New data leak extortion ransomware, Egregor, discovered

A new family of ransomware, which calls itself Egregor, has been uncovered by security analysts after infecting several businesses worldwide. Cyber extortion is the threat of choice fuelling this cyber attack, leaking data as a way to add extra pressure.

A recent report by Coveware found that of the countless ransomware cases during Q2 2020, 30% included a threat to release data.

Egregor appears to be a ‘spin-off’ from a previous ransomware known as Sekhmet. It uses several types of anti-analysis techniques, including packed payloads and code obfuscation to help avoid detection.

How were the businesses breached?

According to reports, the cyber criminals behind the attacks hacked into organisation’s networks, stole sensitive data and then ran Egregor to encrypt files.

What are the cyber criminals after?

The ransom note supplied explains that the infected business has just 3 days to pay the ransom, otherwise the criminal group will leak data via their website on the deep web and broadcast the breach to the media.

Some publications have reported the ransom price being as high as $1,2000,000 but this hasn’t yet been confirmed.

Victims are directed to the Egregor website where, rather brutishly, they have to follow directions from the attacker through a live chat to complete payment. Once payment has been transferred, businesses will get full decryption of machine on their network, full file listing of downloaded data and confirmation of downloaded data deletion from the criminals servers.

In a bazaar twist, the criminals will also provide security recommendations to help businesses avoid being breached in the future.

How can you defend your business from ransomware?

You don’t need cyber security advice from cyber criminals to protect your organisation, just robust habits and processes.

The most common points of entry for this vicious malware are phishing emails, compromised websites, vulnerable Remote Desktop Protocol (RDP) sessions and fake free software promises. People and endpoints are often the weakest links, particularly right now thanks to remote working.

That’s why frequent cyber security awareness training, emphasising vigilance, teaching tactic recognition and testing acumen, is necessary as a baseline safeguarding.

Layer onto that a powerful security solution that is ransomware-proof. On average 33% of businesses experience a ransomware attack, and every business has some type of protection in place. It’s evident that not all solutions are capable.

The best defence is a smart endpoint detection and response (EDR) solution, like Securyx, that can block threats on execution, predict hidden ransomware attacks with behavioural AI and rollback any attacks without needing to rely on backups.

If you would like to find out how our combination of powerful EDR technology and 24x7x365 endpoint monitoring can protect your business from ransomware, contact us today.