Egregor Ransomware

Egregor ransomware encrypts business users’ data with AES+RSA and then requires contact within 3 days for a Bitcoins ransom to get the files back.

Egregor ransomware is a form of malware that’s a modification of both Sekhmet ransomware and Maze ransomware. There are code similarities across all three ransomware variants. They also all seem to target the same victim demographic. Distributors Egregor threatened to publish the stolen data to increase pressure on the victim. To do this, ransomware operators begin to steal data even before encrypting files.

How Does Egregor Ransomware Work?

Egregor ransomware is injected into a victim via a loader. This loader and the subsequently installed ransomware undergo extensive code obfuscation to mitigate static analysis and the possibility of decryption. After a successful breach, the Egregor ransomware manipulates the victim’s firewall settings to enable Remote Desktop Protocol (RDP).

This malware moves throughout the victim’s network, clandestinely identifying and disabling all antivirus software.

Maze terminates activity

Maze ransomware terminates its activity

March 16, 2021

Bleeping Computer reports that the well-known ransomware Maze, which has existed since May 2019, terminates its activity. It seems that the authors of Maze have decided to follow an example of their “colleagues”, GandCrab malware...

Egregor attacked Barnes & Noble

Egregor ransomware attacked Barnes & Noble bookstore chain

March 16, 2021

The largest bookstore chain in the United States, Barnes & Noble (more than 600 stores in 50 states), which also operates the Nook Digital e-book platform, suffered a hack last week. Now it turned out that Egregor ransomware...