April 25, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Emotet Targets Victims With New Email Templates
January 1, 2020Rewterz Threat Alert – Ouija Malware – IoCs
January 1, 2020Rewterz Threat Alert – Emotet Targets Victims With New Email Templates
January 1, 2020Rewterz Threat Alert – Ouija Malware – IoCs
January 1, 2020
Severity
High
Analysis Summary
IOCs associated with LockerGaga.exe and Kraken.exe have been retrieved. Lockergoga is a ransomware that can spread laterally through network connections and network shares, resulting in widespread file encryption. Security researchers informed that the ransomware spawned a new process for each file it encrypted, making the encryption process to be very slow. Once it has encrypted files, it appends the extension .locked to encrypted files and leaves a ransom note on the desktop like this. The Kraken ransomware encrypts data on the disk very quickly and uses external tools. Kraken encrypts user files with a random name and drops the ransom note demanding the victim to pay to recover them.
Impact
Files Encryption
Indicators of Compromise
MD5
- 3e074f0758b02720e38058f0d5383fa0
- e11502659f6b5c5bd9f78f534bc38fea
- bcd2a924ee16f3a2ed4b77d0c09fc3a0
- 6ac062d21f08f139d9f3d1e335e72e22
SHA-256
- 995ba2f6445871692ff6abeaf5ff3e987b5d7270053506912a9ae7f33448e049
- c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15
- b639e26a0f0354515870ee167ae46fdd9698c2f0d405ad8838e2e024eb282e39
- 564154a2e3647318ca40a5ffa68d06b1bd40b606cae1d15985e3d15097b512cd
Source IP
- 88.99.66.31
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in emails from untrusted sources or random sources from the internet.