The threat actor group behind new ransomware dubbed “Egregor” targets companies to steal sensitive data and then encrypt all the files.
Appgate Researcher team, discovered the ransomware, according to research team code analysis the ransomware found to be the spinoff of the Sekhmet ransomware.
Ransomware Attack Details
The ransomware group targets companies around the world including the global logistic company GEFCO, according to their team at least 13 different companies were infected with this new ransomware attack.
The threat actors behind the ransomware hacking into companies network and steals the sensitive data, once the data exfiltrated they encrypt all the files.
According to the ransom note “if the ransom is not paid by the company within 3 days, and aside from leaking part of the stolen data, they will distribute via mass media where the company’s partners and clients will know that the company was attacked.”
The developers behind the ransomware followed many code obfuscation methods to pack the payloads and it will get decrypted only if the correct decryption key is provided.
Attackers follow this method to avoid manually or sandbox analysis, also attacker has an “Egregor news” website, hosted on the deep web to leak stolen data.
“Egregors’ ransom note also says that aside from decrypting all the files in the event the company pays the ransom, they will also provide recommendations for securing the company’s network, “helping” them to avoid being breached again, acting as some sort of black hat pentesting team.” This is a new way to attract companies to pay them but most of cybersecurity experts says this is totally unethical. If we start accepting their offer it means we are supporting them.
Ransomware attack is quite common nowadays since Malicious software spreading everywhere through various mediums. The cybercriminals that use it are looking to do one thing, extort your money.