• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Sodinokibi Ransomware aka REvil Encrypting Files
January 7, 2020
Rewterz Threat Alert – APT Group SideWinder
January 8, 2020

Rewterz Threat Alert – 3rd Party Tools and Windows 10 Apps Killed by Clop Ransomware

January 8, 2020

Severity

High

Analysis Summary

A new version of the Clop ransomware has resulted in a few changes, the most notable being a new list of processes to kill. Prior to this version, evolutions to the ransomware included the addition of terminating processes related to enterprise software (Microsoft Exchange, SQL Server, etc) and disabling Windows Defender. Along with the aforementioned enterprise software, the most recent update to Clop ransomware includes an extensive process termination list that includes Windows 10 apps, popular text editors, debuggers, programming languages, terminal programs, and programming IDE software. The researchers note that the reasoning behind cancelling some of these services is not fully understood since they wouldn’t have associated user-created files to encrypt, but it is possible that the attackers want to ensure configuration files for these applications are encrypted. Related to the process termination, another change is that this functionality is now included in the main executable whereas before it was performed by a separate batch script. The last change is the use of a new extension appended to encrypted files, “.Cl0p,” replacing the previously used extensions “.CIop” (capital “I”) and “.Clop” (lower case “L”).

Impact

File encryption

Indicators of Compromise

MD5

ae5cb860f043caa84bf4e11cec758616

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links.attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.