Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Severity
High
Analysis Summary
Satan ransomware first appeared in early 2017, and since then threat actors have been constantly improving the malware to infect its victims more effectively and to maximize its profits.
Satan ransomware uses several methods to propagate across both public and private networks. It implements multi-threading to increase the efficiency of the attacks. When propagating across private networks, a sweep is performed to identify all hosts on the victim network. For public networks, the C2 server defines the IPs that should be scanned by the spreader. Once targets are identified, exploit attempts begin by leveraging SSH brute force attacks and numerous web exploits. In the case of the Windows spreader, the EternalBlue exploit and Mimikatz are also used. After attempts are completed, the spreader notifies the C2 server of all executed exploits. The most recent variants of both the Windows and Linux spreaders added exploit payloads for Spring Data, ElasticSearch, and ThinkPHP vulnerabilities.
Impact
File encryption
Indicators of Compromise
IP(s) / Hostname(s)
URLs
Malware Hash (MD5/SHA1/SH256)
Remediation