New details have emerged about the cyberattack against Barnes & Noble since we last wrote about it on October 16th. After publishing their report last Wednesday, Bleepingcomputer was contacted by a threat actor claiming that the Egregor ransomware group was behind the attack. Bleepingcomputer goes on to state “After the hacker gained access to a Windows domain administrator account, another threat actor was given access to the network on October 10th, 2020, who then encrypted the network’s devices.”
Egregor is a new ransomware that began operating in mid-September this year, claiming other high-profile victims such as Crytek and Ubisoft. Yesterday, the group uploaded two Windows registry hives that may have been dumped from Barnes & Noble’s Windows servers. This was an interesting choice given that most ransom groups tend to upload small amounts of files relating to the organization and their operations.