Egregor ransomware causes printers to spit out ransom notes

In a somewhat novel approach to ensuring that their victim knows they have been hacked and their systems locked up, the Egregor threat actors sent messages to some Cencosud stores.

Some video was shared on Twitter by @Irlenys:

Translation:  The #ransomware that hit Cencosud is #Egregor . The ransom note began to appear in the printers of several stores in Argentina and Chile

Screenshot taken from video posted to Twitter by @Irlenys

The ability to send ransom notes to printers is a feature of Egregor ransomware, as reported by BleepingComputer, who first reported on the Cencosud breach:

Clarín also reported that printers in numerous retail outlets in Chile and Argentina, such as Easy home goods stores, began printing out ransom notes as devices are encrypted.

This function is a known “feature” of the Egregor ransomware software, which will automatically print ransom notes to attached printers after the files on a device have been encrypted. For network-wide attacks, this could potentially lead to thousands of ransom notes being printed throughout the organization.

About the author: Dissent

Comments are closed.