Egregor ransomware could take up where Maze left off

Security researchers warn that new ransomware has claimed at least 71 business victims around the world

Abstract image of a padlock on a dark blue  background to represent cyber security

The hackers behind a new variant of ransomware may have only just started to gain traction, security researchers have warned.

First observed on 25 September, the Egregor ransomware is said to be filling the gap left by the Maze ransomware, which ceased operations last month, according to a blog by researchers at IT security firm Digital Shadows.

In October, Egregor struck Barnes & Noble and video game producers Ubisoft and Crytek. From Barnes & Noble, Egregor hackers released two Windows Registry hives — claiming they contained highly sensitive financial data about the bookseller.

In the attack against video game company Ubisoft, Egregor claimed to have stolen source code for its “Watchdogs: Legion” title, leaking 200MB of data about in-game assets, although there was no confirmation from Ubisoft employees on the matter.

The researchers have said the new Egregor strain shares similarities with Maze, including malware signatures, their target victims being within the industrial goods & services sector, and the practice of leaking company’s sensitive data on a dark web-based “News” website.

Egregor has also had a very busy November, with 71 victims spanning across 19 different industry verticals recorded so far.

“The level of sophistication of their attacks, adaptability to infect such a broad range of victims, and [a] significant increase in their activity suggests that Egregor ransomware operators have been developing their malware for some time and are just now putting it to (malicious) use,” said Lauren Palace, an analyst at Digital Shadows.

Related Resource

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Researchers have found that the criminals behind Egregor tend to release packets of data that are easily traceable to the victim while demanding a hefty ransom to prevent further leaks. Most of the victims, according to Digital Shadows, are clustered in the industrial goods & services sector (38%), with a vast majority of victims being US-based companies (83%).

Egregor attacks are said to have increased 240% from September 25th (15 incidents) to October 31st (51 incidents), and are up a further 43% as of November 17th, bringing the total number of incidents to 71, according to Place.

Given the sophisticated technical capabilities of Egregor hackers to hinder malware analysis, and the fact it's already targeting a large variety of organizations, Digital Shadows has warned that the group will “likely continue in the future, posing more and more of a risk to your organization”.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021