Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 19, 2023
Severity High Analysis Summary A new information-stealing malware called Mystic Stealer emerged in April 2023, gaining popularity in cybercrime circles. It targets various web browsers, browser […]September 19, 2023Rewterz Threat Alert – BlackCat/ALPHV Ransomware Group Allegedly Encrypted Over 100 MGM ESXi Servers
Severity High Analysis Summary An affiliate of the BlackCat ransomware group, also known as APLHV, recently carried out a significant cyberattack on MGM Resorts, leading to […]September 19, 2023Severity High Analysis Summary APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 19, 2023Severity High Analysis Summary A new information-stealing malware called Mystic Stealer emerged in April 2023, gaining popularity in cybercrime circles. It targets various web browsers, browser […]September 19, 2023Rewterz Threat Alert – BlackCat/ALPHV Ransomware Group Allegedly Encrypted Over 100 MGM ESXi Servers
Severity High Analysis Summary An affiliate of the BlackCat ransomware group, also known as APLHV, recently carried out a significant cyberattack on MGM Resorts, leading to […]September 19, 2023Severity High Analysis Summary APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2020-3974 – VMware XPC Client validation privilege escalation vulnerability
July 10, 2020Rewterz Threat Advisory – CVE-2020-9294 – Authentication bypass in FortiMail and FortiVoice Enterprise
July 10, 2020
Severity
High
Analysis Summary
A new ransomware family packs multiple unique features, including to improve performance and give its operators the option to only target networked SMB shares. Dubbed Conti, the malware improves performance through the use of “up to 32 simultaneous encryption efforts,” and is likely directly controlled by its operators, which means that it can target network-based resources and skip local files, similarly with what the Sodinokibi ransomware can do. the new ransomware abuses the Windows Restart Manager to close applications that lock certain files, thus making sure it can encrypt all the data it wants. The notable effect of this capability is that it can cause targeted damage in an environment in a method that could frustrate incident response activities. A successful attack may have destruction that’s limited to the shares of a server that has no Internet capability, but where there is no evidence of similar destruction elsewhere in the environment.
Impact
File encryption
Indicators of Compromise
MD5
- b7b5e1253710d8927cbe07d52d2d2e10
SHA-256
- eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe
SHA1
- 596f1fdb5a3de40cccfe1d8183692928b94b8afb
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in the environment.