Attack on UK estate agency was Egregor ransomware, according to experts

By Carl Brown2021-02-08T16:30:00+00:00

No comments

A malware attack on a large UK estate agency was carried out by the Egregor ransomware group and appears to be case of ‘double extortion’, according to threat intelligence experts.

Foxtons PLC was hit by a malware attack last October and reported itself to the Information Commissioner’s Office.

British newspaper the i reported last week that more than 16,000 card details, addresses and private correspondence, including details of fees paid, are now accessible on the dark web.

Foxtons has confirmed a malware attack hit its mortgage broking arm Alexander Hall last October. It however said: “We have forensically been through all the stolen data (using an independent law firm) and concluded that it was not special category data, as defined by the ICO, nor was it likely to give rise to any significant consequences to our customers such as would require them to be notified.”

Threat intelligence firm Kela has said that it is “safe to assume” that the hacking of the system and the apparent publication of the data are linked, and appear to be by Egregor as the leaked information was reportedly seen online on the same date as the victim was posted on the Egregor blog.

On Twitter, Kela said the case “seems like an instance of double extortion” where fraudsters demand payment to prevent further publication of data.

What is Egregor ransomware?

Egregor is a newly identified ransomware variant that was first discovered in Septembe, 2020, and has recently been identified in several sophisticated attacks on organizations worldwide, including the games industry giants Crytek and Ubisoft.

Egregor is believed to be a relative of another ransomware called Sekhmet that emerged in March, 2020.

The group’s ransomware attacks are characterized by their double-extortion tactics. The cybercrime group breaches sensitive data, encrypting it so that it cannot be accessed by the victim.

They then publish a subset of the compromised data on the dark web as proof of the successful exfiltration and give the victim a deadline to pay a price to prevent further data being published.

Egregor infection happens via loader. The criminals then install a remote desktop protocol and the malware then identifies and disables antivirus software.

Topics

No comments

Article
Banks poised for increased risk due to AI

2024-04-19T09:06:00Z

A leading banking regulator has issued a stern warning over the risks that financial institutions face as they move to integrate artificial intelligence (AI) and machine learning (ML) into governance operations.
News
Chicago Gears Up for GRC Connect: Sharpen Skills, Network, and Navigate the Future of GRC

2024-04-15T11:39:00Z By Jonathan Sumner, Chief Digital & Marketing Officer, GRC World Forums.

Get ready, Chicago! GRC Connect kicks off tomorrow, bringing together the brightest minds in governance, risk management, and compliance (GRC) for two days of insightful learning, valuable networking opportunities, and expert guidance on navigating the ever-evolving GRC landscape.
Article
New bill proposes US federal data privacy framework

2024-04-12T12:58:00Z

Senate Commerce Committee Chair Maria Cantwell and House Energy and Commerce Committee Chair Cathy McMorris Rodgers have unveiled the American Privacy Rights Act.