Egregor (8bd094a7-103f-465f-8640-18dcc53042e5)
The threat group behind this malware seems to operate by hacking into companies, stealing sensitive data, and then running Egregor to encrypt all the files. According to the ransom note, if the ransom is not paid by the company within 3 days, and aside from leaking part of the stolen data, they will distribute via mass media where the company's partners and clients will know that the company was attacked.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Sekhmet (6fb1ea9e-5389-4932-8b22-c691b74b75a8) | Ransomware | Egregor (8bd094a7-103f-465f-8640-18dcc53042e5) | Ransomware | 1 |
| Egregor (8bd094a7-103f-465f-8640-18dcc53042e5) | Ransomware | Private Cluster (5d999c23-11cf-4dee-84bb-f447a4f70dc8) | Unknown | 1 |
| Sekhmet (6fb1ea9e-5389-4932-8b22-c691b74b75a8) | Ransomware | Private Cluster (5d999c23-11cf-4dee-84bb-f447a4f70dc8) | Unknown | 2 |