Its operators Egregor ransomware use a new method to get their victims' attention and put even more pressure on them after a attack. They print the ransom note from all available printers of the victims.
In many cases, companies are falling victim of a ransomware attack, do not make it public. They may not even tell their employees. A public announcement could hurt employees' trust and damage its reputation company. Ransomware is well aware of this gangs.
So, to make sure that the attack is known and that the victim pays, The hackers behind the Egregor ransomware continuously print the ransom note from all available printers of the victim.
BleepingComputer was already aware of this tactic, but only confirmed it last weekend after his attack Egregor ransomware at multinational retail company Cencosud. The company has many stores in Argentina, Brazil, Chile, Colombia and Peru. During the ransomware attack, they were encrypted Appliances in all retail stores and problems were created in various services.
Egregor is one ransomware-as-a-service business which appeared in the middle of last September.
The prints seen by Bleeping Computer show that this is the same ransom note that appeared on computers of the victim.
With the information so far, is not the executable ransomware that prints the notes. Instead, it is believed that the hackers of Egregor ransomware use one script at the end of a attack to print ransom notes on all available printers.
In addition, Egregor ransomware operators are following the new trend in ransomware attacks and threatening to leak data of their victims if they do not pay the ransom. They have, in fact, created one website on darknet, where they offer a list of their victims and inform about the date of publication of the stolen data.
Source: Bleeping Computer