Saturday, December 2, 2023

New Ransomware that Threatens Companies to Pay Ransom Within 3 days Else they Leak Data

The threat actor group behind new ransomware dubbed “Egregor” targets companies to steal sensitive data and then encrypt all the files.

Researchers from Appgate, discovered the ransomware, according to their code analysis the ransomware found to be the spinoff of the Sekhmet ransomware.

Egregor Ransomware Targets

The ransomware group targets companies worldwide including the global logistic company GEFCO, according to their advisory at least 13 different companies were infected.

The threat actors behind the ransomware hacking into companies network and steals the sensitive data, once the data exfiltrated they encrypt all the files.

According to the ransom note “if the ransom is not paid by the company within 3 days, and aside from leaking part of the stolen data, they will distribute via mass media where the company’s partners and clients will know that the company was attacked.”

The developers behind the ransomware followed many code obfuscation methods to pack the payloads and it will get decrypted only if the correct decryption key is provided.

Attackers follow this method to avoid manually or sandbox analysis, also the group has an “Egregor news” website, hosted on the deep web to leak stolen data.

“Egregors’ ransom note also says that aside from decrypting all the files in the event the company pays the ransom, they will also provide recommendations for securing the company’s network, “helping” them to avoid being breached again, acting as some sort of black hat pentest team.”

Ransomware attack is quite common nowadays since Malicious software spreading everywhere through various mediums. The cybercriminals that use it are looking to do one thing, extort your money.

You can also read the complete ransomware mitigation checklist

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles