There are now over 150 businesses worldwide that have encountered disruption from the Egregor ransomware strain. The ransomware has caught the attention of the FBI, with the agency reporting further damage caused by Egregor, as it continues to hit businesses in a variety of different industries across the private sector.
A PDF has been issued to shed new light on the malware, as well as identifying key signs of it. It has been confirmed that Egregor is made up of a large amount of actors.
Egregor compromises networks in lots of different ways, including targeting employee’s personal accounts that share access with business networks or devices. This is particularly prominent since many workforces have shifted to working from home due to the COVID-19 pandemic. It primarily spreads via phishing emails with malicious attachments, or exploits that allow for takeovers through remote desktop protocol (RDP).
Once access is gained, threat actors can move laterally inside networks, by escalating their network privileges. Egregor also exhibits typical ransomware activity, such as exfiltrating and encrypting files on the network, as well as leaving ransom notes on machines to instruct victims to communicate with hackers via an online chat. It should be noted, though, that paying the ransom does not guarantee a victim’s files will be recovered.
Neuways continues to urge businesses to ensure their Business Continuity and Disaster Recovery plans are up-to-date, to ensure that if you are the recipient of a ransomware attack, that you’re able to get back on your feet with as little costly downtime as possible. By making regular backups of your business’ systems and holding secure backups off-site, you’re setting yourself up for a successful recovery from any kind of ransomware attack.