What is Egregor Ransomware

Egregor ransomware attacks are known for their heinous but extremely successful double extortion methods. The cybercrime gang compromises sensitive data, encrypting it to prevent the victim from accessing it. They then post a portion of the hacked data on the dark web to demonstrate that the exfiltration was effective. The victim is then urged in a ransom letter to pay a predetermined amount within three days in order to avoid further personal data from being broadcast on the criminal network. If the ransom is paid before the ultimatum expires, the confiscated data is fully decrypted.

Since its debut in September 2020, ransomware has been utilised against businesses in a variety of sectors and is expected to continue to pose a danger to enterprises in the future.

Issuers, Acquirers, and Merchants:

To minimise the danger of exposure, the following best practices are recommended:

  1. Implement a patch management programme and keep all software and device firmware up to date to reduce the attack surface for zero-day vulnerabilities.
  2. On a periodic basis, deploy the security measures and signatures recommended by your organization’s security OEM.
  3. Back up systems on a regular basis and store backups in a safe, segregated place.
  4. Protect remote access by using strong passwords, limiting remote access permissions to just the required people, disabling remote access when not in use, and using two-factor authentication for remote sessions.
  5. Ensure that workers and network users are informed on phishing’s risks.
  6. Assign unique user credentials to each Admin user. Additionally, user accounts should be granted just the rights necessary to perform job functions.
  7. Enable heuristics (behavioural analysis) in anti-malware programmes to monitor for suspicious behaviour and keep anti-malware software updated.
  8. Monitor network traffic for unusual connections and maintain logs of system and network activities.
  9. Wherever feasible, use network segmentation to restrict the propagation of malicious software and to limit an attacker’s foothold.
Exit mobile version