• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2019-1769 – Cisco NX-OS Software Line Card Command Injection Vulnerability
May 29, 2019
Rewterz Threat Alert – Indicators of Compromise – GetCrypt Ransomware
May 29, 2019

Rewterz Threat Alert – CrySIS (aka Dharma) Ransomware Active Again

May 29, 2019

Severity

Medium

Analysis Summary

CrySIS, aka Dharma, is a family of ransomware that has been evolving since 2006 and actively targeting different businesses via email attachment or installable files masquerading as a legitimate application. It is most commonly delivered through RDP. The attackers obtain the RDP credentials through leaks or brute forcing weak credentials. Once installed the malware achieves persistence through registry entries and may, on certain versions of Windows, attempt to run with administrator privileges. This would allow for a greater number of files which it can encrypt. Once the encryption routines have been completed and certain details have been sent to a C&C server, a ransom note is put on the infected system’s desktop. Malwarebytes notes that typically the ransom amount is 1 Bitcoin but this can vary and may be adjusted depending on the revenue of the target company. 

crysis ransom note

Impact

  • File encryption
  • Loss of sensitive information

Indicators of Compromise

Filename

  • README.txt
  • HOW TO DECRYPT YOUR DATA.txt
  • Readme to restore your files.txt
  • Decryption instructions.txt
  • FILES ENCRYPTED.txt
  • Files encrypted!!.txt
  • Info.hta

Malware Hash (MD5/SHA1/SH256)

  • 0aaad9fd6d9de6a189e89709e052f06b 
  • bd3e58a09341d6f40bf9178940ef6603 
  • 38dd369ddf045d1b9e1bfbb15a463d4c 

Remediation

  • Block all threat indicators at your respective controls
  • Always be suspicious about emails sent by unknown senders
  • Never click on link/attachments sent by unknown senders 

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.