Digitaltech Media

Cyberspace-A Comprehensive Take on Egregor Ransomware

Egregor is a ransomware variant that appears to have infected various organisations for several months. It is a part of the Sekhmet malware family, active since September 2020. Generally, ransomware groups operate by stealing sensitive information, hacks into companies, and demanding ransom in exchange for interpreted documents. Undoubtedly, the Egregor Ransomware group is active right now and may shift its attacks from the gaming section to another.

The ransomware uses various anti-analysis techniques such as packed payloads, code obfuscation, or others. It means that the malicious code takes out itself in memory to avoid security tool detection. Until the same command is used that attackers used to run it, the ransomware will not display functionalities. Hence, it becomes problematic for the analyst to analyse samples effortlessly.

How Did Egregor- A New Ransomware Unfold?

In the recent attack, the ransomware group claimed to have stolen unencrypted documents and leaked screenshots as proof. Later on, the company confirmed that affected data involved shipping, email, billing, and even history of addresses. Initially, the attacker would gain unlawful access to a Windows domain administrator account. Afterwards, another threat actor was offered access to the hacked system, which further encrypted the network’s devices, holding it for a ransom.

The reason behind the preliminary propagation mechanism and even infection route are still unidentified. However, it is predicted that Egregor Ransomware may penetrate through spam email attachments. Moreover, the maliciously created link shared through instant chats or email can be a reason behind Egregor infiltration.

Best Practices to Get Prevention from Egregor Ransomware

Network users and administrators are highly advised to take significant preventive measures to get prevention from ransomware attacks:

Hence, it’s crucial for all firms to proactively take adequate measures like updating the system with up-to-date patches, backup, and more. Additionally, Egregor Ransomware prevention involves data protection with high encryption.

Exit mobile version