Egregor Malware Threatens Public Humiliation on Mass Media

Ransomware operators are continuously adapting new tactics to force their victims into paying a ransom. A few days ago, SunCrypt ransomware operators started targeting their victims with DDoS attack threats to pressurize them. Now, the new ransomware Egregor, which is reportedly a spin-off of Sekhmet ransomware, is threatening its victims by leaking the data on mass media platforms.

What has happened?

Researchers from Appgate Labs have disclosed that the Egregor ransomware, which has been targeting companies worldwide, is threatening to leak their corporate information on social media platforms where it would be visible to their customers and partners.
  • The Egregor ransomware is suspected to be a spin-off of the Sekhmet ransomware as they have several similarities, including API calls, functions, obfuscation techniques, and a similar ransom note.
  • The ransomware demands the payment within three days and threatens to leak the sensitive data on its own Egregor news website, as well as on social media platforms.
  • The Egregor news website lists a total of 13 victims in their hall of shame, including the French logistic company GEFCO.
  • The samples of this malware have been located in Italy, France, Mexico, Germany, Japan, Saudi Arabia, and the U.S.

Recent attacks

Sekhmet, the ransomware that attacks Windows-based devices, has been identified targeting several organizations recently.
  • In late-June, Sekhmet malware targeted a Connecticut-based legal firm CBK Law (Coles, Baldwin, Kaiser & Creager).
  • Around the same time, Sekhmet targeted SilPac, the California-based gas handling solutions company, and released an archive of their data.
  • At the beginning of June, Sekhmet operators claimed to have targeted Excis, an international IT firm.

Ending notes

Modern ransomware families such as Egregor, Sekhmet, and SunCrypt often do not use any out-of-the-box techniques to target their victims. They are using basic methods such as unpatched vulnerabilities or malicious spam emails. Therefore, experts recommend patching all the applications regularly and using spam filters as the first line of defense against such threats.