Minerva Vs Sekhmet Ransomware

Minerva Labs | 05.10.20 | 0 Minutes Read

Not much is known about Sekhmet ransomware, but reports about this strain of ransomware started surfacing around May of this year. The ransomware follows the recent trend of exposing the stolen files if the ransom demand is not met.

As opposed to the information gathered online about the infection method of Sekhmet, we observed the threat actor use stolen domain admin credentials in order to log on to critical servers via Remote Desktop Protocol and execute the malware manually.

Minerva labs product prevented a live Sekhmet ransomware infection at our client’s server, using our Memory Injection Prevention, blocking the malwares in-memory code unpacking routine:

Update December 2020:

Recent report by Minerva Labs research team has identified this sample as Egregor ransomware instead of his closely related cousin, Sekhmet.

IOCS :

Hash:

b9b71eb04d255b21e3272eef5f4c15d1c208183748dfad3569efd455d87879c6

Files:

%Programdata%\dtb.dat

RECOVER-FILES.txt

Minerva Vs Sekhmet Ransomware

Subscribe to our newsletter

Latest Articles

Minerva Armor Customer Testimonial – Baron Capital

Recorded Webinar – Ransomware Simulation Demo

Minerva Armor Customer Testimonial – Motorola Mobility

What Makes Ransomware so Different from other Cyber Attacks?

Extending Security Services for MSP customers

See the Minerva Armor Platform in Action!

Minerva Vs Sekhmet Ransomware

Subscribe to our newsletter

Latest Articles

Minerva Armor Customer Testimonial – Baron Capital

Recorded Webinar – Ransomware Simulation Demo

Minerva Armor Customer Testimonial – Motorola Mobility

What Makes Ransomware so Different from other Cyber Attacks?

Extending Security Services for MSP customers

Related Articles

VIDEOS

Minerva Armor Customer Testimonial – Baron Capital

WEBINARS

Recorded Webinar – Ransomware Simulation Demo

VIDEOS

Minerva Armor Customer Testimonial – Motorola Mobility

See the Minerva Armor Platform in Action!