What is Egregor Ransomware?
Like most ransomware, it is deployed to shut down operations and bring companies to a grinding halt. Much like the second variant of COVID-19, it was first spotted in September 2020 and has been rapidly gaining ground ever since.
Egregor is a variant of Ransom. Sekhmet – it shares much of the same obfuscation and API-calls. Already, the likes of recruitment giant Randstad, bookseller Barnes & Noble, and retailer Kmart have all fallen victim.
How does Egregor Circulate?
Although there’s still no proof on exactly how Egregor ransomware gains initial access, it is thought that the techniques are similar to Maze ransomware in the way a network’s vulnerabilities are exploited.
The main method appears to be through remote access trojans (RATs) such as QAKBOT, where targeted environments are compromised through various means (phishing emails in the case of Randstad). Once the RAT payload has been established, it is then able to launch Egregor payloads.
When the Egregor ransomware group has breached a network, they look for data and servers that are most critical to the victim. This gives them leverage and a greater chance to cash in their ransom demand.
Much like Maze ransomware, Egregor uses a “double extortion” technique. Ransomware operators threaten the victim with data loss and publicly announcing the loss if they fail to pay the ransom.
Victims that pay the ransom do not have their data decrypted. Instead, the perpetrators provide recommendations for securing the company’s network. The impact on a business can be catastrophic.
How Can you Protect your Business Against Egregor?
At the very minimum, businesses should take the following steps:
- Patch and update existing systems’ software, checking for and addressing any potential vulnerabilities. This should include all IT infrastructure and Security
- Carry out regular security audits of current IT infrastructure and security products.
- Know exactly where data is stored and have a comprehensive data backup plan, including secure offsite backup.
- Use a third party mail security filter such as Barracuda or Sophos that detect, block, and analyse malicious emails through custom sandboxing and other detection methods.
- Enable Multifactor Authentication on all users to stop an intruder (even with a correct password). Yes, it is a pain to enter a random code every time you log in, but it is worth it.
- Ensure all employees are trained in cybersecurity best practices, especially regarding common access techniques such as email and compromised websites.
Crucially, it’s important to remember that just because data is in the Cloud does not mean it is backed up. Imagine your Office 365 account has been hacked with ransomware. All your emails are now inaccessible, and both your email and your other files are encrypted. How would you recover from that?
If your answer is, I don’t know, Agile Technical Solutions can help. We can put in place a robust data backup and IT security plan to protect your business and give you peace of mind.