The CERT-In or the Indian Computer Emergency Response Team said in a latest advisory that while the “initial infection vector and propagation mechanism is still unknown, it is anticipated that Egregor ransomware may infiltrate via spam email attachments or maliciously crafted link shared via email/instant messaging chats.”
“Individuals or organisations are not encouraged to pay the ransom as this does not guarantee files will be released,” it said.
“Report such instances of fraud to CERT-In and law enforcement agencies,” the advisory from the national technology arm to combat cyber attacks and guarding of the Indian cyber space said.
It said this ransomware was affecting organisations globally.
“The modus operandi used is typically breaking into organisations, stealing sensitive data, and running the malware to encrypt their files and (it) threatens ‘Mass-Media’ release of corporate data if ransom not paid in due time,” the advisory stated.
“It uses double extortion tactics generally used by NetWalker ransomware families,” it said.
The virus “uses several types of anti-analysis techniques, including code obfuscation and packed payloads, which means the malicious code ‘unpacks’ itself in memory as a way to avoid detection by security tools.”
It said the malware does not “exhibit its functionalities” thereby making it difficult for analysts to break its trap.
“The virus appends a string or random characters as the new extension of each encrypted file and creates the “RECOVER-FILES.txt” text file/ransom note in all folders that contain encrypted files,” the CERT-In said.
The agency also suggested some counter-measures to keep safe from such ransomware attacks.
“Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline,” it said.
Also, the advisory said, regularly check for the integrity of the…