<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=179060&amp;fmt=gif">

Minerva Labs Blog

News & Reports

Minerva Vs  Sekhmet Ransomware

Not much is known about Sekhmet ransomware, but reports about this strain of ransomware started surfacing around May of this year. The ransomware follows the recent trend of exposing the stolen files if the ransom demand is not met.

As opposed to the information gathered online about the infection method of Sekhmet, we observed the threat actor use stolen domain admin credentials in order to log on to critical servers via Remote Desktop Protocol and execute the malware manually.

Minerva labs product prevented a live Sekhmet ransomware infection at our client’s server, using our Memory Injection Prevention, blocking the malwares in-memory code unpacking routine:

 

SekhmetUpdate December 2020:

Recent report by Minerva Labs research team has identified this sample as Egregor ransomware instead of his closely related cousin, Sekhmet.

 

IOCS :

Hash:

b9b71eb04d255b21e3272eef5f4c15d1c208183748dfad3569efd455d87879c6

Files:

%Programdata%\dtb.dat

RECOVER-FILES.txt

Interested in Minerva? Request a Demo Below

Stay Informed

Sign up for the Minerva newsletter and stay on top of the latest cybersecurity news.

Topics

see all