logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – Ryuk evolves as a new Targeted Ransomware

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 15, 2023
    March 15, 2023
    Rewterz Threat Alert -New Golang-Based Botnet GoBruteforcer Breaches Web Servers – Active IOCs
    Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]
    March 15, 2023
    March 15, 2023
    Rewterz Threat Alert – DarkComet RAT (Remote Access Trojan) – Active IOCs
    Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]
    March 15, 2023
    March 15, 2023
    Rewterz Threat Advisory -Multiple Microsoft Windows Products Vulnerabilties
    Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – Ryuk evolves as a new Targeted Ransomware

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 15, 2023
    March 15, 2023
    Rewterz Threat Alert -New Golang-Based Botnet GoBruteforcer Breaches Web Servers – Active IOCs
    Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]
    March 15, 2023
    March 15, 2023
    Rewterz Threat Alert – DarkComet RAT (Remote Access Trojan) – Active IOCs
    Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]
    March 15, 2023
    March 15, 2023
    Rewterz Threat Advisory -Multiple Microsoft Windows Products Vulnerabilties
    Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Advisory – CVE-2018-16882 – Linux Kernel KVM “nested_get_vmcs12_pages()” UseAfter-Free Vulnerability
December 20, 2018
Rewterz
Rewterz Threat Advisory – CVE-2018-3149 – Oracle Java SE/Java SE Embedded/JRockit Remote Security Vulnerability
December 21, 2018

Rewterz Threat Advisory – Ryuk evolves as a new Targeted Ransomware

December 20, 2018

SEVERITY: High

 

 

CATEGORY: Emerging Threat

 

 

ANALYSIS SUMMARY

 

 

Attackers using targeted ransomware work on the following methodology:

  • Enter the victim’s network via a weak RDP (Remote Desktop Protocol) password.
  • Escalate their privileges until they’re an administrator.
  • Use their privileged position to overcome security software.
  • Spread their ransomware as widely as possible before encrypting the victim’s files.
  • Leave notes demanding payment in return for decoding/unlocking the files.
  • Wait for the victim to contact them via email.

Successful acquiring of administrator privilege ensures enough damage by the ransomware that the victims have to pay 5-6 figure ransom for decryption of their files. Primarily, industries related to commodities, healthcare and manufacturing are being targeted. Ryuk shows close ties with the HERMES ransomware, a production of the North Korean Lazarus group.

Following is the ransom note found on encrypted computers.

 

Your network has been penetrated.

All files on each host in the network have been encrypted with a strong algorithm.

Backups were either encrypted or deleted or backup disks were formatted.

Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.

We exclusively have decryption software for your situation No decryption software is available in the public.

DO NOT RESET OR SHUTDOWN – files may be damaged.

DO NOT RENAME OR MOVE the encrypted and readme files.

DO NOT DELETE readme files.

This may lead to the impossibility of recovery of the certain files.

To get info (decrypt your files) contact us at ????????@protonmail.com

or ????????@tutanota.com

BTC wallet: ???????????????????????????????? Ryuk

 

Ryuk demands ransoms of between 15 and 50 bitcoins (between $50,000 and $170,000), with the price escalating by 0.5 bitcoins every day the victim doesn’t pay.

 

 

IMPACT

 

 

System Access, Files encryption, Ransom payment

 

 

INDICATORS OF COMPROMISE

 

IP(s) / Hostname(s)

 

  • 104.199.153[.]189
  • 104.239.157[.]210
  • 187.17.111[.]103
  • 195.20.45[.]185
  • 200.98.255[.]192
  • 23.253.126[.]58
  • 68.168.222[.]206
  • 89.119.67[.]154

 

URLs

  • bedava-chat[.]com
  • bestinfo[.]vv[.]si
  • digiturk[.]adsl[.]com[.]tr
  • freshmirza[.]tk
  • ibrahimreb[.]com
  • infocommsystems[.]com
  • jaragroup[.]com[.]ar
  • klkjwre9fqwieluoi[.]info
  • kukutrustnet777[.]info
  • kukutrustnet777888[.]info
  • kukutrustnet888[.]info
  • kukutrustnet987[.]info
  • lavanyacreation[.]com
  • natufarma[.]net
  • radiantjewelcraft[.]com
  • sets-hm[.]tk
  • veddagroup[.]twomini[.]com

 

Associated-file-path:

  • C:\Users\Public\cjoZX[.]exe
  • C:\Users\Public\window[.]bat

 

Associated-email-addresses:

  • WayneEvenson@tutanota[.]com
  • WayneEvenson@protonmail[.]com

 

Associated-bitcoin-address: 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk

 

Malware Hash (MD5/SHA1/SH256)

  • c0202cf6aeab8437c638533d14563d35
  • d348f536e214a47655af387408b4fca5
  • 958c594909933d4c82e93c22850194aa
  • 86c314bc2dc37ba84f7364acd5108c2b
  • 29340643ca2e6677c19e1d3bf351d654
  • cb0c1248d3899358a375888bb4e8f3fe
  • 1354ac0d5be0c8d03f4e3aba78d2223e
  • 5ac0f050f93f86e69026faea1fbb4450

 

REMEDIATION

 

Block all the threat indicators at their respective controls.

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo