image credit: pixabay
Researchers have been analyzing a new ransomware family that calls itself “Egregor.” Attackers behind the malware, which has affected at least 13 companies, typically operate by breaking into organizations, stealing sensitive data, and running the malware to encrypt their files.
Appgate researchers tracking the threat say it contains anti-analysis techniques such as code obfuscation and packed payloads. In one of its execution stages, they found, the payload can only be decrypted if the proper key is entered in the process’s command line. This means the file can’t be analyzed unless someone enters the same command line used to run the payload.
Comments are closed.
