CERT-In issues advisory for companies against new ransomware

The Indian Computer Emergency Response Team (CERT-In) has issued an alert about the danger from a new ransomware that threatens to invade the systems of various organisations. Named Egregor, the malware could compromise the sensitive data of the organisations. According to the alert issued by the CERT-In, the ransomware could break into the IT systems of the organisations and steal sensitive and personal data of the organisations. The body also said that the ransomware might also blackmail the compromised entities by issuing threats to release the sensitive data in public if the demanded ransom is not paid in time.

According to the issued alert, the ransomware is using the double extortion tactics which are generally the modus operandi of the NetWalker ransomware families. It also said that so far it has not been able to ascertain the infection vector and propagation mechanism of the ransomware. As per the information, the malware might find a way into the system of organisations by hiding into the spam email attachments or finding its way into a carefully crafted link sent to the organisations through online chats and messages.

By unpacking itself into the system’s memory, the malware also tries to remain out of the radar of the security tools which are usually deployed by the organisations to ward off such attacks. Among the measures suggested by the CERT-In to keep the system safe from the malware are establishing Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) and other common safety protocols in all the sensitive systems of the organisations in addition to the general security features.