Security News > 2020 > October > Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data

A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a "Mass-media" release of it before encrypting all files.

Egregor is an occult term meant to signify the collective energy or force of a group of individuals, especially when the individuals are united toward a common purpose - apropos for a ransomware gang.

"Also, in one of the execution stages, the Egregor payload can only be decrypted if the correct key is provided in the process' command line, which means that the file cannot be analyzed, either manually or using a sandbox, if the exact same command line that the attackers used to run the ransomware isn't provided."

Overall, he said, it has the same sophistication level as other ransomware families, however Egregor implements a high number of anti-analysis techniques, such as code obfuscation and payload encryption.

In a twist from the usual double-extortion tactics used by ransomware families like NetWalker, the Egregor operators threaten to distribute stolen via "Mass media," so that a victim company's partners and clients will know that the company was attacked.

News URL

https://threatpost.com/egregor-ransomware-mass-media-corporate-data/159816/