Cyber Protection Software program
The FBI and CISA issued warnings this week on the Snatch ransomware gang, which AEGIS has been blocking the IP addresses they use since 2020.
— Charlie Trig
HUDSON, NH, USA, September 22, 2023 /EINPresswire.com/ — The FBI and Cybersecurity and Infrastructure Safety Company (CISA) issued warnings this week on the Snatch ransomware gang, which has lately attacked South Africa’s Protection Division and the town of Modesto California, USA. AEGIS has traced the IPs utilized by this felony group and has been blocking the IP addresses they use – since 2020.
Occasion logs from victims and CISA studies have proven site visitors from each Russian Command and Management (C2) servers (Russian hosting servers) and VPNs; all of which AEGIS has had within the Grasp Block Checklist (MBL) for over 2 years. As new assaults are reported further IPs are continually researched and added to our MBL , 24/7/365.
In accordance with the CISA, “Since mid-2021, Snatch risk actors have persistently developed their ways to make the most of present developments within the cybercriminal area and leveraged successes of different ransomware variants’ operations. Snatch risk actors have focused a variety of essential infrastructure sectors together with the Protection Industrial Base (DIB), Meals and Agriculture, and Info Know-how sectors.”
The hackers, previously often known as “Group Truniger,” are utilizing a Snatch variant used since 2019 that reboots computer systems in Secure Mode, disabling many AV software program and endpoint protections. One of many solely methods to defend in opposition to this risk is to dam the IPs used to provoke contact within the first place and AEGIS Defender Professional is the one cybersecurity product that blocks IP’s utilized by felony actors.
Here’s a checklist of IPs reported by numerous sources utilized by Snatch actors:
188.22.29 (:443) *
188.22.29 (:37462) *
188.22.26 *
188.22.25 *
211.209.151 (:3306) *
59.146.180 *
147.228.91 *
61.149.242 *
140.125.150 *
91.229.77.161 * – Ukraine DeltaHost server – preliminary contact from this IP
193.70.12.240 * – France primarily based OVH Sas
178.162.209.135 * – Germany primarily based LeaseWeb server
* AEGIS Defender Professional is actively blocking these CIDRs
mydatasuperhero.com
mydatassuperhero.com
snatch24uldhpwrm.onion
snatch6brk4nfczg.onion
instructions executed in the course of the assault:
vssadmin delete shadows /all /quiet
bcdedit.exe /set present safeboot minimal
shutdown.exe /r /f /t 00
internet cease SuperBackupMan
registry keys:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSuperBackupMan
Construct IDs:
Go Construct ID: `9sbGxHyc5vSAXzwvg6iZ/c_gG_xy9d6xmNt9nMlii/HdKHUjGFLxliYJycPc5E/yTT_FNpw78SfII62lGUn`
Go construct ID: `2KZVw_piBNB6c74hlRt4/ueMyrcUcK4ismcjykWop/ZQYGFEYcaBSofxZbcs4g/GK-7e3PY8vHyy_lSkbVi`
Go construct ID: `jPF3Jrx2uZ7VjN0GyDBL/x3B31XZylJgOhAVFZiym/o_aCHMB9kgaxIibXVOox/VQQhgCuLOuABGRrXzFdl`
Go construct ID: `ULgusZVAlPcWOJcj9LKW/fOp_xyXqQQO5nzk3CZIW/LV-l8Ye8SLuN39dCmiDH/_34hEcu3a_yVC0sdeBdP`
Go construct ID: `BIFnB6MdgF4djhq39TIM/0F-O_BMJNaIkMOFRC1kQ/j2Fm9d-Ilq-6KP4f1cuF/I07Xn6PJTdAcrP3IsVX4`
Go construct ID: `cN2S005MM6pjpFXzNYd7/Lu1OzfnOLXKCy8mQdge9/GnIsH3q8hyF-pEAWP4K0/ISXM5yfoGT6hDQpcP08E`
Go construct ID: `jPF3Jrx2uZ7VjN0GyDBL/x3B31XZylJgOhAVFZiym/o_aCHMB9kgaxIibXVOox/VQQhgCuLOuABGRrXzFdl`
Go construct ID: `D4uZyyRaOm8WP2m599HU/gZkWHWmCm-S2lk0u6tJQ/F9Wz3xBbUlF3TISfF8Gu/uPBkEF2KfTla4ver6O79`
Go construct ID: `nz4NhyAgWYITxG9Gw5rT/an0sbWQDT73tZEat72I5/KKmIcIIeFCNSYj4p5koW/BHky2GAanYgZQqXGSyei`
Ransom e-mails:
imBoristheBlade@protonmail.com
jimmtheworm@dicksinmyan.us
doctor666@mail.fr
doctor666@cock.li
newrecoveryrobot@pm.me
Ransom extensions:
.snatch
.jimm
.googl
.dglnl
.ohwqg
.wvtr0
.hceem
References
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
https://information.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
https://github.com/sophoslabs/IoCs/blob/grasp/Ransomware-Snatch
Charlie Trig
Aegis Cyber Protection Techniques
+1 6178195877
e-mail us right here