Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data

A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a siphoning tactic off corporate information and threatening a “mass-media” release of it before encrypting all files.

- Advertisement -

Egregor is an occult term meant to signify the collective energy or force of a group of individuals, mostly when they are united toward a common purpose — apropos for a ransomware gang. According to an Applegate analysis, the code seems to be a spinoff of the Sekhmet ransomware (itself named for the Egyptian goddess of healing). Other researchers also noted this link.

“We found similarities in both Sekhmet and Egregor ransomware, such as obfuscation techniques, functions, API calls and strings, such as %Greetings2target% and %sekhmet_data% changing to %egregor_data%,” Gustavo Palazzolo, a security researcher at Applegate, told Threatpost. “Furthermore, the ransom note is also fairly similar.”

Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data
Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data

As far as other technical details, “The sample we analyzed has many anti-analysis techniques in places, such as code obfuscation and packed payloads,” according to the firm’s research, announced Friday. “Also, in one of the execution stages, the Egregor payload can only be decrypted if the correct key is provided in the process’ command line, which means that the file cannot be analyzed, either manually or using a sandbox if the same command line that the attackers used to run the ransomware isn’t provided.”

Further, “we have found that Egregor can receive additional parameters via command line, such as ‘nomimikatz,’ ‘killed,’ ‘no rename,’ among others,” Palazzolo said. “At the moment, our team is still revers- engineering the malware to get the whole picture. Furthermore, we will continue to monitor any possible variant emerging from this family.”

- Advertisement -

Overall, he said, it has the same sophistication level as other ransomware families. However, Egregor implements a high number of anti-analysis techniques, such as code obfuscation and payload encryption.

Also Read:


Xiaomi India Black Friday sale

Xiaomi has announced that it will be holding a Black Friday sale in India, starting from November 26, which will go on till November...

2FA bypass discovered in web hosting software cPanel

Security researchers have discovered a major security flaw in cPanel, a popular software suite used by web hosting companies to manage websites for their customers. The...

YouTube 8K Streaming Support Reportedly Rolling Out to Select Android TV Users

YouTube is reportedly rolling out 8K streaming support for select Android TV users as part of the company’s plans to possibly bring the feature to all users everywhere. According...

Oppo Reno 5 Pro 5G could Come with Quad Camera Specifications

There is a lot of buzz around Oppo’s next flagship smartphone series, oppo Reno 5. Already, the smartphone series has appeared in multiple leaks...

Indian Government Bans 43 More Chinese Apps Including Ali Express

The Indian Government has today banned another 43 apps of Chinese origin under section 69A of the Information Technology Act. The news was released...

Leave A Reply

Please enter your comment!
Please enter your name here