Rewterz

Rewterz Threat Alert – Troldesh Ransomware – Active IOCs

September 13, 2021
Rewterz

Rewterz Threat Alert – LockBit Ransomware Targeting Network – Active IOCs

September 13, 2021

Rewterz Threat Alert – Sodinokibi Ransomware – Active IOCs

Severity

High

Analysis Summary

The Troldesh ransomware was detected back in August 2019. The criminals that were behind the attacks were using hacked or specially made sites in order to deliver the infection. When the victims click on them they will automatically launch the dropper script which in turn will lead to the ransomware infection. Troldesh Ransomware carries out a similar attack to most encryption threats. Troldesh is an extremely aggressive crypto-ransomware that originated from Russia and can open a communication channel with victims for payment instructions. Through the opened communication channel, the price that is asked to pay for a file decryption key may be negotiated in some aspects.

Impact

  • Files encryption
  • Information theft

Indicators of Compromise

MD5

  • c04c25785b3ba27fa49b0df7fccb8c9e

SHA-256

  • a1f8ed12ea8b480128dae07b18e08af722260cf879145d699ff691b444dbe21f

SHA1

  • 318e61b9e9e3071fca88978fce67aabc1056e46f

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files attached in untrusted emails.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.