<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=179060&amp;fmt=gif">

Minerva Labs Blog

News & Reports

Minerva Vs  Sekhmet Ransomware

Not much is known about Sekhmet ransomware, but reports about this strain of ransomware started surfacing around May of this year. The ransomware follows the recent trend of exposing the stolen files if the ransom demand is not met.

As opposed to the information gathered online about the infection method of Sekhmet, we observed the threat actor use stolen domain admin credentials in order to log on to critical servers via Remote Desktop Protocol and execute the malware manually.

Minerva labs product prevented a live Sekhmet ransomware infection at our client’s server, using our Memory Injection Prevention, blocking the malwares in-memory code unpacking routine:

 

 

 

IOCS :

Hash:

b9b71eb04d255b21e3272eef5f4c15d1c208183748dfad3569efd455d87879c6

Files:

%Programdata%\dtb.dat

RECOVER-FILES.txt

Subscribe to Our Blog

Topics

see all