chambon qualifies the operation against “Egregor” as “rather effective dismantling”, she calls for remaining “very careful and modest” in the face of what is similar to “a nebula”.

According to the National Information Systems Security Agency (Anssi), “Egregor would be linked to the end of the activity of the group of attackers behind the Maze ransomware”, the source of an attack in particular. against Bouygues Construction in January 2020. In its turn, could “Egregor” be reborn in another form? “It’s possible, it can be the life of ransomware,” replied Catherine Chambon. “The idea is to gradually insecure cybercriminals, so that they feel less in impunity. Even if, once a crime exists, it has little chance of disappearing ”.



Please enter your comment!
Please enter your name here

Latest news

Telefónica shoots up its profits and cuts the dividend to shareholders

Telefónica increases its profit by 38.5% in 2020, to 1,582 million euros, despite a reduction in its income of...

The EU aims to have a vaccination certificate before summer, but there is no agreement on how it would be used

The 27 urge to speed up the technical work, which will last at least three months, with increasing pressure...

Cellnex, 25,000 million purchases in 14 months: “We are the largest investors in Europe in telecommunications infrastructures”

The company closed 2020 with revenues of 1,608 million (+ 55%), although acquisitions have left losses of 133 million....
- Advertisement -

Altadia is born, a new business giant after the merger of Esmalglass-Itaca-Fritta and the ceramic division of Ferro

The new group will be formed by Esmalglass, Itaca and Fritta together with Ferro TCB, Quimicer, Endeka Ceramics, Vetriceramici,...

Catalonia will allow the opening of shopping centers with limitations after being closed for almost two months due to the coronavirus

These spaces and stores of more than 400 square meters will be able to operate with 30% of the...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you