{"id":2627,"date":"2021-01-15T20:39:56","date_gmt":"2021-01-15T17:39:56","guid":{"rendered":"https:\/\/mailsafi.com\/blog\/?p=2627"},"modified":"2021-01-15T20:43:20","modified_gmt":"2021-01-15T17:43:20","slug":"fbi-warns-of-egregor-ransomware-targeting-organizations-world-over","status":"publish","type":"post","link":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/","title":{"rendered":"FBI Warns of Egregor Ransomware Targeting Organizations World Over"},"content":{"rendered":"\n<p>The US Federal Bureau of Investigation (FBI) has sent a <a href=\"https:\/\/beta.documentcloud.org\/documents\/20444693-fbi-pin-egregor-ransomware-bc-01062021\" target=\"_blank\" rel=\"noreferrer noopener\"><strong><span class=\"has-inline-color has-vivid-cyan-blue-color\">security alert<\/span><\/strong><\/a> warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.<\/p>\n\n\n\n<p>The Egregor ransomware was first identified by the FBI in September 2020. The FBI says in&nbsp;a&nbsp;<a href=\"https:\/\/www.cisa.gov\/tlp\" target=\"_blank\" rel=\"noreferrer noopener\"><strong><span class=\"has-inline-color has-vivid-cyan-blue-color\">TLP: WHITE<\/span><\/strong><\/a>&nbsp;Private Industry Notification (PIN) Egregor claims to have already compromised over 150 victims worldwide. <\/p>\n\n\n\n<p>Egregor ransomware utilizes multiple mechanisms to compromise business networks, including targeting business network and employee personal accounts that share access with business networks or devices.&#8221;<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_49 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"ez-toc-toggle-icon-1\"><label for=\"item-69e091acb1b5a\" aria-label=\"Table of Content\"><span style=\"display: flex;align-items: center;width: 35px;height: 30px;justify-content: center;direction:ltr;\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/label><input  type=\"checkbox\" id=\"item-69e091acb1b5a\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#How_Egregor_Ransomware_Works\" title=\"How Egregor Ransomware Works\">How Egregor Ransomware Works<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#Why_the_Risk_of_a_Successful_Egregor_Attack_is_High\" title=\"Why the Risk of a Successful Egregor Attack is High\">Why the Risk of a Successful Egregor Attack is High<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#What_to_do_if_you_become_a_victim\" title=\"What to do if you become a victim\">What to do if you become a victim<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#How_to_Protect_you_and_your_Organization_from_Ransomware_Attacks\" title=\"How to Protect you and your Organization from Ransomware Attacks\">How to Protect you and your Organization from Ransomware Attacks<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"has-vivid-red-color has-text-color wp-block-heading\" style=\"font-size:32px\"><span class=\"ez-toc-section\" id=\"How_Egregor_Ransomware_Works\"><\/span><strong>How Egregor Ransomware Works<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ol type=\"1\"><li>Egregor ransomware uses multiple mechanisms to compromise business networks. These include targeting business networks and employee individual accounts that share access with business networks or devices. Some of the ways it can get access to networks are:<ul><li>Using phishing emails with malicious attachments to gain access to company networks.<\/li><li>Exploit Virtual Private Networks (VPN).<\/li><li>Exploit Remote Desktop (RDP). RDP is also a technique used to move laterally within the organization.<\/li><\/ul><\/li><li>Once inside the network, the hackers use common pen testing <a href=\"#_ftn1\"><strong><span class=\"has-inline-color has-vivid-cyan-blue-color\">[1]<\/span><\/strong><\/a>and exploit tools <a href=\"#_ftn2\"><strong><span class=\"has-inline-color has-vivid-cyan-blue-color\">[2]<\/span><\/strong><\/a>to move laterally and escalate privileges across the network.<\/li><li>Once a victim\u2019s organization network is compromised, Egregor hackers exfiltrate and encrypt company files and data on the network.<\/li><li>The Egregor hackers then attempt to extort businesses by threatening to publicly release exfiltrated data. They do this by leaving a ransom note on machines instructing the victim to communicate with the hackers via a specified online chat. Egregor hackers often utilize the fine print function on victims\u2019 machines to print ransom notes.