Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy

In a series of ransomware payment negotiations last December, operatives from a gang known as “Egregor” alternated from treating their victims with surprising civility, and behaving like cartoonish movie villains. “The Egregor Team wishes you a Merry Christmas and a Happy New Year,” they’d say at intervals of their chat room communications, sometimes in the middle of an extortion back-and-forth. “We wish you wisdom in your decision making and financial stability in this difficult time for us all. Happy Holidays!” In another exchange, they weren’t as kind, threatening to leak victims’ data and publish it on a website as a warning to other organizations that might fall in the group’s crosshairs. “We simply need to determine what category you should be placed in. In the category of those who are ready to negotiate and pay or in the category of scarecrows on our news site,” one exchange read. “It’s not […]

The post Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy appeared first on CyberScoop.

Continue reading Chat logs show how Egregor, an $80 million ransomware gang, handled negotiations with little mercy

Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent

When French insurer AXA signaled last week that it would no longer write new cyber-insurance policies covering  extortion payouts to criminals, ransomware and cyber insurance experts had two reactions. They wondered why it took so long, and how long it would take others to follow suit. Ransomware is an ever-increasing cause of cyber-insurance claims, according to industry estimates, and having such insurance may make policyholders more likely to be attacked. A representative of the REvil ransomware gang said in a March interview that the group specifically targets victims known to have cyber-insurance, because they’re “one of the tastiest morsels” who can more easily afford to pay. In perhaps the biggest ransomware payment of 2020, smartwatch maker Garmin paid a reported $10 million and said it wasn’t sure how much its insurance would cover of all the costs, which it didn’t enumerate by type of expense.  Those conditions can perpetuate themselves. […]

The post Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent appeared first on CyberScoop.

Continue reading Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent

FBI alert on Egregor ransomware highlighted affiliate cybercrime model

An emerging strain of ransomware that was the subject of a recent FBI report is relying on an extortion technique in which attackers publish stolen data to a public website in the event that a victim organization refuses to meet hackers’ demands.  The Federal Bureau of Investigation in January warned that the gang behind the Egregor ransomware, first detected in September 2020, would compromise a victim’s network, then order a victim to print a physical copy of a ransom note spelling out a demand to pay a specific fee, otherwise risk their stolen data being made public. French and Ukrainian police took action against hackers who used the Egregor malware in February, reportedly arresting “several” suspects.  In its advisory, the bureau said that attackers can rent Egregor as a ransomware-as-a-service malware, and that it relies on other hacking tools as part of an affiliate model. Egregor frequently comes packaged with […]

The post FBI alert on Egregor ransomware highlighted affiliate cybercrime model appeared first on CyberScoop.

Continue reading FBI alert on Egregor ransomware highlighted affiliate cybercrime model

Members of the infamous Egregor ransomware arrested in Ukraine

By Deeba Ahmed
Ukrainian and French police conducted a joint operation to disrupt the Egregor ransomware group. Here’s what we know so far.
This is a post from HackRead.com Read the original post: Members of the infamous Egregor ransomware arrested in … Continue reading Members of the infamous Egregor ransomware arrested in Ukraine

Egregor Ransomware Adopting New Techniques

Introduction
Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.
The post Egregor Ransomware Adopting New Techni… Continue reading Egregor Ransomware Adopting New Techniques

Researchers find financial ties between notorious ransomware gangs

The number of ransomware strains that lock up systems throughout the global internet might suggest an immeasureable number of independent hackers are plundering victims’ data. In fact, new research suggests that digital extortion specialists are more closely connected than they may appear. Researchers at Chainalysis, a software firm that works with law enfocement agencies, on Thursday said they have found connections that suggest collaboration between hackers who have used the Maze, Egregor, SunCrypt and DoppelPaymer hacking tools. Each of these groups operate as ransomware-as-a-service, meaning they lease access to their malware to affiliates who then run ransomware attacks, which can make attribution trickier. When tracking some recent ransom payments to the Maze gang through a series of intermediaries, researchers determined that Maze was sharing some of the payout with a suspected SunCrypt cutout, according to a blog on the research, which was published Thursday. Maze has been tied to attacks […]

The post Researchers find financial ties between notorious ransomware gangs appeared first on CyberScoop.

Continue reading Researchers find financial ties between notorious ransomware gangs

One month after ransomware attack, Metro Vancouver’s transit system still not up to speed

TransLink, Metro Vancouver’s public transportation agency, has warned its staff that hackers accessed their personal bank account details and other information.

The warning came in an internal email to workers approximately one month after Translink… Continue reading One month after ransomware attack, Metro Vancouver’s transit system still not up to speed

The anatomy of a modern day ransomware conglomerate

If school administrators, medical organizations and other crucial industries haven’t already had enough bad news over the past year, a new hacking group that relies on emerging techniques to rip off its victims should fulfill that need.  What makes the pain even worse is that the group is using an innovative structure that’s becoming more common in the cybercrime underworld. This ransomware gang, dubbed Egregor, in recent months appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies and financial institutions, according to the U.K.-based security firm Sophos. Egregor works much like other strains of ransomware — holding data hostage until a victim pays a fee — though in some ways the group behind it also exemplifies the current state of the hacking economy.  Rather than relying on lone hackers who mastermind massive data breaches, or dark web forums frequented only by Russian scammers, today’s cybercriminals […]

The post The anatomy of a modern day ransomware conglomerate appeared first on CyberScoop.

Continue reading The anatomy of a modern day ransomware conglomerate