Threat Watch

FBI Alert Warns Private Organizations Of Egregor Ransomware Attacks

Yesterday, the FBI issued a Private Industry Notification (PIN) to alert private sector companies that Egregor ransomware is targeting and extorting the business sector. The PIN stated that Egregor claims to have already compromised more than 150 victims since September 2020. The threat actors often use phishing emails with malicious attachments or links as vectors to gain access to victims’ networks. The FBI urges victims not to pay any ransoms and to report incidents to the local FBI office. 

ANALYST NOTES

There is no evidence of ransomware attacks slowing down in 2021, after becoming prolific in 2020. To prevent data loss, it’s important to maintain offline, encrypted backups of data and to regularly test them. Backups should be taken at regular intervals to ensure minimal data-loss if they are ever needed. Create and maintain an incident response plan that includes response and notification procedures for a ransomware incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other remote desktop services. Threat actors commonly gain initial access through insecure Internet-facing remote services or phishing. When an attack makes it through the outer layers of defense, it is important to have a third-party monitoring service such as the Binary Defense Security Operations Task Force. The Task Force provides a 24/7 monitoring solution to detect and defend from intrusions on an organization’s network.

Sources: https://securityaffairs.co/wordpress/113151/breaking-news/fbi-alert-egregor-ransomware.html?web_view=true