Ua loaʻa nā noiʻi palekana i nā polokalamu ʻino e wehe ana i nā awa pākaukau mamao ma ka pā ahi. Hoʻonohonoho ʻia nā awa RDP (Remote desktop), maʻalahi kēia i ka poʻe hoʻouka kaua e hōʻino i nā awa RDP ma hope aku.
Ua hoʻohana ʻia ka polokalamu ʻo Sarwent mai ka makahiki 2018. I ka hoʻomaka ʻana o 2020 Vitali Kwemez i hoʻouna i kahi tweet e pili ana i ka malware Sarwent akā ʻaʻole liʻiliʻi ka ʻike e pili ana i ka malware Sarwent ma ka pūnaewele.
ʻAʻole ʻike ʻia ke ala e hoʻolaha ʻia ai ka polokalamu ʻo Sarwent; Ua manaʻo ʻia ua hoʻolaha ʻia ʻo Sarwent ma o nā polokalamu ʻē aʻe, ma nā botnets paha.
ʻO ka mea i ʻike ʻia e pili ana iā Sarwent ʻo ia ma hope o ka maʻi i hana ʻia ka malware i kahi mea hou Windows moʻokāki mea hoʻohana ma ke kamepiula a wehe i ke awa RDP 3389 ma ke kamepiula a ma ka pā ahi. E wehe ʻia paha ʻo RDP i mea e komo ai i ka lolouila maʻi ma o ka hana ʻana Windows mooolelo hoohana.
ʻIke ʻia nā helu IP Sarwent, nā hashes MD5, a me nā kikowaena mai Sarwent, hāʻawi ʻia kēia mau kikoʻī i IOCs (Indicators of compromise) no nā hui e ʻike iā Sarwent.