Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Severity
Medium
Analysis Summary
A GlobeImposter ransomware outbreak took place at a Financial services’ subsidiary company, resulting in encryption of a server and the NAS storage which hosted the virtual machines connected to them. Initially, a brute force RDP attack was launched on an admin account on the first compromised server, resulting in 1800 failed login attempts within 5 hours, prior to getting access. Once the access was gained, the attackers deployed advanced port scanner, credential stealing malware Mimikatz and a crypto-mining malware. The attackers then proceeded to deploy the ransomware, which, the researchers reported to be GlobeImposter. However, evidence of data exfiltration has not been found.
Impact
Indicators of Compromise
IP(s) / Hostname(s)
185.220.101[.]32
Malware Hash (MD5/SHA1/SH256)
Remediation