Rewterz Threat Alert – ISO Files in Email Attachments Delivering Malware
December 26, 2019Rewterz Threat Alert – FIN7 BOOSTWRITE’s Lost Twin exposes sensitive information
December 27, 2019Rewterz Threat Alert – ISO Files in Email Attachments Delivering Malware
December 26, 2019Rewterz Threat Alert – FIN7 BOOSTWRITE’s Lost Twin exposes sensitive information
December 27, 2019Severity
High
Analysis Summary
A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems. Ryuk Ransomware using an executable named v2.exe, would no longer encrypt folders that are associated with *NIX operating systems.
A Linux/Unix variant of Ryuk does not exist, but Windows 10 does contain a feature called the Windows Subsystem for Linux (WSL) that allows you to install various Linux distributions directly in Windows. These installations utilize folders with the same blacklisted names as listed below:
- bin
- boot
- Boot
- dev
- etc
- lib
- initrd
- sbin
- sys
- vmlinuz
- run
- var
Impact
Blacklist NIX folders
Remediation
- Always be suspicious about email sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.