“Your company network has been hacked and breached. We downloaded confidential and private data. In case of not contacting us in 3 business days this data will be published on a special website available for public view”
That’s the start of the ransom message in RECOVER-FILES.txt from a new Ransomware-as-a-service known as Egregor, which is profiled in a new threat report from BluVector. Egregor is noted for their aggressive tactics even among the malicious world of ransomware gangs, providing a very short timeline to respond to the extortion attempt with Bitcoin before your company is named and shamed.
The name Egregor comes from the dark web sites where your company’s data will be leaked if you don’t pay up. Since their discovery in September 2020, Egregor has racked up a long list of victims, notably taking credit for hacking Barnes & Noble and the game developers Ubisoft and Crytek. The Barnes & Noble attack impacted the company’s NOOK library for several days, preventing users from accessing their books. And the hackers also claim to have leaked source code from unreleased games.
Egregor’s rapid success penetrating large enterprises shows that they are a formidable threat. Security researchers speculate that based on the rapidly growing number of Egregor victims, a large number of “affiliates” of the Maze ransomware-as-a-service may be moving over to Egregor. Maze recently announced its closure, and the decrease in Maze attacks has corresponded to a large uptick for Egregor. For more details on Egregor, check out the full report. Based on back testing of samples of Egregor, BluVector’s Machine Learning-powered advanced threat detection would have caught the ransomware before the new cartel even began.