Rewterz Threat Alert – Pioneer Kitten APT Sells Corporate Network Access, Exploits Vulnerabilities
September 4, 2020Rewterz Threat Alert – Cyrat Ransomware Targets Windows Users
September 4, 2020Rewterz Threat Alert – Pioneer Kitten APT Sells Corporate Network Access, Exploits Vulnerabilities
September 4, 2020Rewterz Threat Alert – Cyrat Ransomware Targets Windows Users
September 4, 2020Severity
Medium
Analysis Summary
The SMAUG Ransomware As A Service emerged towards the end of April 2020, and seems to have gained some traction in the following months. SMAUG appears to be a robust and full-service RaaS, with a few tweaks that set it apart from the others.
Perhaps the most interesting differentiators are multi-platform support (all 64-bit) and the inclusion of a “Company Mode”, which allows for a single key to apply to an entire body of infected ‘hosts’ (aka a targeted company). If the victim chooses to comply with the attackers, then a single key can be used to decrypt (theoretically) all the encrypted hosts in that environment.
SMAUG also has offline capabilities, meaning that the payload does not have to have any amount of connectivity in order to execute and encrypt.
Impact
Files Encryption
Indicators of Compromise
MD5
- 6b083c1bfd21eea2a3f18283f1f3c5f5
SHA-256
- f2363a355fe226cb2f7f1afa72daecc5edfe1cb0edc1295856fb3f874d941b6d
SHA1
- 929b10f78565660535a07917d144d00b0c117571
Remediation
- Block the threat indicators at their respective controls.
- Do not download untrusted attachments from emails or software from the internet.
- Keep all systems and software updated to latest patched versions.