Sophos announced that analysts uncovered a new ransomware – called Epsilon Red – that developed in Go programming language. The code is placed in PowerShell script.
This malicious file is written in Go programming language and a 64-bit executable file. It is said that spreading in systems by exploiting security vulnerabilities in Microsoft Exchange servers. It is using vulnerabilities like CVE-2020-1472, CVE-2021-26855 and CVE-2021-27065 that recently discovered Microsoft Exchange servers vulnerabilities. Epsilon Red ransomware scans files and encrypts for ransom when it reach to the target systems. It seems like still there are more than three thousand exchange servers that including these vulnerabilities and this shows us Epsilon Red attacks would be more painful.
According to Sophos, Epsilon Red has been seen in hospitality industry in USA mostly, and it seems like one of their victims paid 4.29 BTC after being affected.
For not being affected, organizations should keep the applications up to date and detect these IoCs below to prevent this attack. Also you can read our short post about prevention agains ransomwares.
Domain:
epsilons.red
Hash:
57ee78299598170c766ff73cefca9e78b9b81ac6999e8adb61903bc89be313ba
ce5ba1e5d70d95d52b89a1b8278ff8dd4d1e25c38c90ca202b43bdc014795d78
699ffb898864bf804cf726f39b5e8168d55e44fc1584b71ba25e31b43ae543e8
35ffc1263005fd0a954deed20a7fb0cd53dbab6bb17ff8bd34559a5a124686c7
7259975d7e3b3d9d059a38f4393ab920764b46ca243e192e08f7699999382e07
172bbf46e5f46dd7a9ea0c22054b644f60efc3a9ad26a6f0e95ca57e38af60a7
9845619cb9c3612055a934c4270568391832eab40a66dbb22b1b37fa05559c92
5120998fa1482d4d0d0099d91aab2af647c0272819d7dcf792eec01c77ab9391
4d6272aeadf7fc131ac126dc07d7bfd2e878d359e5e7bb5376a67295ce05fc15
0794c8630f40f04c0e7cea40f11dc3f1a829a3be69852fe9e184aa8b7ed20797
7a8128f8788524e54a69619b69870dfd4c50db46e3eb786899f7275dab73d2d9
4eaf5e93953756bc2196bfcfb030b6eaad687fa1e8db9f47b09819f3b4315230
a9a6d35469e471666758ed5d1174edc5b650c0acb2c351213eadfb408f74bdcb
039da6b099303fdfd087bb7df94012780dfe375c67234ce495c78cf2dcf7fd9d
ee10f3a798aaa03f4ced2ddb28d2b36fe415ea2cbbd9c3b97b2a230a72d77f5c
5aa7de7eab570522c93d337d395396057033ad6596db4a0bda15d77a6d4c6c3a
84755b2177b72364918f18c62a23854e7a8a66c4f5005cc040357850adf9d811
c1f963aba616680e611601e446955e9552c69db23dabab8444718d82ad830029
8c294f1ef05df823460bd11ce34ea7860178de6bc3d9b0127a3b9c08cf62437f