Blog | G5 Cyber Security

Threat profile: Egregor ransomware is making a name for itself

Egregor is considered a variant of Ransom.Sekhmet based on similarities in obfuscation, API-calls, and the ransom note. The attack typically unfolds in two steps: initial compromise with email lure that drops Qakbot, followed by the actual ransomware. The most common attack method seems to entail an initial spray-and-pray tactic, after which the threat actors make a selection of the available openings. The attackers will then try to enlarge their foothold on the breached network and look for the data and servers that are most critical for the victim.”]

Source: https://blog.malwarebytes.com/ransomware/2020/12/threat-profile-egregor-ransomware-is-making-a-name-for-itself/

Exit mobile version