Return to the index

FBI Alert on Growing Egregor Ransomware Threat

January 11, 2021


The FBI issued a warning late last week over the growing threat from the operators behind the Egregor ransomware variant. The Egregor network claim to have compromised approximately 150 corporate networks in the U.S. and other countries with extortion demands up to $4 million.

Egregor is one of several operations that download data before locking victims out of the systems by encrypting their disks. They then extort the victim by threatening publication of the data.

Techniques:

Scott Fergusen in GovInfoSecurity.com reports:

"There are a couple of unusual things about Egregor," says Brett Callow, a threat analyst at security firm Emsisoft. "First, it can spit out the ransom note on any connected printer - which seems like a somewhat odd move as it often results in incidents quickly becoming public knowledge, meaning companies no longer have the incentive to pay quickly and quietly to avoid publicity. "Secondly, the group initially racked up victims at an unprecedented rate. This is probably because multiple threat actors joined Egregor's affiliate program after the Maze group ended its operation, taking with them details of compromised networks that had yet to be exploited."

FBI Recommended Mitigation

Organizations can take several steps to mitigate the risk of Egregor and other ransomware attacks, including:


License: Creative Commons Attribution 4.0 International (CC BY 4.0)

Return to the index