{
	"id": "7a8807c1-2758-4938-813d-2e9fea1040c0",
	"created_at": "2026-04-06T00:07:17.463089Z",
	"updated_at": "2026-04-10T13:12:13.120621Z",
	"deleted_at": null,
	"sha1_hash": "5fe8e1f0c4202a24f53c864afb42806d4ed2706a",
	"title": "Alleged Members of Egregor Ransomware Cartel Arrested",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45093,
	"plain_text": "Alleged Members of Egregor Ransomware Cartel Arrested\r\nBy Trend Micro ( words)\r\nPublished: 2021-03-26 · Archived: 2026-04-05 23:00:13 UTC\r\nThree alleged members of the Egregor ransomware cartel were apprehendedopen on a new tab in Ukraine in a\r\ncrackdown conducted by the French and Ukrainian authorities last month. The arrests were also made possible\r\nwith the help of private-public sector partnershipsopen on a new tab, which include Trend Micro.\r\nAbout Egregor ransomware\r\nSince its first appearance in September 2020, Egregor ransomware has been involved in high-profile attacks\r\nagainst retailersopen on a new tab, human resource service companiesopen on a new tab, and other organizations.\r\nIt operated under the ransomware-as-a-service (RaaS)open on a new tab model where groups sell or lease\r\nransomware variants to affiliates, making it relatively easier even for inexperienced cybercriminals to launch\r\nattacks. Like some prominent ransomware variants, Egregor employs a “double extortion” technique where the\r\noperators threaten affected users with both the loss and public exposure of the encrypted data.\r\nThe ransomware is typically distributedopen on a new tab as a secondary payload to remote access trojans such as\r\nQAKBOT. It also spreadsopen on a new tab through phishing emails with malicious attachments or via remote\r\ndesktop protocol (RDP) or VPN exploits.\r\nFurther details on the arrests\r\nFrench law enforcement initiated the investigation on the Egregor operators after the latter launched attacks on\r\nseveral France-based companies for logisticsopen on a new tab, newspaper publicationopen on a new tab, and\r\nvideo game developmentopen on a new tab. The three suspects were arrested after French authorities tracked them\r\ndown with the help of Ukrainian authorities. The names and the exact designations of the arrestees have not been\r\nreleased.\r\nIn an email interview with The Recordopen on a new tab about the incident, François B., the Head of the\r\nComputer Security Incident Response Team for the French Judicial Police (CSIRT-PJ), cited partnerships with\r\ncybersecurity and incident response companies including Trend Micro. He noted that these organizations help in\r\nactive investigations as they “provide us with the most accurate information on an ongoing case, tools, or threat\r\nintelligence data.”\r\nProtecting systems against ransomware\r\nRansomware is a persistent security problem that unceasingly and rapidly evolves into an even more destructive\r\nthreat.  To protect systems from ransomware, users are advised to follow these best practices:\r\nAvoid downloading attachments and clicking on links in emails from unverified sources.\r\nhttps://www.trendmicro.com/en_us/research/21/c/egregor-ransomware-cartel-members-arrested.html\r\nPage 1 of 2\n\nRegularly patch and update operating systems, programs, and software.\r\nPeriodically back-up files by observing the 3-2-1 rulenews article: Create at least three copies of the data,\r\nstore it in two different formats, and keep at least one duplicate offsite.\r\nSecurity solutions such as Trend Micro XDRproductsTMproducts also offer protection across different\r\ncomponents of the system, including email, endpoints, servers, cloud workloads, and networks. By collecting and\r\ncorrelating data in all these layers, security and IT teams gain a better context of attacks that otherwise may seem\r\ninsignificant on their own. This allows faster and more accurate detections.\r\nSource: https://www.trendmicro.com/en_us/research/21/c/egregor-ransomware-cartel-members-arrested.html\r\nhttps://www.trendmicro.com/en_us/research/21/c/egregor-ransomware-cartel-members-arrested.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.trendmicro.com/en_us/research/21/c/egregor-ransomware-cartel-members-arrested.html"
	],
	"report_names": [
		"egregor-ransomware-cartel-members-arrested.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434037,
	"ts_updated_at": 1775826733,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5fe8e1f0c4202a24f53c864afb42806d4ed2706a.pdf",
		"text": "https://archive.orkl.eu/5fe8e1f0c4202a24f53c864afb42806d4ed2706a.txt",
		"img": "https://archive.orkl.eu/5fe8e1f0c4202a24f53c864afb42806d4ed2706a.jpg"
	}
}