Ransomware groups are actively finding new ways to pressure victims into paying their ransom. This pursuit’s latest technique is from the Egregor ransomware group, which has started force printing out the ransom notes through all the printers connected to the compromised network. This would make their attack known widely, thus forcing the victim to pay early.
Egregor’s Novel Technique to Attain Success
Egregor ransomware group, which started its operations lately after the fall of Maze group, is touted to grow big soon. This is because the group follows novel techniques and aims for attacking high-profile targets. Egregor ransomware has compromised Barnes & Noble earlier and Cencosud this week.
While stealing data and compromising systems has become regular, Egregor started a new practice to widely publicize its act. Noting that few companies hide that they’re being attacked, Egregor ransomware is cleverly taking over all the printers connected to the compromised network and printing its ransom note from them!
El #ransomware que le pegó a Cencosud es #Egregor. La ransom note empezó a salir en las impresoras de varios locales de Argentina y Chile pic.twitter.com/k1Ps4IDUyq
— Irlenys (@Irlenys) November 15, 2020
This would eventually publicize their attack widely than that displayed just on compromised systems. This was practiced in the Cencosud’s attack earlier this week, where several printers have automatically printed the same ransom note in repeat.
BleepingComputer says this additional feature doesn’t come within the ransomware malware, but Egregor may have used a script to takeover printers and do their job. While the script wasn’t found yet, it’s believed to be adopted by other ransomware groups soon if seen successful.
After all, publicizing the attack would degrade the value of the victim. Any company known to be a ransomware victim may see a fall in their stock prices, reputation, and data leak. Thus, most of the companies hide this act to stay afloat until everything is addressed.