<\/li><li>The hackers then demand a ransom payment for the return of exfiltrated files and decryption of the network.<\/li><li>Finally, if the victim refuses to pay, Egregor may proceed to publish the data to public websites.<\/li><\/ol>\n\n\n\n<h2 class=\"has-vivid-red-color has-text-color wp-block-heading\" style=\"font-size:32px\"><span class=\"ez-toc-section\" id=\"Why_the_Risk_of_a_Successful_Egregor_Attack_is_High\"><\/span><strong>Why the Risk of a Successful Egregor Attack is High<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The egregor attack success rate is said to be high because multiple different parties play a part in executing a single Egregor ransomware attack. Because of the large number of players involved, the methods used in executing the attack will often vary. This can create significant challenges for protection from the attack.<\/p>\n\n\n\n<h2 class=\"has-vivid-red-color has-text-color wp-block-heading\" style=\"font-size:32px\"><span class=\"ez-toc-section\" id=\"What_to_do_if_you_become_a_victim\"><\/span><strong>What to do if you become a victim<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Although you may find yourself stuck between a rock and a hard place when you think about the risk loss of this data may pose to your clients, employees or investors, security experts do not recommend paying a ransom to the cybercriminals. Why?<\/p>\n\n\n\n<ul><li>Because doing so only encourages the cybercriminals to continue doing what they are doing and even target other organizations.<\/li><li>Also because paying ransom indirectly funds the cybercriminal\u2019s activities and encourages them to continue with their cybercrimes.<\/li><li>It also encourages further distribution of ransomware.<\/li><li>And finally, there is actually no guarantee you will get your files back after paying the ransom.<\/li><\/ul>\n\n\n\n<h2 class=\"has-vivid-red-color has-text-color wp-block-heading\" style=\"font-size:32px\"><span class=\"ez-toc-section\" id=\"How_to_Protect_you_and_your_Organization_from_Ransomware_Attacks\"><\/span><strong>How to Protect you and your Organization from Ransomware Attacks<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul><li>Avoid clicking on unsolicited attachments or links in your email<\/li><li>Backup critical data offline<\/li><li><strong><a href=\"https:\/\/kaluari.com\/\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-inline-color has-vivid-cyan-blue-color\">Backup critical data on the cloud<\/span><span class=\"has-inline-color has-black-color\"> <\/span><\/a><\/strong>or an external storage device. <strong><a href=\"https:\/\/kaluari.com\/\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-inline-color has-vivid-cyan-blue-color\">Kaluari.com <\/span><\/a><\/strong>can offer you a reliable cloud backup solution.<\/li><li>Secure your data to ensure it cannot be modified or deleted in the system where it resides<\/li><li>Invest in a<span class=\"has-inline-color has-vivid-cyan-blue-color\"> <\/span><strong><a href=\"https:\/\/www.mailsafi.com\/email-security\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-inline-color has-vivid-cyan-blue-color\">good spam filtering solution<\/span><\/a><\/strong> for your emails.<\/li><li>Install and regularly update antivirus and anti-malware software on all your organization\u2019s computing systems.<\/li><li>Avoid public Wi-Fi networks as the security on these networks cannot be guaranteed.<\/li><li>As much as is possible, enable and use <strong><a href=\"https:\/\/mailsafi.com\/blog\/two-factor-2fa-authentication-why-you-should-use-it\/\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-inline-color has-vivid-cyan-blue-color\">two-factor authentication (2FA) <\/span><\/a><\/strong>for all your accounts.<\/li><li>Wherever possible, use application-specific passwords. You can read more about what these are and why they&#8217;re important <strong><a href=\"https:\/\/mailsafi.com\/blog\/application-specific-passwords\/\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-inline-color has-vivid-cyan-blue-color\">here<\/span><\/a><\/strong>.<\/li><li>Patch of all systems on your network, but particularly the public-facing remote access products and applications. Ensure they are patched against all recent RDP vulnerabilities.