The anatomy of a modern day ransomware conglomerate

The anatomy of a modern day ransomware conglomerate

Posted January 4, 2021

The anatomy of a modern day ransomware conglomerate

  • If school administrators, medical organizations and other crucial industries haven’t already had enough bad news over the past year, a new hacking group that relies on emerging techniques to rip off its victims should fulfill that need.
  • This ransomware gang, dubbed Egregor, in recent months appears to have hacked more than 130 targets, including schools, manufacturing firms, logistics companies and financial institutions, according to the U.K.-based security firm Sophos. Egregor works much like other strains of ransomware — holding data hostage until a victim pays a fee — though in some ways the group behind it also exemplifies the current state of the hacking economy.
  • The increased specialization in cybercrime also seems to be a contributing factor in the growing size of ransomware demands. The average extortion payment was $178,254 in the second quarter of 2020, up 60% from the first quarter, according to the most recent numbers from Beazley, an insurance firm.
  • Typically, this kind of nefarious supply chain starts with development of malicious software code, usually done either by an individual or a small group that specializes in programming hacking tools. The success of that code rests on combining it with a so-called crypter service, which hides the code so attackers can avoid detection.

Jeff Stone | January 4, 2021