The FBI’s Cyber Division leads the nation’s attempts to look into and prosecute internet crimes. Since it was first discovered in September 2020, Egregor has hit various industries globally, including people inside of the U.S., Europe, Asia Pacific and Latin The usa. (FBI)
The recent surge in Egregor ransomware action impressed Palo Alto’s Device 42 to build a whole visualization of the tactics employed by the attack group and the related programs of motion security groups can consider to react.
In the Device 42 ATOM Viewer, security pros can perspective in a desk what ways the attackers applied, then simply click on a chart to see what to permit on a Palo Alto firewall. Firms that really don’t use Palo Alto firewalls can map the info from the Viewer to the MITRE ATT&CK framework.
Jen Miller-Osborn, deputy director of threat intelligence at Unit 42, explained companies really should also be aware of and keep track of the use of commodity malware this sort of as Qakbot, IcedID and Ursnif that could conclude up providing Egregor ransomware as a second-phase payload.
And given that Egregor claims to offer stolen info if ransoms are not paid out, Gallagher claimed it is not enough to simply just have very good backups.
“Organizations want to suppose that their facts has been breached if they undergo an Egregor or any other ransomware attack,” he mentioned. “Blocking popular exfiltration routes for data – these as protecting against Tor connections – can make stealing data far more difficult, but the finest protection is to deny attackers access via email attachment malware and other popular entry factors.”
Due to the fact it was to start with discovered in September 2020, Egregor has hit various industries globally, like people inside of the U.S., Europe, Asia Pacific and Latin America. In North The usa, some of Egregor’s a lot more higher-profile attacks have integrated Barnes and Noble, Kmart and even led to a shutdown of the Vancouver metro very last week.
Egregor retains a lot of similarities to the supposedly shutdown Maze strain, in occasion because each had been derived from the Sekhmet ransomware family. That’s led to some discussion in the investigation community about regardless of whether they are in reality on in the same. Miller-Osborn reported even though affiliate marketers who used the Maze ransomware to conduct their pursuits now look to have probable moved on to Egregor to prevent disrupting their functions, there’s no definitive evidence that the Maze gang merely reformed as Egregor.
Some parts of this article are sourced from:
www.scmagazine.com