November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2019-6534 AVEVA Uncontrolled Search Path Element Vulnerability
March 21, 2019Rewterz Threat Alert – CVE-2018-20250 JNEC. A Ransomware Delivered Through WinRAR Exploit
March 21, 2019Rewterz Threat Advisory – CVE-2019-6534 AVEVA Uncontrolled Search Path Element Vulnerability
March 21, 2019Rewterz Threat Alert – CVE-2018-20250 JNEC. A Ransomware Delivered Through WinRAR Exploit
March 21, 2019
Severity
High
Analysis Summary
Hydro a Norwegian aluminium manufacturer company has been hit by lockergoga ransomware attack which appeared to be “slow and sloppy” according to the company officials. After enumerating files on the system, the malware would invoke a separate process for each file to be encrypted. Encrypted files had a “.locked” extension added to the file’s name. They also indicated that the malware did not appear to have any evasion techniques, although it was digitally signed by a valid certificate (the certificate has since been revoked).
The message is shown after the file encryption.
Impact
Malware infection
Indicators of Compromise
Remediation
- Block threat indicators at your respective controls.
- Keep systems/ applications at current released patched levels.
- Search for these IOC’s in your environment.
- Ensure anti virus files and software associated with are up to date.