Egregor ransomware causes printers to spit out ransom notes
In a somewhat novel approach to ensuring that their victim knows they have been hacked and their systems locked up, the Egregor threat actors sent messages to some Cencosud stores.
Some video was shared on Twitter by @Irlenys:
— Irlenys (@Irlenys) November 15, 2020
The ability to send ransom notes to printers is a feature of Egregor ransomware, as reported by BleepingComputer, who first reported on the Cencosud breach:
Clarín also reported that printers in numerous retail outlets in Chile and Argentina, such as Easy home goods stores, began printing out ransom notes as devices are encrypted.
This function is a known “feature” of the Egregor ransomware software, which will automatically print ransom notes to attached printers after the files on a device have been encrypted. For network-wide attacks, this could potentially lead to thousands of ransom notes being printed throughout the organization.