Researchers from cybersecurity firm Appgate uncovered a new ransomware variant “Egregor” targeting organizations globally to encrypt files that hold sensitive information. The researchers stated that Egregor seems to be derived from the Sekhmet malware family. The threat group uses code obfuscation and packed payloads to escape security detection. The researchers also found Egregor’s news website hosted on the dark web, which is used for leaking stolen data and other malicious activities.
After encrypting sensitive files, the ransomware group asked companies for ransom. Egregor’s ransom note specifically states that if the ransom is not paid by the company within 3 days, and aside from leaking part of the stolen data, they will distribute the files via mass media where the company’s partners and clients will know that the company was attacked. However, if the company agrees to pay the ransom, the hackers provide recommendations for securing the company’s network after decrypting all the files.
“The Egregor payload can only be decrypted if the correct key is provided in the process’ command line, which means that the file cannot be analyzed, either manually or using a sandbox, if the exact same command line that the attackers used to run the ransomware isn’t provided,” Appgate stated.
Egregor’s “hall of shame” lists 13 different companies, including the global logistics company GEFCO, which also fell prey to a cyberattack recently.
121.4 Mn Ransomware Attacks Recorded in H1 of 2020
A survey from cybersecurity firm SonicWall revealed that the opportunistic use of COVID-19 pandemic by cybercriminals has resulted in the rise of ransomware and IoT malware attacks globally. The survey “2020 SonicWall Cyber Threat Report” found that ransomware continues to be the most concerning threat to enterprises and the preferred attack method, with 121.4 million attacks (20% increase) reported globally in the first half of 2020. The threat researchers recorded 79.9 million ransomware attacks (109% increase) in the U.S. and 5.9 million ransomware attacks (6% decline) in the U.K.