Security experts are warning that a new ransomware group is rapidly escalating threat activity, with double extortion attacks on scores of victims so far in Q4.
In fact, the group has been active since September, when it compromised 15 victims. Then came a massive 240% spike in numbers, with 51 organizations hit the following month. As of November 17, it had added a further 21 victims.
According to the security vendor, a plurality of Egregor victims come from the industrial goods and services sector (38%), and the vast majority so far (83%) have been US-based.
The malware itself has been designed with multiple anti-analysis measures built in, such as code obfuscation and packed payloads, Digital Shadows claimed.
“More specifically, Windows application programming interfaces (APIs) are leveraged to encrypt the payload data. Unless security teams can present the correct command-line argument, then the data cannot be decrypted, and the malware cannot be analyzed,”
it added.
“When the correct command-line argument is presented, the malware executes by injecting into iexplore.exe process, encrypting all text files and documents, and enclosing a ransom note within each folder that has an encrypted file. This process includes files on remote machines and servers through checks on LogMeIn event logs.”
www.infosecurity-magazine.com
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
