Cyber agency alerts against ransomware attacks of ‘Egregor’ virus


PTI, Nov 4, 2020, 2:40 PM IST

Image Credit: Pixabay

New Delhi: The county’s cyber security agency has alerted users against the malicious spread of ransomware virus ‘Egregor’ that threatens to release sensitive corporate data of the victim organisation if not paid.

The CERT-In or the Indian Computer Emergency Response Team said in a latest advisory that while the ‘initial infection vector and propagation mechanism is still unknown, it is anticipated that Egregor ransomware may infiltrate via spam email attachments or maliciously crafted link shared via email/instant messaging chats.’ ‘Individuals or organisations are not encouraged to pay the ransom as this does not guarantee files will be released,’ it said.

‘Report such instances of fraud to CERT-In and law enforcement agencies,’ the advisory from the national technology arm to combat cyber attacks and guarding of the Indian cyber space said.

It said this ransomware was affecting organisations globally.

‘The modus operandi used is typically breaking into organisations, stealing sensitive data, and running the malware to encrypt their files and (it) threatens ‘Mass-Media’ release of corporate data if ransom not paid in due time,’ the advisory stated. ‘It uses double extortion tactics generally used by NetWalker ransomware families,’ it said.

The virus ‘uses several types of anti-analysis techniques, including code obfuscation and packed payloads, which means the malicious code ‘unpacks’ itself in memory as a way to avoid detection by security tools.’ It said the malware does not ‘exhibit its functionalities’ thereby making it difficult for analysts to break its trap.

‘The virus appends a string or random characters as the new extension of each encrypted file and creates the ‘RECOVER-FILES.txt’ text file/ransom note in all folders that contain encrypted files,’ the CERT-In said.

The agency also suggested some counter-measures to keep safe from such ransomware attacks.

‘Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline,’ it said.

Also, the advisory said, regularly check for the integrity of the information stored in the databases.

Some other anti-virus measures include ensuring integrity of the codes or scripts being used in database and creating an email validation system to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.

‘Maintain updated anti-virus software on all systems and don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign,’ it said.

In cases of genuine URLs, it said, one should close the e-mail and go to the organisation’s website directly through browser.

It also suggested that security managers should disable remote desktop connections and employ least-privileged accounts. Limiting users who can log in using remote desktop and setting an account lockout policy are included as some of the other counter-measures suggested to check ransomware attacks in the advisory.

Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.

Top News

Maharashtra Polls: Eknath Shinde targets Uddhav for `giving up’ Bal Thackeray’s principles for power

Will appear before Lokayukta for questioning in MUDA case, says CM Siddaramaiah

Lies have short life, Cong’s ‘fake’ narrative smashed: Fadnavis

Temple idols found desecrated in Hyderabad, case registered

SC junks plea against quashing of LOC issued to ex-house help of Sushant Singh Rajput

JPC chairman Jagdambika Pal to visit K’taka on Nov 7 to meet farmers protesting Waqf notices

Indian boxer Mandeep Jangra wins WBF’s world title

Related Articles More

Stay Safe Online: Tips to avoid cyber fraud!

Three Chinese astronauts enter space station after successful launch

What is AI superintelligence? Could it destroy humanity? And is it really almost here?

IIT-B develops method to maintain comfortable temperature inside homes in joint research

Scammers use fear and urgency to con people using ‘digital arrest’, online scams: Cyber advisory

MUST WATCH

Gho Pooja in Deepavali Festival

Melukote Deepavali

Ganapathi Co-operative Society Ltd

Udayavani Chinnara Banna 2024

Annapoorna Aahar | Food Places In Mysore


Latest Additions

Davanagere: Man murdered by relative for insurance money; 4 arrested within 24 hours

Heroin worth Rs 3.5 crore recovered in police raid in Delhi, 2 arrested

Govt clerk found dead in Tahsildar’s chamber, FIR filed against minister’s PA, 2 others

Treated Muslims like fuel for ‘lantern’: Prashant Kishor targets Lalu, asks upper castes to stay away from Nitish

MP Brijesh Chowta urges Kerala CM for strict action against attack on Edneer Swamiji’s vehicle

Thanks for visiting Udayavani

You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.