So Unchill: Melting UNC2198 ICEDID to Ransomware Operations

Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a blog post detailing intrusion tradecraft associated with the deployment of MAZE. Read More …

Egregor ransomware members arrested by Ukrainian, French police

A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine. As reported first by France Inter, on Tuesday, law enforcement made the arrests after French Read More …

FBI warns of Egregor ransomware extorting businesses worldwide

The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide. The FBI says in a TLP:WHITE Private Industry Notification (PIN) shared on Read More …

QBot partners with Egregor ransomware in bot-fueled attacks

The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September. Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides Read More …

As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor

As the developers of the Maze ransomware announce their exit from the malware scene, clients are now thought to be turning to Egregor as a substitute. The Maze group has been a devastating force for companies that have fallen victim Read More …