(CISA) Advisory on New Ransomware Variant UN2447
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent successful cyberattack against an organization using a new ransomware variant, which CISA refers to as FiveHands. Threat actors used publicly available penetration testing and exploitation tools, FiveHands ransomware, and SombRAT remote access trojan (RAT), to steal information, obfuscate files, and demand a ransom from the victim organization. Additionally, the threat actors used publicly available tools for network discovery and credential access.
This report provides the tactics, techniques, and procedures the threat actors used in this attack as well as indicators of compromise (IOCs). It also includes CISA’s recommended mitigations to protect networks from ransomware attacks and to detect—and respond to—these attacks.
Refer to Malware Analysis Report AR21-126B for full technical details and associated IOCs.
See below for a PDF copy of this report:
AR21-126A_FiveHands_Ransomware