<\/li><li>Configure RDP securely by restricting access, using strong passwords on all systems, and also using two-factor authentication where possible.<\/li><li>Review suspicious .bat and .dll files, files with recon data (e.g., .log files) and exfiltration tools.<\/li><\/ul>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong><a href=\"https:\/\/www.mailsafi.com\/email-security\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-inline-color has-vivid-cyan-blue-color\">MailSafi Email Security<\/span><\/a><\/strong> is a best-of-class spam filtering solution for businesses. MailSafi email security offers protection against spam, viruses, malware as well as spoofing and phishing attacks and will go a long way in minimizing the risk that your organization will become the victim of a ransomware attack. <strong><a href=\"https:\/\/www.mailsafi.com\/contact-us\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-inline-color has-vivid-cyan-blue-color\">Talk to us<\/span><\/a><\/strong> today for more information on our spam filtering service.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\">Through our parent company, <a href=\"https:\/\/www.kaluari.com\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong><span class=\"has-inline-color has-vivid-cyan-blue-color\">Kaluari.com<\/span><\/strong><\/a>, we can also advise and provide you with firewall, antivirus and cloud backup solutions for your organization. <strong><a href=\"https:\/\/www.mailsafi.com\/contact-us\" target=\"_blank\" rel=\"noreferrer noopener\"><span class=\"has-inline-color has-vivid-cyan-blue-color\">Get in touch today!<\/span><\/a><\/strong> <\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><a href=\"#_ftnref1\"><strong><span class=\"has-inline-color has-vivid-cyan-blue-color\">[1]<\/span><\/strong><\/a> Cobalt Strike, Qakbot\/Qbot, Advanced IP Scanner, and AdFind<\/p>\n\n\n\n<p><a href=\"#_ftnref2\"><strong><span class=\"has-inline-color has-vivid-cyan-blue-color\">[2]<\/span><\/strong><\/a> Rclone (sometimes hiding as an svchost), 7zip<\/p>\n<div class=\"pvc_clear\"><\/div><p id=\"pvc_stats_2627\" class=\"pvc_stats all  \" data-element-id=\"2627\" style=\"\"><i class=\"pvc-stats-icon large\" aria-hidden=\"true\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.0\" viewBox=\"0 0 502 315\" preserveAspectRatio=\"xMidYMid meet\"><g transform=\"translate(0,332) scale(0.1,-0.1)\" fill=\"\" stroke=\"none\"><path d=\"M2394 3279 l-29 -30 -3 -207 c-2 -182 0 -211 15 -242 39 -76 157 -76 196 0 15 31 17 60 15 243 l-3 209 -33 29 c-26 23 -41 29 -80 29 -41 0 -53 -5 -78 -31z\"\/><path d=\"M3085 3251 c-45 -19 -58 -50 -96 -229 -47 -217 -49 -260 -13 -295 52 -53 146 -42 177 20 16 31 87 366 87 410 0 70 -86 122 -155 94z\"\/><path d=\"M1751 3234 c-13 -9 -29 -31 -37 -50 -12 -29 -10 -49 21 -204 19 -94 39 -189 45 -210 14 -50 54 -80 110 -80 34 0 48 6 76 34 21 21 34 44 34 59 0 14 -18 113 -40 219 -37 178 -43 195 -70 221 -36 32 -101 37 -139 11z\"\/><path d=\"M1163 3073 c-36 -7 -73 -59 -73 -102 0 -56 133 -378 171 -413 34 -32 83 -37 129 -13 70 36 67 87 -16 290 -86 209 -89 214 -129 231 -35 14 -42 15 -82 7z\"\/><path d=\"M3689 3066 c-15 -9 -33 -30 -42 -48 -48 -103 -147 -355 -147 -375 0 -98 131 -148 192 -74 13 15 57 108 97 206 80 196 84 226 37 273 -30 30 -99 39 -137 18z\"\/><path d=\"M583 2784 c-38 -19 -67 -74 -58 -113 9 -42 211 -354 242 -373 16 -10 45 -18 66 -18 51 0 107 52 107 100 0 39 -1 41 -124 234 -80 126 -108 162 -133 173 -41 17 -61 16 -100 -3z\"\/><path d=\"M4250 2784 c-14 -9 -74 -91 -133 -183 -95 -150 -107 -173 -107 -213 0 -55 33 -94 87 -104 67 -13 90 8 211 198 130 202 137 225 78 284 -27 27 -42 34 -72 34 -22 0 -50 -8 -64 -16z\"\/><path d=\"M2275 2693 c-553 -48 -1095 -270 -1585 -649 -135 -104 -459 -423 -483 -476 -23 -49 -22 -139 2 -186 73 -142 361 -457 571 -626 285 -228 642 -407 990 -497 242 -63 336 -73 660 -74 310 0 370 5 595 52 535 111 1045 392 1455 803 122 121 250 273 275 326 19 41 19 137 0 174 -41 79 -309 363 -465 492 -447 370 -946 591 -1479 653 -113 14 -422 18 -536 8z m395 -428 c171 -34 330 -124 456 -258 112 -119 167 -219 211 -378 27 -96 24 -300 -5 -401 -72 -255 -236 -447 -474 -557 -132 -62 -201 -76 -368 -76 -167 0 -236 14 -368 76 -213 98 -373 271 -451 485 -162 444 86 934 547 1084 153 49 292 57 452 25z m909 -232 c222 -123 408 -262 593 -441 76 -74 138 -139 138 -144 0 -16 -233 -242 -330 -319 -155 -123 -309 -223 -461 -299 l-81 -41 32 46 c18 26 49 83 70 128 143 306 141 649 -6 957 -25 52 -61 116 -79 142 l-34 47 45 -20 c26 -10 76 -36 113 -56z m-2057 25 c-40 -58 -105 -190 -130 -263 -110 -324 -59 -707 132 -981 25 -35 42 -64 37 -64 -19 0 -241 119 -326 174 -188 122 -406 314 -532 468 l-58 71 108 103 c185 178 428 349 672 473 66 33 121 60 123 61 2 0 -10 -19 -26 -42z\"\/><path d=\"M2375 1950 c-198 -44 -350 -190 -395 -379 -18 -76 -8 -221 19 -290 114 -284 457 -406 731 -260 98 52 188 154 231 260 27 69 37 214 19 290 -38 163 -166 304 -326 360 -67 23 -215 33 -279 19z\"\/><\/g><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/mailsafi.com\/blog\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p><div class=\"pvc_clear\"><\/div>","protected":false},"excerpt":{"rendered":"<p>The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide. The Egregor ransomware was first identified by the FBI in September 2020. The FBI says in&nbsp;a&nbsp;TLP: WHITE&nbsp;Private Industry Notification (PIN) Egregor claims to have already compromised over [&hellip;]<\/p>\n<div class=\"pvc_clear\"><\/div>\n<p id=\"pvc_stats_2627\" class=\"pvc_stats all  \" data-element-id=\"2627\" style=\"\"><i class=\"pvc-stats-icon large\" aria-hidden=\"true\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.0\" viewBox=\"0 0 502 315\" preserveAspectRatio=\"xMidYMid meet\"><g transform=\"translate(0,332) scale(0.1,-0.1)\" fill=\"\" stroke=\"none\"><path d=\"M2394 3279 l-29 -30 -3 -207 c-2 -182 0 -211 15 -242 39 -76 157 -76 196 0 15 31 17 60 15 243 l-3 209 -33 29 c-26 23 -41 29 -80 29 -41 0 -53 -5 -78 -31z\"\/><path d=\"M3085 3251 c-45 -19 -58 -50 -96 -229 -47 -217 -49 -260 -13 -295 52 -53 146 -42 177 20 16 31 87 366 87 410 0 70 -86 122 -155 94z\"\/><path d=\"M1751 3234 c-13 -9 -29 -31 -37 -50 -12 -29 -10 -49 21 -204 19 -94 39 -189 45 -210 14 -50 54 -80 110 -80 34 0 48 6 76 34 21 21 34 44 34 59 0 14 -18 113 -40 219 -37 178 -43 195 -70 221 -36 32 -101 37 -139 11z\"\/><path d=\"M1163 3073 c-36 -7 -73 -59 -73 -102 0 -56 133 -378 171 -413 34 -32 83 -37 129 -13 70 36 67 87 -16 290 -86 209 -89 214 -129 231 -35 14 -42 15 -82 7z\"\/><path d=\"M3689 3066 c-15 -9 -33 -30 -42 -48 -48 -103 -147 -355 -147 -375 0 -98 131 -148 192 -74 13 15 57 108 97 206 80 196 84 226 37 273 -30 30 -99 39 -137 18z\"\/><path d=\"M583 2784 c-38 -19 -67 -74 -58 -113 9 -42 211 -354 242 -373 16 -10 45 -18 66 -18 51 0 107 52 107 100 0 39 -1 41 -124 234 -80 126 -108 162 -133 173 -41 17 -61 16 -100 -3z\"\/><path d=\"M4250 2784 c-14 -9 -74 -91 -133 -183 -95 -150 -107 -173 -107 -213 0 -55 33 -94 87 -104 67 -13 90 8 211 198 130 202 137 225 78 284 -27 27 -42 34 -72 34 -22 0 -50 -8 -64 -16z\"\/><path d=\"M2275 2693 c-553 -48 -1095 -270 -1585 -649 -135 -104 -459 -423 -483 -476 -23 -49 -22 -139 2 -186 73 -142 361 -457 571 -626 285 -228 642 -407 990 -497 242 -63 336 -73 660 -74 310 0 370 5 595 52 535 111 1045 392 1455 803 122 121 250 273 275 326 19 41 19 137 0 174 -41 79 -309 363 -465 492 -447 370 -946 591 -1479 653 -113 14 -422 18 -536 8z m395 -428 c171 -34 330 -124 456 -258 112 -119 167 -219 211 -378 27 -96 24 -300 -5 -401 -72 -255 -236 -447 -474 -557 -132 -62 -201 -76 -368 -76 -167 0 -236 14 -368 76 -213 98 -373 271 -451 485 -162 444 86 934 547 1084 153 49 292 57 452 25z m909 -232 c222 -123 408 -262 593 -441 76 -74 138 -139 138 -144 0 -16 -233 -242 -330 -319 -155 -123 -309 -223 -461 -299 l-81 -41 32 46 c18 26 49 83 70 128 143 306 141 649 -6 957 -25 52 -61 116 -79 142 l-34 47 45 -20 c26 -10 76 -36 113 -56z m-2057 25 c-40 -58 -105 -190 -130 -263 -110 -324 -59 -707 132 -981 25 -35 42 -64 37 -64 -19 0 -241 119 -326 174 -188 122 -406 314 -532 468 l-58 71 108 103 c185 178 428 349 672 473 66 33 121 60 123 61 2 0 -10 -19 -26 -42z\"\/><path d=\"M2375 1950 c-198 -44 -350 -190 -395 -379 -18 -76 -8 -221 19 -290 114 -284 457 -406 731 -260 98 52 188 154 231 260 27 69 37 214 19 290 -38 163 -166 304 -326 360 -67 23 -215 33 -279 19z\"\/><\/g><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"https:\/\/mailsafi.com\/blog\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p>\n<div class=\"pvc_clear\"><\/div>\n","protected":false},"author":1,"featured_media":2642,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3],"tags":[250,116,251,252,246],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Egregor