Egregor Ransomware Hits Again, Targets Kmart
Kmart, an American department store chain, has been the latest victim of an Egregor ransomware attack. First discovered in September of 2020, Egregor is an aggressive ransomware. Like the Maze ransomware, the threat actors behind Egregor use the ransomware for extortion, stealing data and storing it on their own servers before it is encrypted on the victim’s machines. The threat actors behind the attacks tend to act aggressively, tending to only give the victims 72 hours to contact them. If the ransom is not paid, the data is released to the public via the attacker’s website, “Egregor News.” The ransomware payment is negotiated and agreed upon via a special chat function assigned to each victim and the payment is received in Bitcoin.
Because of the attack, Kmart’s devices and servers connected to the company’s networks have been encrypted, knocking out back-end services. Kmart was purchased by Transformco in 2019 and the holding company has seemingly been the victim of the same attack as well. The 88sears.com site, used internally, is offline, also due to the attack. Kmart has refused to comment on news of the attack and their retail stores appear to be operating normally.
The group behind Egregor claimed to have hacked the gaming giant Ubisoft, exfiltrating the source code for video game Watch Dogs: Legion, while also taking credit for another attack on gaming creator Crytek. In October of this year, the group also claimed responsibility on the cyberattack on Barnes & Noble. In all three cases, the attackers published inconclusive information on a leak site showing that they had accessed files during the attack, but not necessarily source code or anything particularly sensitive.
Companies of all sizes can avoid most of the fallout of attacks like these by taking common-sense precautions, like maintaining backups and using data encryption, researchers said.
Sources: