The message gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via FTP.
The Egregor group gives Christmas gifts to its victims. It’s not clear what this is, maybe it’s a partial unlock key or a ransom discount. Meanwhile, however, the double extortion with ransomware continues
The Egregor ransomware group wishes all its victims, the “clients”, happy holidays. In addition, it announced that it had given “Christmas Gifts” to everyone. The details, according to the cybercrime actors, were sent to the victims’ personal chats. At the moment it is not yet clear what it is. The hypothesis is that the cybercriminals may have sent a key to decrypt, at least partially, the blocked data or offer a discount on the ransom for the holidays. What is certain, however, is that their business has not stopped. Only a few hours ago, in fact, the malicious hackers included the NAURA Akrion group, compromised in recent days, in the “Hall of Shame”. Furthermore, in the usual double extortion scheme, they entered 1% of the stolen data before the malware encrypted it.