Security News > 2021 > January > FBI warns of Egregor ransomware extorting businesses worldwide

FBI warns of Egregor ransomware extorting businesses worldwide
2021-01-07 11:37

The US Federal Bureau of Investigation has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.

The FBI says in a TLP:WHITE Private Industry Notification shared on Wednesday that Egregor claims to have already hit and compromised more than over 150 victims since the agency first observed this malicious activity in September 2020.

"Egregor ransomware utilizes multiple mechanisms to compromise business networks, including targeting business network and employee personal accounts that share access with business networks or devices."

Phishing emails with malicious attachments and insecure Remote Desktop Protocol(RDP) or Virtual Private Networks are some of the attack vectors used by Egregor actors to gain access and to move laterally within their victims' networks.

Egregor is a Ransomware as a Service operation that partners with affiliates who hack networks to deploy ransomware payloads, distributing the ransom payment earnings with the Egregor operators using a 70/30 split.

The FBI has asked companies and individuals affected by ransomware to report any infections for a while now so that it can get a better grasp of the threat and the legal reasons to prosecute ransomware gangs and their operators.


News URL

https://www.bleepingcomputer.com/news/security/fbi-warns-of-egregor-ransomware-extorting-businesses-worldwide/