Rewterz Threat Alert – “Stealc” – An Information Stealer Malware – Active IOCs
April 18, 2023Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
April 18, 2023Rewterz Threat Alert – “Stealc” – An Information Stealer Malware – Active IOCs
April 18, 2023Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
April 18, 2023Severity
High
Analysis Summary
CrossLock ransomware is a type of malware that encrypts files on a victim’s computer and demands a ransom payment in exchange for a decryption key. The ransomware is typically distributed through phishing emails or malicious software downloads.
Once the malware infects a system, it scans the victim’s computer for specific files to encrypt, including documents, images, videos, and databases. The encrypted files are given a new extension and a ransom note is displayed on the victim’s screen, which includes instructions on how to pay the ransom to obtain the decryption key.
CrossLock ransomware is known for using a double extortion tactic, where the attackers not only demand payment for the decryption key but also threaten to publish the victim’s sensitive data online if the ransom is not paid.
The best defense against CrossLock ransomware is to keep your operating system and software up to date, avoid opening suspicious emails and attachments, and regularly back up important files to an external storage device. In case of an attack, victims are advised not to pay the ransom and seek professional assistance to recover their files.
Impact
- File Encryption
Indicators of Compromise
MD5
- 9756b1c7d0001100fdde3efefb7e086f
SHA-256
- 495fbfecbcadb103389cc33828db139fa6d66bece479c7f70279834051412d72
SHA-1
- 55de88118fe8abefb29dec765df7f78785908621
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.