Cybercrime does not stop doing its thing. Cases of individuals or organizations that have been victims of cyber attacks are often reported. Malicious people who seek to breach our computer systems, and use confidential information to request a ransom in exchange, mostly through bitcoins.

In recent weeks a new type of ransomware has been registered, it is Egregor. So far, several incidents with this malware have been reported, including attacks against Barnes & Noble, Ubisoft and Crytek, executed in October.

Regarding the attack on Barnes & Noble, the crooks said they had quite sensitive financial data on this bookstore. Similarly, they claimed to have “stolen the source code” of the Ubisoft game, Watchdogs: Legion, which has not yet been released. A similar case was reported by Crytek, a company that claimed to have lost 400 MB of data related to the “Warface” shooter.

According to a report Posted by Digital ShadowsAs of this November 17, Egregor has claimed more than 71 victims worldwide, of which 19 are vertical industries. It also indicates that 38% of the attacks are aimed at the industrial goods and services sector, and 83% are based in the United States. Why the US and not other countries?

But how does Egregor operate? Little is known about this ransomware, as it has very little time in the cyber world. However, the Digital Shadows research team suggests that hackers have been working on this new modality for “some time”. Why? Because their attacks are very sophisticated and have been booming.

Egregor is characterized by releasing part of the stolen information to make the victims see that they have effectively violated their systems. Obviously, for the purpose of obtaining money in return.

Windows is the most vulnerable to Egregor, according to report

The group of researchers points out that this malicious code “maintains multiple anti-analysis techniques, such as code obfuscation and packed payloads, which makes it difficult to analyze the malware.” This ransomware uses Windows APIs to encrypt payload data, causing the data to be unencrypted. Unless the company manages to do it, which is quite difficult, as reported so far.

This malware encrypts files and attaches a ransom note with a message instructing victims “to download the TOR from the dark web browser and contact its developers within the next three days.” In case the victim does not comply with the requirements, the information will be published on the data leakage site (DLS) of “Egregor News” for public use.

How can I protect myself from this new ransomware? The answer lies in prevention, keeping your systems up to date, backing up information and avoiding phishing.

