New malware is on the rise. The Egregor malware has only been in active for 2 months, but it is already becoming apparent that its use among hackers continues to grow. One reason for this could be that the cyber group behind the ransomware apparently retired from an announcement in early November. It also announced that there would be no official successor to the previous one, but the makers of Egregor seem to be doing everything they can to fill the void.
The new ransomware was checked by security researchers. They identified at least 70 victims from different countries, including well known names like Ubisoft. The cyber attackers proceed in a very planned manner and prepare each attack carefully. The security researchers particularly emphasize that the criminals can adapt to the circumstances of the most diverse sectors. This suggests that they have been active for some time.
As is common with other ransomware, Egregor’s main target is money, payable in cryptocurrency. Here, a scam is used that is now enjoying great opportunity among cyber attackers: The threat is made to publish the stolen information if the victim does not pay the ransom. In some cases, it receives a little bit of information from its own servers with the ransom note as proof that the hackers mean business. How exactly the hackers manage to affect their victims is not yet fully understood. This is probably also due to the ransomware that is programmed and disguised in such a way that security researchers have little chance to check it.
Victims Come From A Wide Variety Of Sectors
Another interesting thing about Egregor is that the victims come from a wide variety of sectors. Even so, there seems to be a certain pattern in the selection. Around a third of the ransomware spreading campaigns targeted goods and services. In addition, most of the victims known to date come from the USA. But it doesn’t have to stay that way, especially since the ransomware apparently aims to fill the void that has left after withdrawal. The adaptability of Egregor allow this conclusion.