New Ransomware Variant Could be the Next Big Malware Threat to Business

New Egregor ransomware has been gaining traction since emerging in September.

A new form of ransomware is becoming increasingly prolific as cybercriminals turn to it as a preferred means of encrypting vulnerable networks in an effort to exploit bitcoin from victims.

Egregor ransomware first emerged in September but has already become notorious following several high-profile incidents, including attacks against Barnes & Noble and video game companies Ubisoft and Crytek.

According to cybersecurity researchers at Digital Shadows, Egregor ransomware has already victimized at least 71 companies across 19 different industries around the world. One of the reasons Egregor has suddenly surged in numbers appears to be because it’s filling a gap left open by the apparent retirement of the Maze ransomware gang.

“The level of sophistication of their attacks, adaptability to infect such a broad range of victims, and significant increase in their activity suggests that Egregor ransomware operators have been developing their malware for some time and are just now putting it to use,” said Lauren Palace, analyst at Digital Shadows.

The gang behind Egregor is also using a now-common tactic of threatening to release private information stolen from victims’ servers if they don’t pay. In some cases, attackers will release a snippet of information with the ransom note as proof they mean business.

While Egregor has impacted organizations in a variety of sectors around the world, the vast majority of victims across all sectors are in the US.

Egregor ransomware is still new, so it isn’t yet fully clear how its operators compromise victim networks. Researchers note that the code is heavily obfuscated in a way that seems to be specifically designed to prevent information security teams from being able to analyze the malware. However, the analysis does suggest that email phishing could be one of the initial methods of compromise for attacks.

Three things your organization can do to protect against ransomware:

  1. Use multi-factor authentication; this provides an extra barrier if a username and password are compromised.
  2. Apply the latest security patches and updates when they arrive to prevent cybercriminals from being able to exploit known vulnerabilities in order to gain access to networks.
  3. Regularly make backups of your network and store them offline. If the worst happens and the network is encrypted, it can be relatively simply restored without giving into the extortion demands of hackers.

If you have questions about ransomware or how to protect your organization against IT security threats, contact ITPAC today.