With Maze ransomware group closing down operations, clients are now turning to Sekhmet ransomware spin-off Egregor as a substitute. The Maze group declared its retirement, with no official successor, and said support for the malware would end after one month.
Egregor has been active since September this year and has been linked to alleged attacks against organizations, including Barnes & Noble and GEFCO. Egregor is also associated with the Ransomware-as-a-Service (RaaS) model, in which customers can subscribe for access to the malware.
Egregor uses a range of anti-obfuscation techniques and payload packing to avoid analysis. The ransomware’s functionality is considered to be similar to Sekhmet.