The ransomware has threatened the cyber world with a probable mass media release of corporate data.
The new ransomware family Egregor has a very similar source code when compared to Sekhmet ransomware. There are various similarities reported between the two, such as obfuscation techniques, functions, API calls, strings and a very similar ransom note.
Researcher has claimed that the ransomware has various anti-analysis elements in its code. Code obfuscation and packed payloads are some of the key feature found in the source code of the ransomware.
Egregor payload can only be decrypted if the correct key is provided and it can also accept additional parameters using command line arguments. Researchers also found that the ransom note demands payment within three days – otherwise, the sensitive data will be leaked.
Egregor hacking team has also mentioned that if the targeted organization pays the demanded ransom, they will help the organization in securing their network from future attacks by giving out some useful security tips. The hackers have stated that failing the payment, the organization will not only loose the data but the sensitive information will also be leaked over the internet.
NPAV recommends users and organizations to invest in proper ransomware protection software. Install NPAV Z-Security on your devices to stay protected from all kinds of ransomware attacks. Z-Security provides best in class protection from all kinds of cyber attacks.
Use NPAV and join us on a mission to secure the cyber world.