Egregor hits Randstand & Vancouver Metro
Egregor is a new organized cybercrime ransomware-as-a-service operation that partners with affiliates to compromise networks and deploy their ransomware.
The ransomware gang began operating in the middle of September 2020 after a prominent ransomware group known as Maze shut down their operation. Threat actors that worked with Maze switched to Egregor, which allowed the new operation to ramp up their attacks quickly
Randstad is the world’s largest staffing agency with offices in 38 markets and the owner of the well-known employment website Monster.com. Randstad employs over 38,000 people and generated €23.7 billion in revenue for 2019.
Randstad’s data stolen during a recent cyberattack. This leaked data is a 32.7MB archive containing 184 files, including accounting spreadsheets, financial reports, legal documents, and other miscellaneous business documents.
Randstad states that only a limited number of servers were impacted and that their network and business operations continued to operate without disruption.
The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.
TransLink’s announced that they were having issues with their information technology systems that affected phones, online services, and the ability to pay for fares using a credit card or debit card. All transit services were unaffected by the IT problems.
After restoring the payment systems, TransLink issued a statement disclosing that a ransomware attack caused the IT problems.
“We are now in a position to confirm that TransLink was the target of a ransomware attack on some of our IT infrastructure. This attack includes communications to TransLink through a printed message,” TransLink disclosed in a statement.