Egregor Ransomware Finds a New Way to Inform You That You’re a Victim of Cyberattack: Printers

Egregor RansomwareUnlike the traditional methods of notifying victim organizations by simply taking over a computer or providing a “readme” text file, this new method has some devilish benefits.

Ransomware follows a pretty simple attack strategy:

  • Step 1: Encrypt everything you can
  • Step 2: Notify the victim
  • Step 3: Collect the ransom

But following in the footsteps of ransomware authors like Maze who has chosen to go a step further to make their attacks more impactful, the Egregor ransomware has gone where no other has gone before: paper.

Egregor victims have experienced print jobs being sent to every available printer that notify the reader that all computers and servers are locked, data has been stolen, and “next steps” to take to rectify the situation.


Source: Twitter

What makes this so brilliant is that most organizations want to keep successful ransomware attacks under wraps, minimizing the possibility it becomes public and impacts customer trust, stock prices, revenue, etc.

But in the case of Egregor, the goal is to maximize the number of people who are notified, making it common knowledge that an attack has occurred – take the image above as a perfect example: that’s a receipt printer!!!

The bad guys are getting MUCH better at this – I fear faster than the good guys are evolving their protective measures. So, it’s up to the organization itself to stop these attacks. Analysis of the ransomware suggests that phishing attacks are the primary attack vector, putting your users dead center in the attack, determining whether it succeeds or fails based on whether they click the malicious link or attachment.

Security Awareness Training is a key element in stopping all forms of ransomware that use phishing scams to gain entry. By teaching them how to spot scams before engaging with them, users can act as a part of your security strategy, strengthening the organization’s position and shrinking the attack surface.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 22 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 21 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Ransomware

Subscribe To Our Blog

Cybersecurity Awareness Month 2021 Free Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews