Egregor Ransomware Attack Hijacks Printers to Spit Out Ransom Notes
So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim.
You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted.
Too dull?
You could lock infected PCs and display a ghoulish skull on a bright red background (most ransomware seems to insist upon using a shade of red. Maybe the developers have conducted market research as to what Pantone colour is most likely to ensure a swift coughing up of a ransom.)
Too clichéd?
Well, how about the approach taken by the ransomware that hit South American retail giant Cencosud last week?
Cencosud was infected by an Egregor ransomware attack which, in time honoured fashion, stole sensitive files that it found on the compromised network, and encrypted data on Cencosud’s drives to lock workers out of the company’s data.
A text file was left on infected Windows computers, telling the store that private data would be shared with the media if it was not prepared to begin negotiating with the hackers within three days.
That’s nothing unusual, but Egregor’s novel twist is that it can also tell businesses that their computer systems are well and truly breached by sending its ransom note to attached printers.
And in the case of a store like Cencosud, that means that printers at the checkouts of numerous retail outlets in Chile and Argentina were suddenly churning out the ransom demand as well.
As Bleeping Computer reported, one Twitter user managed to capture a ‘possessed’ printer spitting out Egregor’s extortion demand on camera, and upload a short video to Twitter.
Part of the ransom message, which is the same as that left on infected computers, reads:
— EGREGOR —
What happened?
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/egregor-ransomware-attack-hijacks-printers-spit-out-ransom-notes/