{
	"id": "36a33683-d82e-46d8-b524-e313787715fc",
	"created_at": "2026-04-06T00:15:33.965043Z",
	"updated_at": "2026-04-10T13:12:07.692322Z",
	"deleted_at": null,
	"sha1_hash": "bebedf6f4d7366b129a47c237aa9e4e4fd1e939a",
	"title": "Egregor Claims Responsibility for Barnes \u0026 Noble Attack, Leaks Data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 58784,
	"plain_text": "Egregor Claims Responsibility for Barnes \u0026 Noble Attack, Leaks\r\nData\r\nBy Tara Seals\r\nPublished: 2020-10-21 · Archived: 2026-04-05 22:47:50 UTC\r\nThe ransomware gang claims to have bought network access to the bookseller’s systems before encrypting the\r\nnetworks and stealing “financial and audit data.”\r\nThe Egregor ransomware gang has reportedly taken responsibility for the Barnes \u0026 Noble cyberattack, first\r\ndisclosed on Oct. 15.\r\nThe bookseller warned last week that it had been hacked in emailed notices to customers, noting that a cyberattack\r\nhappened on Oct. 10, “which resulted in unauthorized and unlawful access to certain Barnes \u0026 Noble corporate\r\nsystems.”\r\nSome indications — such as its Nook e-reader service being taken offline starting the weekend before — also\r\npointed to a possible ransomware attack, though the company still hasn’t yet confirmed that. Some store workers\r\ntold an e-reader blog that their physical registers were having trouble over that weekend, too.\r\nNow, the Egregor group – a new kid on the block, having emerged only in September – said that its malware was\r\nresponsible, and claimed to have stolen unencrypted “financial and audit” data.\r\nIt’s unclear if that refers to internal corporate data or consumer information. The book giant stressed in its notice\r\nto customers that all exposed user financial data was “encrypted and tokenized and not accessible. At no time is\r\nthere any unencrypted payment information in any Barnes \u0026 Noble system.”\r\nIn correspondence with Bleeping Computer, a member of the group said that someone was able to gain access to a\r\nWindows domain administrator account, before handing over (or selling) that access to the Egregor gang.\r\nAnd indeed, network-access sellers have become “a central pillar of criminal underground activity in 2020,”\r\naccording to a recent Accenture report. For prices between $300 and $10,000, ransomware groups have the\r\nopportunity to easily buy initial network access to already-compromised companies on underground forums.\r\nThat investment has apparently paid off: Egregor has also now published “two Windows Registry hives that\r\nappear to have been exported from Barnes \u0026 Noble’s Windows servers during the attack,” according to the media\r\nreport. The files however don’t prove that the gang has financial data.\r\nThreatpost has reached out to Barnes \u0026 Noble for confirmation and details.\r\nhttps://threatpost.com/egregor-responsibility-barnes-noble/160401/\r\nPage 1 of 2\n\nFor the full Threatpost report on the hack, including coverage of the threats to consumers and researcher reactions,\r\nplease click here.\r\nEgregor Ramps Up\r\nEgregor was first spotted in the wild in September, using a tactic of siphoning off corporate information and\r\nthreatening a “mass-media” release of it before encrypting all files.\r\nJust this week, it claimed to have hacked gaming giant Ubisoft, lifting the source code for Watch Dogs: Legion,\r\nwhich is due to be released on Oct. 29. It’s a highly anticipated release thanks to its 4K visuals, “ray tracing”\r\ncapabilities and a planned Assassin’s Creed crossover.\r\nIt also took responsibility for a separate attack on gaming creator Crytek, relating to gaming titles like Arena of\r\nFate and Warface. In both cases, as with Barnes \u0026 Noble, it published inconclusive information on its leak site\r\nshowing that it accessed files, but not necessarily the source code that it said that it had.\r\nEgregor is an occult term meant to signify the collective energy or force of a group of individuals, especially when\r\nthe individuals are united toward a common purpose — apropos for a ransomware gang. According to a recent\r\nanalysis from Appgate, the code seems to be a spinoff of the Sekhmet ransomware (itself named for the Egyptian\r\ngoddess of healing). \r\nSource: https://threatpost.com/egregor-responsibility-barnes-noble/160401/\r\nhttps://threatpost.com/egregor-responsibility-barnes-noble/160401/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://threatpost.com/egregor-responsibility-barnes-noble/160401/"
	],
	"report_names": [
		"160401"
	],
	"threat_actors": [],
	"ts_created_at": 1775434533,
	"ts_updated_at": 1775826727,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bebedf6f4d7366b129a47c237aa9e4e4fd1e939a.pdf",
		"text": "https://archive.orkl.eu/bebedf6f4d7366b129a47c237aa9e4e4fd1e939a.txt",
		"img": "https://archive.orkl.eu/bebedf6f4d7366b129a47c237aa9e4e4fd1e939a.jpg"
	}
}