February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Troldesh Ransomware – Active IOCs
September 13, 2021Rewterz Threat Alert – LockBit Ransomware Targeting Network – Active IOCs
September 13, 2021Rewterz Threat Alert – Troldesh Ransomware – Active IOCs
September 13, 2021Rewterz Threat Alert – LockBit Ransomware Targeting Network – Active IOCs
September 13, 2021
Severity
High
Analysis Summary
The Troldesh ransomware was detected back in August 2019. The criminals that were behind the attacks were using hacked or specially made sites in order to deliver the infection. When the victims click on them they will automatically launch the dropper script which in turn will lead to the ransomware infection. Troldesh Ransomware carries out a similar attack to most encryption threats. Troldesh is an extremely aggressive crypto-ransomware that originated from Russia and can open a communication channel with victims for payment instructions. Through the opened communication channel, the price that is asked to pay for a file decryption key may be negotiated in some aspects.
Impact
- Files encryption
- Information theft
Indicators of Compromise
MD5
- c04c25785b3ba27fa49b0df7fccb8c9e
SHA-256
- a1f8ed12ea8b480128dae07b18e08af722260cf879145d699ff691b444dbe21f
SHA1
- 318e61b9e9e3071fca88978fce67aabc1056e46f
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.
- Search for IOCs in your environment.