March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – RedLine Stealer – Active IOCs
February 1, 2022
Rewterz Threat Alert – LokiBot Malware – Active IOCs
February 1, 2022
Rewterz Threat Alert – RedLine Stealer – Active IOCs
February 1, 2022
Rewterz Threat Alert – LokiBot Malware – Active IOCs
February 1, 2022
Severity
High
Analysis Summary
Delta Electronics is a Tech giant that provides electronic products and switching power supplies to Major industries in the Middle-East, Asia, and Europe region. Recently, Delta Electronics was his by COnti Ransomware which has been active in the region for quite some time. The ransomware group deployed malware on Delta’s systems and demanded a ransom of $15 million.
“According to the report, the sample may have been used in an attack on Taiwanese electronics manufacturing company Delta Electronics Inc. The hacker group claimed to have deployed the ransomware around January 21, 2022 and demanded a ransom of $15 million (approximately NT$412 million). Of the 65,000 computers in Delta’s network, about 1,500 servers and about 12,000 computers are encrypted.”
Conti ransomware was discovered in December 2019 and is delivered via TrickBot. It’s been utilized against large companies and government institutions across the world, especially in North America. Conti, like other ransomware families, steals important files and information from targeted networks and threatens to disseminate it unless the ransom is paid. Conti virus enhances performance by utilizing “up to 32 simultaneous encryption operations,” and is very likely directly controlled by its controllers. This ransomware can target network-based resources while ignoring local files. This feature has the noticeable impact of being able to create targeted harm in an environment in a way that might hinder incident response actions.
Delta stated that the main affected services are non-critical systems, which are gradually resuming operations. At present, the assessment has no significant impact on the company’s operations, and it has notified government law enforcement agencies and information security units to assist in follow-up processing, and will continue to improve network and security. Security control of information infrastructure to ensure data security. – Data Breach Notification
Impact
- Data Theft
- File Encryption
- Financial Loss
- Misuse of Information
Indicators of Compromise
IP
- 80[.]82[.]77[.]245
MD5
- 7e18dd4a4b84f2f93eff4790f16e8e8b
SHA-256
- 5ace33358a8b11ae52050d02d2d6705f04bd47a27c6c6e28ef65028bbfaf5da9
SHA-1
- 3113dbbeb536000ac8175ccb6438355af41ab2eb
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links sent by unknown senders.