egregor (5)

10099051699?profile=RESIZE_400xIf you or your company was unfortunate enough to be caught in the web of a ransomware attack, the consequences may have been devastating.  Hopefully you got rid of the infection, but the all-important files affected by such an attack could still be under lock and key.  Without backups, which is more common than you may think, the files may be gone forever.

A tiny slice of good fortune: Occasionally, we all catch break.  Files can sometimes be recovered in the following ways[1]:

  • A ransomware aut

10029452898?profile=RESIZE_400xThe US Department of Justice (DOJ) authorities first became aware of Diavol ransomware in October 2021.  Diavol is allegedly associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan.  Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker.  While ransom demands have ranged from $10,000 to $500,000, Diavol actors have

8615969486?profile=RESIZE_400xWhile in existence prior to 2016, ransomware gained notoriety that year targeting the global healthcare industry, and in several instances, successfully extorting ransoms from victims. Since then, ransomware has turned out to be more than just a nuisance crime, with ransomware operators adjusting targeting strategies, malware deployment, and diversifying how they executed their campaigns to maintain success rates. Over the past few years, ransomware operators have shifted tactics, moving from wi

8403075076?profile=RESIZE_400xActivity Summary - Week Ending 8 January 2021:

  • Red Sky Alliance observed 123 unique email accounts compromised with Keyloggers
  • roger1983@gmail.com ??
  • Analysts identified 46,954 connections from new unique IP addresses
  • Red Sky Alliance identified 2,131 new IP addresses participating in various Botnets
  • WhatsApp – New Policies
  • Egregor Ransomware
  • T-Mobile hit AGAIN
  • The Green New Deal now on Steroids
  • 6th of January a Sad Day in the US
  • Protests and new technology surveillance

Link to full report: IR

8007968456?profile=RESIZE_400xCyber security researchers are warning about a recently uncovered ransomware variant called Egregor that appears to have infected about a dozen organizations worldwide over the past several months.  Similarities to Sekhmet Crypto-Locking malware and bee noted.

True to other ransomware hackers, the bad actors behind the Egregor ransomware are threatening to leak victims' data if the ransom demands are not met within three days.  The cybercriminals linked to Egregor are also mimicking Maze tactics