Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023
Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 30, 2023Severity High Analysis Summary Recently, researchers discovered an advanced phishing method called “file archiver in the browser” that exploits .ZIP domains to deceive unsuspecting individuals. This […]May 28, 2023Severity High Analysis Summary An email protection and network security services provider has issued a warning regarding a zero-day vulnerability that has been exploited to compromise […]May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Here’s how VPNs can be Exploited by Attackers
October 9, 2019
Rewterz Threat Alert – Attack Campaign Using Drupalgeddon2
October 10, 2019
Severity
High
Analysis Summary
A malicious file masquerading as Windows Security Scanner is being distributed via spam and demands a ransom despite corrupting files and making them unrecoverable. The file is delivered by a link in an email claiming that a virus has been detected on the victim’s computer and they need to run a security scanner. The link leads to the download of a ZIP archive containing the main payload and several additional executable in a hidden folder. The malware attempts to distract the victim with a fake installation progress bar. In the background, files in the Users folder are targeted by the supposed ransomware. However, instead of implementing an encryption algorithm like most ransomware, this malware removes the first line of targeted files. The method used by the ransomware author to do this ends up corrupting any binary files. Because of this, the malware acts more like a wiper than ransomware, so paying the requested ransom will not result in a decryption key capable of recovering files.
Impact
File encryption
Indicators of Compromise
MD5
b594412c00331c12d15d9e18c02a778a
SH256
02629729329cde8d1892afa1d412a75cfcc338826c0b5087a2ef3182b5a1af85
SHA1
697301b4aee6fd89bb655025d772b68ddc2756be
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.