March 20, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2019-10971 – ICS: Omron Network Configurator for DeviceNet (Update A) Untrusted Search Path Vulnerability
November 6, 2019Rewterz Threat Alert – Nemty Ransomware Delivered via Trik Botnet Using SMB Protocol
November 6, 2019Rewterz Threat Advisory – CVE-2019-10971 – ICS: Omron Network Configurator for DeviceNet (Update A) Untrusted Search Path Vulnerability
November 6, 2019Rewterz Threat Alert – Nemty Ransomware Delivered via Trik Botnet Using SMB Protocol
November 6, 2019
Severity
Medium
Analysis Summary
A ransomware campaign that is affecting several organizations in Spain. First reported on November 4, 2019, an unattributed threat actor conducted a ransomware attack on at least two confirmed Spanish networks, Everis, an IT consulting firm, and SER, Spain’s largest radio network. Open source reporting indicated that the attacker demanded approximately $835,000 USD in ransom for the decryptor. Preliminary, early reporting suggests that the ransomware in question may be Ryuk, BitPaymer or the BitPaymer variant Dopplepaymer, which is delivered via email to the victim and exploits an RDP-based vulnerability.
Impact
File encryption
Indicators of Compromise
SH256
bd327754f879ff15b48fc86c741c4f546b9bbae5c1a5ac4c095df05df696ec4f
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.