While Ryuk Gets Headlines,
Egregor is Getting More Victims


On October 28th, a joint task force, including CISA, FBI, and HHS, issued a cybersecurity advisory warning healthcare organizations of cyber attacks that leverage venerable malware loaders TrickBot and BazarBackdoor which results in Conti and Ryuk.


While Ryuk is getting the media attention, Egregor is quickly evolving as a compelling threat that has already claimed victims including Barnes and Noble. This threat advisory gives you the technical details based on our account into the threat, including:

  • Key insights into phases of the attack
  • Egregor’s ties to the Qakbot malware
  • How the threat actor deletes backups
  • How Egregor initiates and executes their payloads

While the outcome of this extortion ransomware operation is yet to be determined, Pondurance’s forensics team is on guard as it plays out.

Download the Threat Advisory