Resources Security Bulletin Sedara Security Bulletin: NYSIC CAU Ransomware Variant

Sedara Security Bulletin: NYSIC CAU Ransomware Variant

Security Bulletin

Summary (provided by NYSIC):

The New York State Intelligence Center (NYSIC) Cyber Analysis Unit (CAU) received updated current IOCs by a trusted 3rd party regarding a  ransomware incident that is currently impacting networks belonging to a public entity in New York State. At this time, the ransomware variant remains unidentified. The incident started as a spear phishing campaign containing a malicious link and was activated before the environment’s network defense could neutralize it.

Mitigation Steps recommended by Sedara:

    • Ensure endpoint security definitions and software are running and up-to-date.
    • Consider limiting the use of PowerShell with Windows Group Policy or security products
    • Deny-list the security indicators shown below in security products.

    Note: Remove defang brackets from indicators when entering these into security products.

    Indicators with hash

What is Sedara doing to respond to this threat?

  • Heightened attention to email and phishing alarms
  • Blocking IOCs within EDR and antivirus services (if those services are provided by Sedara)
  • Providing 24/7 coverage for assistance with security incidents


Want Help With a Security Incident?

Sedara can help your organization assess and address vulnerabilities and provide insight that prevents future incidents.

Get Future Compromise Alerts – Join Sedara Declassified

Subscribe to Sedara Declassified to get timely updates on new and evolving threats – and what to do about them – just like our clients do. And of course, if we can help you with anything directly, feel free to reach out.


Accomplish your security & compliance goals.

Get a Demo