Ransomware
Egregor
First seen: 2020-09 • Status: disrupted
Disrupted by Law Enforcement
Egregor was the successor to Maze ransomware but was quickly shut down when police arrested its members in Ukraine.
Overview
Egregor was a short-lived but devastating ransomware that emerged from Maze. Law enforcement arrested several members in Ukraine in 2021.
How It Spreads
- • QakBot infections
- • Phishing
What It Does
- • File encryption
- • Print bomb ransom notes
- • Data theft
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Historical threat - watch for copycat variants
MITRE ATT&CK Techniques
T1486, T1567
If You're Infected
- 1.
Check for available decryptors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required