• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2022-20821 – Cisco IOS XR Vulnerability
May 23, 2022
Rewterz Threat Alert – Quantum Ransomware – Active IOCs
May 23, 2022

Rewterz Threat Alert – Sugar Ransomware – Active IOCs

May 23, 2022

Severity

High

Analysis Summary

The crypter being used reuses the code from the ransomware itself. According to the security Researchers, the crypter is a modified form of RC4 encryption and written in Delphi. 

Ransom Note:

—=== Welcome. Again. ===—

[-] Whats HapPen? [-]

Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension csruj.
By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER).

[+] What guarantees? [+]

Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will not cooperate with us. Its not in our interests.
To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.
If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice – time is much more valuable than money.

[+] How to get access on website? [+]

You have two ways:

1) [Recommended] Using a TOR browser!
a) Download and install TOR browser from this site: 
b) Open our website: 

2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this:
a) Open your any browser (Chrome, Firefox, Opera, IE, Edge)
b) Open our secondary website: 

Warning: secondary website can be blocked, thats why first variant much better and more available.

When you open our website, put the following data in the input form:
Key:



—————————————————————————————–

!!! DANGER !!!
DON’T try to change files by yourself, DON’T use any third party software for restoring your data or antivirus solutions – its may entail damage of the private key and, as result, The Loss all data.
!!! !!! !!!
ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere.
!!! !!! !!!

Researchers believe that the ransomware is linked to REvil Ransomware group. 

1*BU9BqGoJhhodVLzGydEikA.png

The interface is similar to the Cl0p ransomware. 

Impact

  • Data Theft
  • File Encryption
  • Financial Loss
  • Security Bypass

Indicators of Compromise

MD5

  • b4a21f70b96a9ad103ba88891565d52b
  • 74f9814d4b11432a3e133742f2466b5d
  • f439ece4d70bd8bc6db13b78bfb32f16

SHA-256

  • 13fcf77f769deddae2821881f102b9d38095e3f1a3e24ef9b4f325c4d9403f4f
  • 14b981fd366958d50d0ea8bf8ed398354d3ed4ae7bc41ce2f2a6a943ecbf0c66
  • 1761e180a8ca1bba2ca0ba449faf376d1fcb377cb055fe04af9de6470e1ada9b

SHA-1

  • acf4c93a624faba5eb1fe9c7182c14c72c9078b5
  • c531e5b9f26c7ea162441df517c5b1f928b39402
  • 6eb6c32327adf9a28a6ee908a052f0c2ed0773d7

Remediation

  • Never open attachments or links received by unknown senders.
  • Emails from unknown senders should always be treated with caution.
  • Look for IOCs in your surroundings.
  • At your respective controls, disable all threat indicators.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.