Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – FIN7 APT – Active IOCs
August 25, 2022Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
August 25, 2022
Severity
High
Analysis Summary
The Center Hospitalier Sud Francilien (CHSF), a hospital in France, was subject to a cyberattack on Sunday and was compelled to refer patients to other facilities.
Any interruption in CHSF’s activities might risk the health and the lives of persons who are in need of medical attention because the organization covers a region with 600,000 inhabitants.
Threat actors, according to local media, seek a $10 million ransom in exchange for the decryption key needed to recover encrypted data.
“This attack on the establishment’s computer network renders all of the hospital’s business software, storage systems (particularly medical imaging), and patient admissions information system inoperable for the time being.” explains the announcements
The management of the hospital has not given any more information on the matter, and the IT system outage that prompted limited operations is still plaguing the facility.
“An investigation for intrusion into a computer system and attempted extortion in an organized gang has been opened to the cybercrime section of the Paris prosecutor’s office,” the latter said, adding that the investigations had been entrusted to gendarmes from the Center fight against digital crime (C3N). According to Le Monde.
According to the French website LemagIT, a “source close to the investigation” confirmed that the attack was launched by an affiliate of LockBit 3.0 RaaS. LockBit gang has yet to clarify whether or not they consider this attack to be a violation of the rules applied to their affiliates.
A “source close to the inquiry,” confirmed” that a LockBit 3.0 RaaS affiliate was responsible for the attack. The LockBit Gang has not yet made it clear if they believe that this attack violated the standards that apply to its affiliates: according to the website LemagIT
If this ransomware group is responsible for the attack, it would be against the RaaS program’s regulations, which forbid affiliates from encrypting healthcare providers’ systems. Since the threat group’s involvement hasn’t been officially established, it is still only a hypothesis.
Impact
- Operation Disruption
- Cyber Extortion
Remediations
- Maintain cyber hygiene by updating your anti-virus software and implement patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.
- Block all threat indicators at your respective controls.
- Search for Indicator of compromise (IOCs) in your environment utilizing your respective security controls
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using a multi-layered protection is necessary to secure vulnerable assets