A recent report mentions that the cybercriminal group in charge of the Egregor ransomware managed to compromise the systems of Metro Vancouver’s TransLink transport agency, leading to disruptions to some services and payment systems.
A few days ago, company representatives announced that they had problems with their systems, affecting their phones, online services, or credit and debit card payment systems. Transport systems were not affected by these failures.
Once it managed to restore its payment systems, TransLink issued a statement acknowledging the incident: “We have the information necessary to confirm that TransLink was the target of a ransomware attack that affected our communications through a message.” Through his Twitter account, researcher Jordan Armstrong posted an image of the ransom note and stated that TransLink printers were repeatedly printing the same message:
After the ransom note was made public, the cybersecurity community confirmed that hacking group Egregor was behind the attack.
Specialists mention that Egregor is the only known ransomware variant that runs scripts to print ransom notes on all printers connected to a compromised network. Egregor’s hackers used this same tactic during a recent cyberattack on Cencosud, where receipt printers began repeatedly printing ransom notes to draw public attention to the incident.
In the rise of ransomware as a service (RaaS) platforms, Egregor has established itself as one of the groups most requested by cybercriminal groups, making incredible profits for every successful attack deployed by malicious hackers. These attacks include numerous high-profile companies around the world, including Kmart, Cencosud, Crytek, Ubisoft and Barnes and Noble.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
