CERT, also known as the Indian Computer Emergency Response Team is currently alerting all the big and small companies and corporations in India about some new functional ransomware.
By the name of Egregor, research is stating that this ransomware is breaking into the organizational systems of the IT industry and stealing all their highly sensitive information and data. The malware is extremely dangerous as it bears the capability of encrypting company files to engage in data theft.
The CERT is an agency whose office is within the Ministry of Electronics and Information Technology. They tackle threats related to cybersecurity, phishing, and hacking of devices. All this surrounds the domain of the internet.
One of their major roles is to warn organizations and enterprises about malware attacks to risk the loss of vital government information. This virus is spreading at a rapid pace. Hence, they have warned people to be safe from this malicious element.
According to sources, this ransomware is threatening to release important data from the corporate if they fail to pay them the required ransom or money. The claims of the news being positive are not at all doubtful.
An advisory from the CERT team has said that this particular hacker is attacking major global companies in a very surprising manner. They are carrying out operations in an intimidating way, threatening to leak all the private data through mass-media. Hence, it a matter of serious worry.
The Functionality of Malware?
The extortion technique is quite similar to that followed by the group of Net Walker ransomware. Although the initial mechanism of propagating the infection vector is unknown, there are existing links to packed payloads and code obfuscation.
This implies that malicious viral code ‘unpacks’ in the memory system, which prevents the security tools from detecting it successfully. Moreover, this malware follows anti-analysis methods. It will not function until the same line of command which the attackers used shows.
This is why it has been extremely difficult for the analysts to observe and monitor samples in a closed environment or even manually. It then opens a ‘RECOVER-FILES.txt’ note in every folder where the encrypted file exists.
How is CERT helping?
CERT is continually warning the companies, by suggesting them standard guidelines and protocols so that they can establish a safe environment around themselves that is free from this malicious malware.
Some of the techniques which they have suggested include Message Authentication systems which are domain-based, SPF or Sender Policy Framework, reporting and conforming to outside interference, and some other safety-related protocols.