Computer Security

What is Egregor Ransomware? Why is it Dangerous?

Egregor ransomware attacks are known for their heinous but extremely successful double extortion methods.

The cybercrime gang compromises sensitive data, encrypting it to prevent the victim from accessing it. They then post a portion of the hacked data on the dark web to demonstrate that the exfiltration was effective. The victim is then urged in a ransom letter to pay a predetermined amount within three days to avoid further personal data from being broadcast on the criminal network. The confiscated data is fully decrypted if the ransom is paid before the ultimatum expires.

Since its debut in September 2020, ransomware has been utilised against businesses in a variety of sectors and is expected to continue to pose a danger to enterprises in the future.

Egregor ransomware is typically spread through phishing emails or by exploiting vulnerabilities in software or networks. Once a system is infected, Egregor encrypts files and demands a ransom payment in exchange for the decryption key. The ransom amount is typically in the millions of dollars and is often accompanied by threats to release stolen data or to carry out additional attacks.

Egregor ransomware is known for its sophisticated and aggressive tactics, including the use of double extortion, where hackers not only demand a ransom payment for the decryption key but also threaten to release stolen data if the ransom is not paid. The group behind Egregor ransomware also operates a leak site where they post stolen data from victims who do not pay the ransom.

Tips to Avoid Egregor Ransomware

To minimise the danger of exposure, the following best practices are recommended:

  1. Implement a patch management programme and keep all software and device firmware up to date to reduce the attack surface for zero-day vulnerabilities.
  2. On a periodic basis, deploy the security measures and signatures recommended by your organization’s security OEM.
  3. Back up systems on a regular basis and store backups in a safe, segregated place.
  4. Protect remote access by using strong passwords, limiting remote access permissions to just the required people, disabling remote access when not in use, and using two-factor authentication for remote sessions.
  5. Ensure that workers and network users are informed on phishing’s risks.
  6. Assign unique user credentials to each Admin user. Additionally, user accounts should be granted just the rights necessary to perform job functions.
  7. Enable heuristics (behavioural analysis) in anti-malware programmes to monitor for suspicious behaviour and keep anti-malware software updated.
  8. Monitor network traffic for unusual connections and maintain logs of system and network activities.
  9. Wherever feasible, use network segmentation to restrict the propagation of malicious software and to limit an attacker’s foothold.
Show More

Related Articles

Leave a Reply

Back to top button