Two major organizations — Randstad, the world's largest staffing agency and Translink, the Metro Vancouver transporting agency — fell victim to Egregor ransomware attacks. The Egregor ransomware group is found to be highly operational in recent times, and it continues to wreak havoc on enterprises. Egregor ransomware caused disruptions to the Chilean retail giant Cencosud recently followed by an attack on Kmart.
Randstad has mentioned that the Egregor ransomware group has disclosed one percent of the stolen data and has exposed 32.7 MB of data with 184 files. Randstad is a global staffing agency with offices in 38 markets and has an employee count of 38,000 with a revenue of €23.7 billion in 2019. Randstad is also the owner of the popular employment website monster.com. Randstad has also mentioned that only a limited number of servers were compromised and its team is doing its best to resolve the situation.
"Prompt global action was taken to mitigate the incident while further protecting Randstad’s systems, operations and data. As a result, a limited number of servers were impacted," Randstad claimed in its press release.
Meanwhile, Translink's payments and services were disrupted by the Egregor ransomware attack. Its online services including payment using credit and debit cards were muddled. The ransomware instance started printing numerous ransom notes through the network-connected printer (the same happened following the breach at Cencosud.
Egregor ransomware operators seem to be vibrant in recent months, and they will likely continue trying to wreck havoc on enterprises. Though the actual cause of the attack is yet to be revealed in both cases, it's believed that both enterprises were using decent cybersecurity tools and policies to avoid ransomware attacks, however the Egregor ransomware group managed to breach their networks and get away with data anyway.
Enterprises need to ensure they have an updated cybersecurity strategy to combat these recent sophisticated and aggressive cyberattacks launched by ransomware operators. It's best to be proactive by employing the right cybersecurity tools like patch management, endpoint security management, and vulnerability management.