Ransomware operators have found a new way to put pressure on the management of the attacked enterprises.
Egregor ransomware operators use an innovative approach to attract the attention of victims – after a cyber attack, the malware forces all printers on the network to print a ransom note.
Cybercriminals know that company executives tend to hide the fact of ransomware attacks not only from the general public, but also from their employees, for fear of falling stock prices and damage to reputation. Therefore, in order to put additional pressure on the management of the companies, Egregor operators are trying to attract maximum attention to the incident, forcing all printers connected to the infected network to cyclically print a ransom demand.
For the first time, it became known that Egregor makes printers print spontaneously after a ransomware attack on one of the largest retailers in South America, Cencosud.
To be more precise, the command to print to printers is given by a non-executable file Egregor. At the end of the attack, the ransomware operators use a special script. What is this script has not yet been established.