spot_imgspot_imgspot_imgspot_img
HomePress ReleaseEIN PresswireAEGIS Defender Now Blocking Snatch Ransomware IPs

AEGIS Defender Now Blocking Snatch Ransomware IPs


Cyber Protection Software program

The FBI and CISA issued warnings this week on the Snatch ransomware gang, which AEGIS has been blocking the IP addresses they use since 2020.

We’re proud to serve our purchasers by blocking the IPs utilized by SNATCH gangs, in addition to thousands and thousands of others. Aegis Defender Professional is the one resolution that blocks dangerous actors as an alternative of coping with them.”

— Charlie Trig

HUDSON, NH, USA, September 22, 2023 /EINPresswire.com/ — The FBI and Cybersecurity and Infrastructure Safety Company (CISA) issued warnings this week on the Snatch ransomware gang, which has lately attacked South Africa’s Protection Division and the town of Modesto California, USA. AEGIS has traced the IPs utilized by this felony group and has been blocking the IP addresses they use – since 2020.

Occasion logs from victims and CISA studies have proven site visitors from each Russian Command and Management (C2) servers (Russian hosting servers) and VPNs; all of which AEGIS has had within the Grasp Block Checklist (MBL) for over 2 years. As new assaults are reported further IPs are continually researched and added to our MBL , 24/7/365.

In accordance with the CISA, “Since mid-2021, Snatch risk actors have persistently developed their ways to make the most of present developments within the cybercriminal area and leveraged successes of different ransomware variants’ operations. Snatch risk actors have focused a variety of essential infrastructure sectors together with the Protection Industrial Base (DIB), Meals and Agriculture, and Info Know-how sectors.”

The hackers, previously often known as “Group Truniger,” are utilizing a Snatch variant used since 2019 that reboots computer systems in Secure Mode, disabling many AV software program and endpoint protections. One of many solely methods to defend in opposition to this risk is to dam the IPs used to provoke contact within the first place and AEGIS Defender Professional is the one cybersecurity product that blocks IP’s utilized by felony actors.

Here’s a checklist of IPs reported by numerous sources utilized by Snatch actors:

188.22.29 (:443) *

188.22.29 (:37462) *

188.22.26 *

188.22.25 *

211.209.151 (:3306) *

59.146.180 *

147.228.91 *

61.149.242 *

140.125.150 *

91.229.77.161 * – Ukraine DeltaHost server – preliminary contact from this IP

193.70.12.240 * – France primarily based OVH Sas

178.162.209.135 * – Germany primarily based LeaseWeb server

* AEGIS Defender Professional is actively blocking these CIDRs

mydatasuperhero.com

mydatassuperhero.com

snatch24uldhpwrm.onion

snatch6brk4nfczg.onion

instructions executed in the course of the assault:

vssadmin delete shadows /all /quiet

bcdedit.exe /set present safeboot minimal

shutdown.exe /r /f /t 00

internet cease SuperBackupMan

registry keys:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSuperBackupMan

Construct IDs:

Go Construct ID: `9sbGxHyc5vSAXzwvg6iZ/c_gG_xy9d6xmNt9nMlii/HdKHUjGFLxliYJycPc5E/yTT_FNpw78SfII62lGUn`

Go construct ID: `2KZVw_piBNB6c74hlRt4/ueMyrcUcK4ismcjykWop/ZQYGFEYcaBSofxZbcs4g/GK-7e3PY8vHyy_lSkbVi`

Go construct ID: `jPF3Jrx2uZ7VjN0GyDBL/x3B31XZylJgOhAVFZiym/o_aCHMB9kgaxIibXVOox/VQQhgCuLOuABGRrXzFdl`

Go construct ID: `ULgusZVAlPcWOJcj9LKW/fOp_xyXqQQO5nzk3CZIW/LV-l8Ye8SLuN39dCmiDH/_34hEcu3a_yVC0sdeBdP`

Go construct ID: `BIFnB6MdgF4djhq39TIM/0F-O_BMJNaIkMOFRC1kQ/j2Fm9d-Ilq-6KP4f1cuF/I07Xn6PJTdAcrP3IsVX4`

Go construct ID: `cN2S005MM6pjpFXzNYd7/Lu1OzfnOLXKCy8mQdge9/GnIsH3q8hyF-pEAWP4K0/ISXM5yfoGT6hDQpcP08E`

Go construct ID: `jPF3Jrx2uZ7VjN0GyDBL/x3B31XZylJgOhAVFZiym/o_aCHMB9kgaxIibXVOox/VQQhgCuLOuABGRrXzFdl`

Go construct ID: `D4uZyyRaOm8WP2m599HU/gZkWHWmCm-S2lk0u6tJQ/F9Wz3xBbUlF3TISfF8Gu/uPBkEF2KfTla4ver6O79`

Go construct ID: `nz4NhyAgWYITxG9Gw5rT/an0sbWQDT73tZEat72I5/KKmIcIIeFCNSYj4p5koW/BHky2GAanYgZQqXGSyei`

Ransom e-mails:

imBoristheBlade@protonmail.com

jimmtheworm@dicksinmyan.us

doctor666@mail.fr

doctor666@cock.li

newrecoveryrobot@pm.me

Ransom extensions:

.snatch

.jimm

.googl

.dglnl

.ohwqg

.wvtr0

.hceem

References

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a

Snatch Ransomware

https://information.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/

https://github.com/sophoslabs/IoCs/blob/grasp/Ransomware-Snatch

Charlie Trig
Aegis Cyber Protection Techniques
+1 6178195877
e-mail us right here

RELATED ARTICLES

Most Popular