TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - May 8th 2020 - Attacks Continue

【概要】

■関連Ransomware

ランサムウェア名 備考
Dharma
LockBit
Maze
Nemty
Ryuk
Shade
Snake
Sodinokibi 別名: Sodin / REvil
SQPC
Troldesh
VCrypt


■2020/05/02

◆Sodinokibi, Ryuk ransomware drive up average ransom to $111,000 (Bleeping Computer)
[Sodinokibi、Ryukのランサムウェアが平均身代金を11万1000ドルに引き上げる]
https://www.bleepingcomputer.com/news/security/sodinokibi-ryuk-ransomware-drive-up-average-ransom-to-111-000/

◆Shade / Troldesh Ransomware decryption tool (Bitdefender /Labs, 2020/05/02)
[Shade / Troldesh Ransomware 復号化ツール]
https://labs.bitdefender.com/2020/05/shade-troldesh-ransomware-decryption-tool/


■2020/05/04

◆LockBit ransomware self-spreads to quickly encrypt 225 systems
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-self-spreads-to-quickly-encrypt-225-systems/
https://malware-log.hatenablog.com/entry/2020/05/04/000000_1

◆New VCrypt Ransomware locks files in password-protected 7ZIPs
https://www.bleepingcomputer.com/news/security/new-vcrypt-ransomware-locks-files-in-password-protected-7zips/
https://malware-log.hatenablog.com/entry/2020/05/04/000000_2

◆Changes in REvil ransomware version 2.2
https://blog.intel471.com/2020/05/04/changes-in-revil-ransomware-version-2-2/
https://malware-log.hatenablog.com/entry/2020/05/04/000000_3


■2020/05/05

◆Toll Group hit by ransomware a second time, deliveries affected
https://www.bleepingcomputer.com/news/security/toll-group-hit-by-ransomware-a-second-time-deliveries-affected/

◆New 0day0 Dharma variant
https://twitter.com/JakubKroustek/status/1257708145192951809

■2020/05/06

◆Large scale Snake Ransomware campaign targets healthcare, more
https://www.bleepingcomputer.com/news/security/large-scale-snake-ransomware-campaign-targets-healthcare-more/

◆Targeted Ransomware Attack Hits Taiwanese Organizations
https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

◆New Nemty spam campaign targeting South Korea
https://twitter.com/vigilantbeluga/status/1257891038582067200


■2020/05/07

◆Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html

◆New SQPC Stop Ransomware variant
https://twitter.com/demonslay335/status/1258449843913097218

◆New PHP Dharma variant
https://twitter.com/JakubKroustek/status/1258478686296309762

◆Sodinokibi / REvil ransomware TTPs
https://blog.redteam.pl/2020/05/sodinokibi-revil-ransomware.html?m=1


■2020/05/08

◆REvil ransomware threatens to leak A-list celebrities' legal docs
https://www.bleepingcomputer.com/news/security/revil-ransomware-threatens-to-leak-a-list-celebrities-legal-docs/

◆New NET Dharma Ransomware variant
https://twitter.com/fbgwls245/status/1258740920494616576


【ニュース】

◆The Week in Ransomware - May 8th 2020 - Attacks Continue (BleepingComputer, 2020/05/08 18:43)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-8th-2020-attacks-continue/


【関連まとめ記事】

全体まとめ
 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware

 ◆マルウェア / Malware (まとめ)
  ◆ランサムウェア (まとめ)

◆Nemty (まとめ)
https://malware-log.hatenablog.com/entry/Nemty


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020