Rewterz Threat Alert – DJVU Ransomware – Active IOCs
March 31, 2022Rewterz Threat Advisory – CVE-2022-22963 – Spring Cloud Function Vulnerability
March 31, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
March 31, 2022Rewterz Threat Advisory – CVE-2022-22963 – Spring Cloud Function Vulnerability
March 31, 2022Severity
High
Analysis Summary
Snake emerged for the first time in late November 2020. Since November 2020, malicious actors have started releasing Snake through phishing attacks. Snake Ransomware is built-in Golang, an open-source programming language that supports several operating systems. It deletes the computer’s Shadow Volume Copies and terminates processes linked to SCADA systems, virtual machines, industrial control systems, remote management tools, network management applications, and other programs. This ransomware has been attacking industrial control systems’ operations and files. Snake bypasses all Windows and other system directories on the machine during encryption. In comparison to other ransomware attacks, its encryption procedure is slower.
Impact
- File Encryption
Indicators of Compromise
MD5
- 44a1ac8fd06283098665510e368d8506
SHA-256
- 49891e3580a13926e92ef8c033faca0d1c404cad4755873c39fd7d887c3b1e78
SHA-1
- 1876c64fc4abd6e7899f001a25d5dc6d0d247331
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment