Egregor Ransomware

Egregor ransomware encrypts business users’ data with AES+RSA and then requires contact within 3 days for a Bitcoins ransom to get the files back.

Egregor ransomware is a form of malware that’s a modification of both Sekhmet ransomware and Maze ransomware. There are code similarities across all three ransomware variants. They also all seem to target the same victim demographic. Distributors Egregor threatened to publish the stolen data to increase pressure on the victim. To do this, ransomware operators begin to steal data even before encrypting files.

How Does Egregor Ransomware Work?

Egregor ransomware is injected into a victim via a loader. This loader and the subsequently installed ransomware undergo extensive code obfuscation to mitigate static analysis and the possibility of decryption. After a successful breach, the Egregor ransomware manipulates the victim’s firewall settings to enable Remote Desktop Protocol (RDP).

This malware moves throughout the victim’s network, clandestinely identifying and disabling all antivirus software.

Operators of the Egregor ransomware “leaked” data stolen from Ubisoft and Crytek into the network

3 min read

Egregor and Ubisoft and Crytek data

Maze, Egregor ransomware decryption keys released by the developer

Maze, Egregor ransomware decryption keys released by the developer

July 14, 2023

Quick Links About Maze and Egregor ransomwareMaze and Egregor decryption keys released by the developerMaze and Egregor keys: what did they releasedChecking the m0yv_infector On February 9, 2022, amazing news appeared for the...

Maze and Egregor ransomware

Maze and Egregor ransomware operators earned more than $75 million in bitcoins

December 21, 2021

Analyst1 security researchers have calculated that the hackers behind the Maze and Egregor ransomware have already earned more than $75 million in ransoms from their victims. The company’s data is based on transactions that...

What is the Win32:Evo-gen [Trj] virus?

Ransom:Win32/Egregor.XX!MTB

March 16, 2021

Quick Links Ransom:Win32/Egregor.XX!MTBTechnical detailsHow to remove Ransom:Win32/Egregor.XX!MTB ransomware?Are Your Protected? What is Ransom:Win32/Egregor.XX!MTB infection? In this post you will find regarding the definition...

What is the Win32:Evo-gen [Trj] virus?

Ransom:Win32/Egregor.BM!MSR

March 16, 2021

Quick Links Ransom:Win32/Egregor.BM!MSRTechnical detailsHow to remove Ransom:Win32/Egregor.BM!MSR virus?Are Your Protected? What is Ransom:Win32/Egregor.BM!MSR infection? In this short article you will find regarding the meaning...

Egregor attack on transport in Vancouver

Egregor ransomware attack disrupted public transport in Vancouver

March 16, 2021

ZDNet reports that the Egregor ransomware attack disrupted the work of TransLick, a public transport operator in Vancouver, Canada. incident occurred this week, December 1, 2020, and as a result, Vancouver residents were unable...

What is the Win32:Evo-gen [Trj] virus?

Ransom:Win32/Egregor.A!MTB

March 16, 2021

Quick Links Ransom:Win32/Egregor.A!MTBTechnical detailsHow to remove Ransom:Win32/Egregor.A!MTB ransomware?Are Your Protected? What is Ransom:Win32/Egregor.A!MTB infection? In this short article you will certainly discover...

What is the Win32:Evo-gen [Trj] virus?

Ransom:Win32/Egregor!MSR

March 16, 2021

Quick Links Ransom:Win32/Egregor!MSRTechnical detailsHow to remove Ransom:Win32/Egregor!MSR virus?Are Your Protected? What is Ransom:Win32/Egregor!MSR infection? In this post you will certainly locate about the definition of...

Egregor ransomware attacked Cencosud

Egregor ransomware attacked largest Chilian retailer Cencosud

March 16, 2021

Bleeping Computer reports that the Egregor ransomware attacked the Chilean company Cencosud, one of the largest retailers in South America. me remind you that Egregor began its activity quite recently – in early September...