March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – APT32 Ocean Lotus – IOCs
August 24, 2021
Rewterz Threat Advisory – CVE-2021-29704 – IBM Security SOAR Information Disclosure
August 24, 2021
Rewterz Threat Alert – APT32 Ocean Lotus – IOCs
August 24, 2021
Rewterz Threat Advisory – CVE-2021-29704 – IBM Security SOAR Information Disclosure
August 24, 2021
Severity
High
Analysis Summary
Ryuk is the name of a ransomware family, first discovered in the wild in August 2018. It is one of the nastiest ransomware going around. Ryuk will lock your files or systems and holds them hostage for ransom. Ryuk is a type of ransomware used in targeted attacks, where the threat actors make sure that essential files are encrypted so they can ask for large ransom amounts. A typical Ryuk ransom demand can amount to a few hundred thousand dollars. Ryuk is one of the first ransomware families to include the ability to identify and encrypt network drives and resources, as well as delete shadow copies on the endpoint. This means the attackers can then disable Windows System Restore for users, making it impossible to recover from an attack without external backups. Ryuk’s delivery method is spam emails. These emails are often sent from a spoofed address, so the sender’s name does not raise suspicion.
Impact
- File Encryption
- Data Exfiltration
Indicators of Compromise
MD5
- 0eed6a270c65ab473f149b8b13c46c68
SHA-256
- 7faeb64c50cd15d036ca259a047d6c62ed491fff3729433fefba0b02c059d5ed
SHA1
- bffb380ef3952770464823d55d0f4dfa6ab0b8df
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.