Egregor Ransomware

Egregor ransomware encrypts business users’ data with AES+RSA and then requires contact within 3 days for a Bitcoins ransom to get the files back.

Egregor ransomware is a form of malware that’s a modification of both Sekhmet ransomware and Maze ransomware. There are code similarities across all three ransomware variants. They also all seem to target the same victim demographic. Distributors Egregor threatened to publish the stolen data to increase pressure on the victim. To do this, ransomware operators begin to steal data even before encrypting files.

How Does Egregor Ransomware Work?

Egregor ransomware is injected into a victim via a loader. This loader and the subsequently installed ransomware undergo extensive code obfuscation to mitigate static analysis and the possibility of decryption. After a successful breach, the Egregor ransomware manipulates the victim’s firewall settings to enable Remote Desktop Protocol (RDP).

This malware moves throughout the victim’s network, clandestinely identifying and disabling all antivirus software.

Operators of the Egregor ransomware “leaked” data stolen from Ubisoft and Crytek into the network

3 min read

Egregor and Ubisoft and Crytek data

Maze, Egregor ransomware decryption keys released by the developer

Maze, Egregor ransomware decryption keys released by the developer

July 14, 2023

On February 9, 2022, amazing news appeared for the victims of Maze, Sekhmet and Egregor ransomware. The master decryption key was released by the developer of both malicious groups, which changed each other through time. This...

Maze and Egregor ransomware

Maze and Egregor ransomware operators earned more than $75 million in bitcoins

December 21, 2021

Analyst1 security researchers have calculated that the hackers behind the Maze and Egregor ransomware have already earned more than $75 million in ransoms from their victims. The company’s data is based on transactions that...

What is the Win32:Evo-gen [Trj] virus?

Ransom:Win32/Egregor.XX!MTB

March 16, 2021

What is Ransom:Win32/Egregor.XX!MTB infection? In this post you will find regarding the definition of Ransom:Win32/Egregor.XX!MTB and its adverse impact on your computer. Such ransomware are a type of malware that is specified by...

What is the Win32:Evo-gen [Trj] virus?

Ransom:Win32/Egregor.BM!MSR

March 16, 2021

What is Ransom:Win32/Egregor.BM!MSR infection? In this short article you will find regarding the meaning of Ransom:Win32/Egregor.BM!MSR and also its unfavorable impact on your computer. Such ransomware are a form of malware that...

Egregor attack on transport in Vancouver

Egregor ransomware attack disrupted public transport in Vancouver

March 16, 2021

ZDNet reports that the Egregor ransomware attack disrupted the work of TransLick, a public transport operator in Vancouver, Canada. incident occurred this week, December 1, 2020, and as a result, Vancouver residents were unable...

What is the Win32:Evo-gen [Trj] virus?

Ransom:Win32/Egregor.A!MTB

March 16, 2021

What is Ransom:Win32/Egregor.A!MTB infection? In this short article you will certainly discover concerning the meaning of Ransom:Win32/Egregor.A!MTB and also its unfavorable influence on your computer. Such ransomware are a form...

What is the Win32:Evo-gen [Trj] virus?

Ransom:Win32/Egregor!MSR

March 16, 2021

What is Ransom:Win32/Egregor!MSR infection? In this post you will certainly locate about the definition of Ransom:Win32/Egregor!MSR as well as its adverse influence on your computer system. Such ransomware are a type of malware...

Egregor ransomware attacked Cencosud

Egregor ransomware attacked largest Chilian retailer Cencosud

March 16, 2021

Bleeping Computer reports that the Egregor ransomware attacked the Chilean company Cencosud, one of the largest retailers in South America. me remind you that Egregor began its activity quite recently – in early September...