• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Trickbot – Banking Trojan IOCs
July 9, 2020
Rewterz Threat Advisory – CVE-2020-0592 – F5 BIG-IP remote command execution vulnerability
July 9, 2020

Rewterz Threat Alert – FileCry Ransomware

July 9, 2020

Severity

High

Analysis Summary

A new ransomware named FileCry, named after WannaCry, has been discovered and analyzed by researchers. Upon successful encryption, the virus asks for 0.035 BTC to decrypt the files. After the ransomware is run, all files and subfolder files are encrypted with a suffix (.filecry) is appended to each file. A box is displayed directing victims to a Bitcoin wallet and email address for payment. The actors will then send a decryption key. The actual encryption algorithm is simplistic in nature and only adds 1 to each byte of data of the victim’s computer. The decryption key appears to be written directly into the decryption key judgment function. 

7.6.2.png

The current version of the FileCry ransomware encryption algorithm is very “plain”. Directly add 1 to each byte of the file data of the victim’s computer according to the ASCII code, and then add the encrypted file suffix as .filecry to end the file encryption operation.

7.6.4.png

Impact

File encryption

Indicators of Compromise

MD5

  • 4899accb55b148537d9b02232cb665a4
  • d8f7cc08aec6f3ca5d8a45a02f928b8e

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.