While Ryuk is getting the media attention, Egregor is quickly evolving as a compelling threat that has already claimed victims including Barnes and Noble. This threat advisory gives you the technical details based on our account into the threat, including:
- Key insights into phases of the attack
- Egregor’s ties to the Qakbot malware
- How the threat actor deletes backups
- How Egregor initiates and executes their payloads
While the outcome of this extortion ransomware operation is yet to be determined, Pondurance’s forensics team is on guard as it plays out.