FBI PIN: Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Extorted Data

The FBI has published a Private Industry Notification (PIN) on the Egregor ransomware, noting that the threat actors behind this operation have so far claimed to have compromised over 150 victims worldwide. The PIN provides an overview of the Egregor operation, observing that once a victim company’s network is compromised the threat actors exfiltrate and encrypt files on the network. The threat actors then demand a ransom payment for the return of the exfiltrated files and decryption of the network. If the victim refuses to pay (and if the threat actors successfully exfiltrated their data), the threat actors publish their data to a public site. The PIN includes a list of recommended mitigation measures and encourages recipients to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov