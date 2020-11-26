Infosecurity Group Websites
Latest
News

New Egregor Ransomware Steps into Maze Group’s Shoes

Security experts are warning that a new ransomware group is rapidly escalating threat activity, with double extortion attacks on scores of victims so far in Q4.

The Egregor group first came to light with an attack on Barnes & Noble and video game developers Ubisoft and Crytek back in October, according to Digital Shadows.

In fact, the group has been active since September, when it compromised 15 victims. Then came a massive 240% spike in numbers, with 51 organizations hit the following month. As of November 17, it had added a further 21 victims.

According to the security vendor, a plurality of Egregor victims come from the industrial goods and services sector (38%), and the vast majority so far (83%) have been US-based.

The malware itself has been designed with multiple anti-analysis measures built in, such as code obfuscation and packed payloads, Digital Shadows claimed.

“More specifically, Windows application programming interfaces (APIs) are leveraged to encrypt the payload data. Unless security teams can present the correct command-line argument, then the data cannot be decrypted, and the malware cannot be analyzed,” it added.

“When the correct command-line argument is presented, the malware executes by injecting into iexplore.exe process, encrypting all text files and documents, and enclosing a ransom note within each folder that has an encrypted file. This process includes files on remote machines and servers through checks on LogMeIn event logs.”

Like many groups operating today, the actors behind Egregor maintain a dark web site on which they post data stolen from victims in a bid to force a ransom payment. In this respect it has followed the lead of the infamous Maze group, which ceased operations in October.

For example, it posted 200MB of data on in-game assets from Ubisoft and claimed to have source code from an unreleased title, Watchdogs: Legion. In the case of Crytek, 400MB of data was confirmed stolen related to titles Warface and Arena of Fate, Digital Shadows noted.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Raytheon Employee Jailed for Exporting Missile Data to China

2
News

Cyber-attacks Reported on Three US Healthcare Providers

3
News

Anonymous Hacks Uganda Police Website

4
News

Louisiana Hospitals Report Data Breach

5
News

Phishing Most Frequently Reported Cybercrime in US

6
News

Nigerians Arrested Over International BEC Scam

1
News

GDPR Has Had Successes, Requires Public Knowledge of Data Spread

2
News

Defining Codes of Conduct to Enable Post Brexit GDPR Compliance

3
News

DDoS Attacks Against Online Retailers Increase Four-Fold During Pandemic

4
News

Acronis and World Economic Forum Partner to Combat Global Cybercrime

5
Blog

Email Attacks on the Retail Industry: ‘Tis the Season

6
News

New Egregor Ransomware Steps into Maze Group’s Shoes

1
Webinar

How to Mitigate Insider Threats in the Current Technology Landscape

2
Webinar

Putting People First: Overcoming Human Error in Email Security

3
Webinar

2020 Cybersecurity Headlines in Review

4
Webinar

Behind the Scenes of a Live DDoS and BOT Attack: Launch and Mitigation

5
Webinar

The Remote Workplace: Managing the New Threat Landscape with ISO 27001

6
Webinar

Enabling Incident Response in a Remote Working Landscape

1
News Feature

#IFAW2020: Fighting Back Against Rising Fraud During #COVID19

2
Blog

Solving the Global Cybersecurity Skills Gap in Two Simple Steps

3
Interview

#IFAW2020 Interview: David Britton, VP of Industry Solutions, Experian

4
Webinar

How to Mitigate Insider Threats in the Current Technology Landscape

5
Opinion

#HowTo Master Cybersecurity Training with a Third Party

6
Interview

Interview: Richard Betts and Eward Driehuis, Cybersprint