A new sort of ransomware is becoming increasingly prolific as cyber criminals address it as a preferred means of encrypting vulnerable networks in an attempt to take advantage of bitcoin from victims.
Egregor ransomware was first seen in September but it has already become notorious following several status incidents, including attacks against bookseller Barnes & Noble, also as computer game companies.
Stated by the researchers of Digital Shadows, Egregor ransomware has already hit a minimum of 71 victims across 19 different industries across the world – and it’s likely the group behind it’s barely getting started after meticulously planning their activities.
The level of composure of their attacks, ability to infect such a wide range of victims, and significant hike in their activity suggests that Egregor ransomware operators are developing their malware for a few times and are just putting it to (malicious) use, said analysts at Digital Shadows.
Like all ransomware gangs, the most motive behind Egregor is money and so as to face the simplest chance of extorting payment, the gang use what has become a standard common tactic following ransomware attacks – threatening to release private information stolen from the servers of victims if they do not pay. In some cases, attackers will release a snippet of knowledge with the ransom note, as proof they mean business.
While Egregor has impacted organizations during a sort of sectors round the world, therefore seem to be some element of targeting within the attacks – over a 3rd of the campaigns have targeted the economic goods and services sector and thus the overwhelming majority of victims across all sectors are within the US.
One of the reasons Egregor has suddenly surged in numbers appears to be because it’s filling a distinct segment left open by the apparent retirement of the Maze ransomware gang.
Given their sophisticated technical achievement to hinder analysis of malware and target an outsized source of organizations across the ransomware layout, we’ll only conclude that the Egregor ransomware group will likely continue within the future, posing more and more of a risk to your organization.
Egregor ransomware remains new, so it is not yet fully clear how its operators compromise victim networks. Researchers note that the code is heavily obfuscated during a way that seems to be specifically designed to avoid information security teams from having the ability to research the malware.
However, the Digital Shadows analysis does suggest that email phishing might be one among the initial methods of compromise for attacks.
Organizations could go an extended way towards protecting themselves against Egregor ransomware and other malware attacks by employing information security protocols like multi-factor authentication, so if a username and password is taken advantage of by an attacker, there’s an additional barrier that forestalls them from exploiting it.
It’s also highly recommended that organizations apply the newest security patches and updates once they arrive because that forestalls cyber criminals having the ability to take advantage of known vulnerabilities so as to realize access to networks.
And for a further layer of protection against ransomware attacks, organizations should regularly make backups of their network and store them offline, so if the worst happens and thus the network is encrypted, it’s often relatively simply restored without giving into the extortion demands of hackers.