Egregor ransomware has now compromised more than 150 victims since its first appearance in September 2020. The FBI recently released a security alert warning private sector firms about this ransomware.
Egregor ransomware uses several mechanisms to target business networks, such as compromising business networks and personal accounts of employees sharing access with business networks or devices.
- The most targeted sectors by this ransomware include enterprise, manufacturing, education, transport, and retail. In addition, the affected regions include South and North Americas and Western Europe.
- Email phishing is believed to be the initial method of infection used by the Egregor operators. Phishing emails laden with attachments and exposed RDP or VPNs are some of the attack vectors used by Egregor to gain access into the victim’s network.
- In addition, the ransomware uses a post-exploitation tool such as Cobalt Strike, Qakbot/Qbot malware, Advanced IP Scanner, along with AdFind, for lateral network movement and privilege escalation.