February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Maze Ransomware – Active IOCs
September 13, 2021Rewterz Threat Alert – Sodinokibi Ransomware – Active IOCs
September 13, 2021Rewterz Threat Alert – Maze Ransomware – Active IOCs
September 13, 2021Rewterz Threat Alert – Sodinokibi Ransomware – Active IOCs
September 13, 2021
Severity
High
Analysis Summary
The Troldesh ransomware was detected back in August 2019. The criminals that were behind the attacks were using hacked or specially made sites in order to deliver the infection. When the victims click on them they will automatically launch the dropper script which in turn will lead to the ransomware infection. Troldesh Ransomware carries out a similar attack to most encryption threats. Troldesh is an extremely aggressive crypto-ransomware that originated from Russia and can open a communication channel with victims for payment instructions. Through the opened communication channel, the price that is asked to pay for a file decryption key may be negotiated in some aspects.
Impact
- Files Encryption
Indicators of Compromise
MD5
- 248053de4daa6124db405db8cc8da20c
SHA-256
- f03f892b1615d0151f7b2784ad3f0f6c77eea3bceb7cd1117b2ac5f011f343cf
SHA1
- 043c4d68a0eb38ded98c3733bf56939a5e8bf6e9
Remediation
- Block all threat indicators at your respective controls
- Always be suspicious about emails sent by unknown senders
- Never click on the links/attachments sent by unknown senders