Rewterz Threat Alert – Pekraut-RAT
April 8, 2020Rewterz Threat Alert – Dark Nexus – Emerging IoT Botnet Malware Spotted in the Wild
April 9, 2020Rewterz Threat Alert – Pekraut-RAT
April 8, 2020Rewterz Threat Alert – Dark Nexus – Emerging IoT Botnet Malware Spotted in the Wild
April 9, 2020Severity
High
Analysis Summary
The ANSSI was recently informed of computer attacks. During these attacks, ransomware-type malware was used, rendering certain files unusable. The origin of these attacks is unknown to date, and analyses are currently underway. The compromise presented in this document has affected interconnected information systems, and appears to mainly use a variant of ransomware known as open source as Mespinoza.
The Mespinoza ransomware has been used since October 2018 at least. Early versions produced files
encrypted with the extension “.locked”, common to many ransomware. Since December 2019, a new version of Mespinoza is documented in open source, sometimes called Pysa because it produces files
encrypted with the extension “.pysa”.
Impact
File encryption
Indicators of Compromise
SHA-256
- 4770A0447EBC83A36E590DA8D01FF4A418D58221C1F44D21F433AAF18FAD5A99
- 6661B5D6C8692BD64D2922D7CE4641E5DE86D70F5D8D10AB82E831A5D7005ACB
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.