Rewterz

Rewterz Threat Alert – ISO Files in Email Attachments Delivering Malware

December 26, 2019
Rewterz

Rewterz Threat Alert – FIN7 BOOSTWRITE’s Lost Twin exposes sensitive information

December 27, 2019

Rewterz Threat Alert – Non Encryption of Linux Folders in Ryuk Ransomware

Severity

High

Analysis Summary

A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems. Ryuk Ransomware using an executable named v2.exe, would no longer encrypt folders that are associated with *NIX operating systems.  

A Linux/Unix variant of Ryuk does not exist, but Windows 10 does contain a feature called the Windows Subsystem for Linux (WSL) that allows you to install various Linux distributions directly in Windows. These installations utilize folders with the same blacklisted names as listed below:

  • bin
  • boot
  • Boot
  • dev
  • etc
  • lib
  • initrd
  • sbin
  • sys
  • vmlinuz
  • run
  • var
skipping-unix-folders.jpg

Impact

Blacklist NIX folders

Remediation

  • Always be suspicious about email sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.