Ransomware Attack Warning from FBI | MailSafi<\/title>\n<meta name=\"description\" content=\"The FBI has warned private companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Egregor Ransomware Attack Warning from FBI | MailSafi\" \/>\n<meta property=\"og:description\" content=\"The FBI has warned private companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/\" \/>\n<meta property=\"og:site_name\" content=\"The MailSafi Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/msgafricaltd\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-15T17:39:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-01-15T17:43:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"531\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"the_leaders\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@msgafricaltd\" \/>\n<meta name=\"twitter:site\" content=\"@msgafricaltd\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"the_leaders\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/\"},\"author\":{\"name\":\"the_leaders\",\"@id\":\"https:\/\/mailsafi.com\/blog\/#\/schema\/person\/d2ec682ba327149927593938af3f9d14\"},\"headline\":\"FBI Warns of Egregor Ransomware Targeting Organizations World Over\",\"datePublished\":\"2021-01-15T17:39:56+00:00\",\"dateModified\":\"2021-01-15T17:43:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/\"},\"wordCount\":771,\"publisher\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg\",\"keywords\":[\"cyberattacks\",\"cybercrime\",\"email security threats\",\"phishing scams\",\"ransomware\"],\"articleSection\":[\"Email Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/\",\"url\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/\",\"name\":\"Egregor Ransomware Attack Warning from FBI | MailSafi\",\"isPartOf\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg\",\"datePublished\":\"2021-01-15T17:39:56+00:00\",\"dateModified\":\"2021-01-15T17:43:20+00:00\",\"description\":\"The FBI has warned private companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.\",\"breadcrumb\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#primaryimage\",\"url\":\"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg\",\"contentUrl\":\"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg\",\"width\":800,\"height\":531,\"caption\":\"Egregor Ransomware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/mailsafi.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FBI Warns of Egregor Ransomware Targeting Organizations World Over\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/mailsafi.com\/blog\/#website\",\"url\":\"https:\/\/mailsafi.com\/blog\/\",\"name\":\"The MailSafi Blog\",\"description\":\"We Stop Spam\",\"publisher\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/mailsafi.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/mailsafi.com\/blog\/#organization\",\"name\":\"Message Labs Africa\",\"url\":\"https:\/\/mailsafi.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mailsafi.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Message Labs Africa\"},\"image\":{\"@id\":\"https:\/\/mailsafi.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/msgafricaltd\/\",\"https:\/\/x.com\/msgafricaltd\",\"https:\/\/www.linkedin.com\/feed\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/mailsafi.com\/blog\/#\/schema\/person\/d2ec682ba327149927593938af3f9d14\",\"name\":\"the_leaders\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mailsafi.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7ca448387530cb3177261ca8cd87ff2a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7ca448387530cb3177261ca8cd87ff2a?s=96&d=mm&r=g\",\"caption\":\"the_leaders\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Egregor Ransomware Attack Warning from FBI | MailSafi","description":"The FBI has warned private companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/","og_locale":"en_US","og_type":"article","og_title":"Egregor Ransomware Attack Warning from FBI | MailSafi","og_description":"The FBI has warned private companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.","og_url":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/","og_site_name":"The MailSafi