The Computer Emergency Response Team of India (CERT-In) is an agency that deals with issues of cyber-security threats, phishing and hacking. It is a nodal defence of the country related to Internet Security concerns.
CERT-In has recently been reported of a new ransomware and it is alerting companies in India to be aware of the new cybersecurity threat. The ransomware is called Egregor and according to the Computer Emergency Research Team experts, this ransomware is designed to sweep into the organisation’s Information Technology system and steal all private information. Furthermore, the virus runs a malware in the organisation’s system which encrypts all sensitive data, then threatens to release the company’s sensitive corporate information as a mass-media release if the ransom amount is not paid within the stipulated time.
Analysts from CERT-In suggest that the mode of infiltration and the functional mechanism is still under observation, but the virus uses a double extortion tactic which is usually known to be found in NetWalker ransomware. It is very much possible that Egregor may be infiltrating into the computer system via Spam emails and email attachments. There could be random links on sent to the organisation via email or mobile SMS or through any other means.
This ransomware has been developed very smartly because it is revealed that it uses various types of anti-analysis techniques, packed payloads and code obfuscation. This means that malicious coding sits itself in the memory of the system as a technique to avoid malware detection by security and privacy tools.
CERT-In has also revealed some other operations of the ransomware if it enters in an organisation’s IT system. Egregor will not initiate its functionalities when the computer system is running a security analysis program to detect any ransomware until the exact same command has been given that the attackers used to initiate the malicious software. This intelligent operation makes it extremely difficult for the IT analysts to analyse Egregor samples manually or in a made-up environment.
A technical operation that it undergoes is to append random characters from encrypted files, create a brand new extension and name it as “RECOVER_FILES.txt” text on all files and folders that have been previously encrypted, warned CERT-In.
What is the solution?
Well, The Computer Emergency Response Team of India is warning as many organisations as possible that could be a victim to this new ransomware. It is advising these organisations to adhere to the standard protocols and safeguards against ransomware which include Conformance, Reporting, Sender Policy Framework (SPF), DomainKeys Identified Mail, Domain Message Authentication etc.
CERT-In being the Cyber Police of India is searching for the origin of the Egregor ransomware and coming up with new safety protocols to protect the organisation’s private and sensitive corporate information.