Egregor is a ransomware variant that appears to have infected various organisations for several months. It is a part of the Sekhmet malware family, active since September 2020. Generally, ransomware groups operate by stealing sensitive information, hacks into companies, and demanding ransom in exchange for interpreted documents. Undoubtedly, the Egregor Ransomware group is active right now and may shift its attacks from the gaming section to another.
The ransomware uses various anti-analysis techniques such as packed payloads, code obfuscation, or others. It means that the malicious code takes out itself in memory to avoid security tool detection. Until the same command is used that attackers used to run it, the ransomware will not display functionalities. Hence, it becomes problematic for the analyst to analyse samples effortlessly.
How Did Egregor- A New Ransomware Unfold?
In the recent attack, the ransomware group claimed to have stolen unencrypted documents and leaked screenshots as proof. Later on, the company confirmed that affected data involved shipping, email, billing, and even history of addresses. Initially, the attacker would gain unlawful access to a Windows domain administrator account. Afterwards, another threat actor was offered access to the hacked system, which further encrypted the network’s devices, holding it for a ransom.
The reason behind the preliminary propagation mechanism and even infection route are still unidentified. However, it is predicted that Egregor Ransomware may penetrate through spam email attachments. Moreover, the maliciously created link shared through instant chats or email can be a reason behind Egregor infiltration.
Best Practices to Get Prevention from Egregor Ransomware
Network users and administrators are highly advised to take significant preventive measures to get prevention from ransomware attacks:
- Perform regular backups of all vital data to limit the impact of system loss. It helps in accelerating the recovery process. Apart from it, this data must be kept on a distinct device and involve offline backups.
- Establishing Domain-based Message Authentication, Sender Policy Framework, or other email validation system is efficient to prevent spam. This system helps in detecting email tricking through which most of the ransomware samples reach the corporate email boxes successfully.
- When browsing the web, it’s necessary to follow safe practices. With appropriate content controls, one can ensure that web browsers are highly secured.
- It is critical to ensure the integrity of the information regularly kept in the databases. Additionally, one should not open attachments in unwanted emails.
- Frequently check the backup file contents of every document for any unauthorised encrypted contents of external elements. It is beneficial to ensure the integrity of the scripts or codes being used in a database or sensitive system.
- In the case of genuine URLs, one should close out the email and visit the website of the organisation directly from the browser. For installing and running undesirable software applications, it is essential to restrict the permissions of users.
Hence, it’s crucial for all firms to proactively take adequate measures like updating the system with up-to-date patches, backup, and more. Additionally, Egregor Ransomware prevention involves data protection with high encryption.