Alleged Members of Egregor Ransomware Cartel Arrested By Trend Micro ( words) Published: 2021-03-26 · Archived: 2026-04-05 23:00:13 UTC Three alleged members of the Egregor ransomware cartel were apprehendedopen on a new tab in Ukraine in a crackdown conducted by the French and Ukrainian authorities last month. The arrests were also made possible with the help of private-public sector partnershipsopen on a new tab, which include Trend Micro. About Egregor ransomware Since its first appearance in September 2020, Egregor ransomware has been involved in high-profile attacks against retailersopen on a new tab, human resource service companiesopen on a new tab, and other organizations. It operated under the ransomware-as-a-service (RaaS)open on a new tab model where groups sell or lease ransomware variants to affiliates, making it relatively easier even for inexperienced cybercriminals to launch attacks. Like some prominent ransomware variants, Egregor employs a “double extortion” technique where the operators threaten affected users with both the loss and public exposure of the encrypted data. The ransomware is typically distributedopen on a new tab as a secondary payload to remote access trojans such as QAKBOT. It also spreadsopen on a new tab through phishing emails with malicious attachments or via remote desktop protocol (RDP) or VPN exploits. Further details on the arrests French law enforcement initiated the investigation on the Egregor operators after the latter launched attacks on several France-based companies for logisticsopen on a new tab, newspaper publicationopen on a new tab, and video game developmentopen on a new tab. The three suspects were arrested after French authorities tracked them down with the help of Ukrainian authorities. The names and the exact designations of the arrestees have not been released. In an email interview with The Recordopen on a new tab about the incident, François B., the Head of the Computer Security Incident Response Team for the French Judicial Police (CSIRT-PJ), cited partnerships with cybersecurity and incident response companies including Trend Micro. He noted that these organizations help in active investigations as they “provide us with the most accurate information on an ongoing case, tools, or threat intelligence data.” Protecting systems against ransomware Ransomware is a persistent security problem that unceasingly and rapidly evolves into an even more destructive threat.  To protect systems from ransomware, users are advised to follow these best practices: Avoid downloading attachments and clicking on links in emails from unverified sources. https://www.trendmicro.com/en_us/research/21/c/egregor-ransomware-cartel-members-arrested.html Page 1 of 2 Regularly patch and update operating systems, programs, and software. Periodically back-up files by observing the 3-2-1 rulenews article: Create at least three copies of the data, store it in two different formats, and keep at least one duplicate offsite. Security solutions such as Trend Micro XDRproductsTMproducts also offer protection across different components of the system, including email, endpoints, servers, cloud workloads, and networks. By collecting and correlating data in all these layers, security and IT teams gain a better context of attacks that otherwise may seem insignificant on their own. This allows faster and more accurate detections. Source: https://www.trendmicro.com/en_us/research/21/c/egregor-ransomware-cartel-members-arrested.html https://www.trendmicro.com/en_us/research/21/c/egregor-ransomware-cartel-members-arrested.html Page 2 of 2