Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
A new “Pxj” ransomware. Also known as the “XVFXGW” ransomware, it performs functions common to most ransomware. First, the Recycle Bin is emptied using the SHEmptyRecycleBinW function. Next, a series of commands are executed to prevent recovery of data after encryption, specifically the deletion of volume shadow copies and disabling of the Windows Error Recovery service. These are the commands executed by the ransomware.
After these tasks are complete, the encryption process begins. AES and RSA are used in combination for encryption. The name “Pxj” is derived from the extension that is appended to encrypted files. The alternative name, “XVFXGW,” is based off of both the mutex that is created, “XVFXGW DOUBLE SET,” and the email addresses listed in the ransom note, “xvfxgw3929@protonmail.com” and “xvfxgw213@decoymail.com”. With encryption complete, the ransom note is dropped as a file named “LOOK.txt” and requests the user contact the operator via email to pay the ransom in exchange for the decryption key.
Files Encryption
SHA-256