The US-based FBI (Federal Bureau of Investigation) has warned of the upcoming ransomware attack against the hospitals and private organizations. They initially gave an alert saying that there was a credible ransomware thread that may harm the hospitals and other private organizations. All of it was done in the wake of the increasing cyber-crime rate in the USA. As the situation worsened, they warned the organizations to stay alert with eyes wide open and patches ready. It noteworthy that since the FBI's warning, one or the other organizations has been becoming a victim of these attacks.
Initially, the organizations witnessed some issues with their IT system, and then they started receiving some phishing emails from various sites. The suddenness of the events made the organizations trust the warning released by the FBI, as the Egregor's chaos unfolded.
The Egregor ransomware attack targets the organization worldwide. The threat actors behind the operations hack into the networks of the organizations and steal sensitive data. Once the data is exfiltrated they encrypt all the files and then leave a ransomware note stating that, in case, the organization fails to pay the ransom within the given time, then the stolen data will not only be leaked but will also be distributed to the public by means of mass media.
The aforesaid Egregor ransomware attack was seen in the threat landscape in September 2020, since then the Egregor gang have claimed to compromise over 150 organizations. They have also claimed to have leaked the data of two of the world’s biggest gaming giants, UBISOFT and CRYTEK. The obtained data of these two companies is posted on the ransomware gang dark web. The incident unfolded the two companies didn't pay the demanded ransom. Despite warnings by security experts, it's difficult to actively avoid falling prey to ransomware attacks, owing to the nature and modus-operandi of such threats. Besides UBISOFT and CRYTEK, other companies namely BARNES & NOBELS, CENOSUD, and METRO’s Vancouver’s agency Trans Link was also on the list.
“The FBI assesses Egregor ransomware is operating as a Ransomware as a Service Model. In this model, multiple different individuals play a part in conducting a single intrusion and ransomware event. Because of the large number of actors involved in deploying Egregor, the tactics, techniques, and procedures (TTPs) used in its deployment can vary widely, creating significant challenges for defense and mitigation.” read the FBI's alert. “Egregor ransomware utilizes multiple mechanisms to compromise business networks, including targeting business network and employee personal accounts that share access with business networks or devices".
Such ransomware attacks are performed with the help of Phishing emails that may contain malicious attachments or exploits for the remote desktop protocol (RDP) or VPN's. It must be noted that following the release of the FBI's warning to the organizations – the threat actors have seemingly paced up in response to the FBI's action against them, making the entire picture clearer!