Meet Egregor: the next big malware threat to your business

Get a free Techzine subscription!

The new group has become the leading ransomware variant, say industry experts.

A new ransomware group has emerged on the scene and quickly shot up to the top in terms of threat magnitude.

Cybersecurity researchers at Digital Shadows say the new variant is becoming increasingly prolific. Cyber criminals are using Egregor as a preferred means of attacking and holding hostage vulnerable networks. Their goal is to exploit bitcoin from victims.

Who is the Egregor ransomware group?

Egregor ransomware first emerged in September. However, it has already become notorious following several high profile incidents. These includeg attacks against bookseller Barnes & Noble, as well as video game companies Ubisoft and Crytek.

Egregor has had a very dynamic Q4, according to Digital Shadows. As of November 17th, 2020, the Egregor ransomware group has named 71 victims spanning across 19 different industry verticals. Most victims (69) were located in the USA.

“The level of sophistication of their attacks, adaptability to infect such a broad range of victims, and significant increase in their activity suggests that Egregor ransomware operators have been developing their malware for some time and are just now putting it to (malicious) use,” said Lauren Place of Digital Shadows.

How the group operates

In terms of motives, Egregor’s double-extortion ransomware model proves them to be financially-motivated, says Place. “Following this model, Egregor completes a breach and then begins to release data easily traceable to the victim as proof while demanding a hefty ransom sum in exchange for not releasing more.”

Due to the short time it has been in operation, there is limited information about their common tactics, techniques, and procedures (TTP’s), according to Digital Shadows.

Place explains. “So far, our researchers have found that the Egregor malware maintains multiple anti-analysis techniques. They use such methods as code obfuscation and packed payloads, making it challenging to analyze the malware.”

Place advises enterprises to take the threat seriously. “Given their sophisticated technical capabilities to hinder analysis of malware and target a large variety of organizations across the ransomware landscape, we can only conclude that the Egregor ransomware group will likely continue in the future, posing more and more of a risk to your organization,” she said.

Tip: Cybercrime becomes more sophisticated: ‘we can’t continue like this.’