Egregor is one of the most rapidly growing ransomware families. Its name comes from the occult world and is defined as “the collective energy of a group of people, especially when aligned with a common goal,” according to Recorded Future’s Insikt Group. Although descriptions of the malware vary from security firm to security firm, the consensus is that Egregor is a variant of the Sekhmet ransomware family.

It arose in September 2020, at the same time the Maze ransomware gang announced its intention to shut down operations. Affiliates who were part of the Maze group appear, however, to have moved on to Egregor without skipping a beat.