Blog","article_publisher":"https:\/\/www.facebook.com\/msgafricaltd\/","article_published_time":"2021-01-15T17:39:56+00:00","article_modified_time":"2021-01-15T17:43:20+00:00","og_image":[{"width":800,"height":531,"url":"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg","type":"image\/jpeg"}],"author":"the_leaders","twitter_card":"summary_large_image","twitter_creator":"@msgafricaltd","twitter_site":"@msgafricaltd","twitter_misc":{"Written by":"the_leaders","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#article","isPartOf":{"@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/"},"author":{"name":"the_leaders","@id":"https:\/\/mailsafi.com\/blog\/#\/schema\/person\/d2ec682ba327149927593938af3f9d14"},"headline":"FBI Warns of Egregor Ransomware Targeting Organizations World Over","datePublished":"2021-01-15T17:39:56+00:00","dateModified":"2021-01-15T17:43:20+00:00","mainEntityOfPage":{"@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/"},"wordCount":771,"publisher":{"@id":"https:\/\/mailsafi.com\/blog\/#organization"},"image":{"@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#primaryimage"},"thumbnailUrl":"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg","keywords":["cyberattacks","cybercrime","email security threats","phishing scams","ransomware"],"articleSection":["Email Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/","url":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/","name":"Egregor Ransomware Attack Warning from FBI | MailSafi","isPartOf":{"@id":"https:\/\/mailsafi.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#primaryimage"},"image":{"@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#primaryimage"},"thumbnailUrl":"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg","datePublished":"2021-01-15T17:39:56+00:00","dateModified":"2021-01-15T17:43:20+00:00","description":"The FBI has warned private companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.","breadcrumb":{"@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#primaryimage","url":"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg","contentUrl":"https:\/\/mailsafi.com\/blog\/wp-content\/uploads\/2021\/01\/ransomware-egregor.jpg","width":800,"height":531,"caption":"Egregor Ransomware"},{"@type":"BreadcrumbList","@id":"https:\/\/mailsafi.com\/blog\/fbi-warns-of-egregor-ransomware-targeting-organizations-world-over\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mailsafi.com\/blog\/"},{"@type":"ListItem","position":2,"name":"FBI Warns of Egregor Ransomware Targeting Organizations World Over"}]},{"@type":"WebSite","@id":"https:\/\/mailsafi.com\/blog\/#website","url":"https:\/\/mailsafi.com\/blog\/","name":"The MailSafi Blog","description":"We Stop Spam","publisher":{"@id":"https:\/\/mailsafi.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mailsafi.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mailsafi.com\/blog\/#organization","name":"Message Labs Africa","url":"https:\/\/mailsafi.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailsafi.com\/blog\/#\/schema\/logo\/image\/","url":"","contentUrl":"","caption":"Message Labs Africa"},"image":{"@id":"https:\/\/mailsafi.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/msgafricaltd\/","https:\/\/x.com\/msgafricaltd","https:\/\/www.linkedin.com\/feed\/"]},{"@type":"Person","@id":"https:\/\/mailsafi.com\/blog\/#\/schema\/person\/d2ec682ba327149927593938af3f9d14","name":"the_leaders","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailsafi.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7ca448387530cb3177261ca8cd87ff2a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7ca448387530cb3177261ca8cd87ff2a?s=96&d=mm&r=g","caption":"the_leaders"}}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/posts\/2627"}],"collection":[{"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/comments?post=2627"}],"version-history":[{"count":20,"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/posts\/2627\/revisions"}],"predecessor-version":[{"id":2666,"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/posts\/2627\/revisions\/2666"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/media\/2642"}],"wp:attachment":[{"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/media?parent=2627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/categories?post=2627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mailsafi.com\/blog\/wp-json\/wp\/v2\/tags?post=2627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}