Security News > 2021 > February > Egregor ransomware affiliates arrested by Ukrainian, French police
A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine.
The arrested individuals are thought to be Egregor affiliates whose job was to hack into corporate networks and deploy the ransomware.
Egregor operates as a ransomware-as-a-service where affiliates partner with the ransomware developers to conduct attacks and split the ransom payments.
At the time, threat actors told BleepingComputer that Maze affiliates moved to the Egregor RaaS, allowing the new ransomware operation to launch with experienced and skilled hackers.
Last month, Bill Siegel, CEO of ransom negotiation firm Coveware, told BleepingComputer that they too had seen a decline in Egregor attacks and told us affiliates might have moved to another RaaS. In January, Egregor's data leak site went offline for approximately two weeks, and when it came online again, there were issues with the site.
Whether the decline of Egregor activity is law enforcement related or simply the ebbs and flows of ransomware operations is not currently known.