TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - October 16th 2020 - The weekend is upon us

【概要】

マルウェア名 備考
Adhubllka
Badboymnb
CRPTD (Naampa)
Egregor
Loki Bot
MadDog (HiddenTear)
Matrix
Nephilim
PewPew
Philadelphia
RansomEXX
Ranzy Locker 以前の名称: ThunderX
Ryuk
Scarab
STOP
TrickBot ランサムウェアではありません


【ニュース】

◆The Week in Ransomware - October 16th 2020 - The weekend is upon us (BleepingComputer, 2020/10/16 19:13)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-16th-2020-the-weekend-is-upon-us/


【詳細】

■2020/10/10

◆Tyler Technologies paid ransomware gang for decryption key (BleepingComputer, 2020/10/10 10:05)
[Tyler Technologiesは、復号鍵のために身代金をランサムウェアのギャングに支払った]

Ransomware: RansomEXX

https://www.bleepingcomputer.com/news/security/tyler-technologies-paid-ransomware-gang-for-decryption-key/
https://malware-log.hatenablog.com/entry/2020/10/10/000000


■2020/10/12

◆TrickBot botnet targeted in takedown operations, little impact seen (BleepingComputer, 2020/10/12 07:00)
[TrickBotボットネットは、テイクダウン操作で標的にされ、影響はほとんど見られない]

Ransomware: TrickBot

https://www.bleepingcomputer.com/news/security/trickbot-botnet-targeted-in-takedown-operations-little-impact-seen/
https://malware-log.hatenablog.com/entry/2020/10/12/000000_2

◆BazarLoader used to deploy Ryuk ransomware on high-value targets (BleepingComputer, 2020/10/12 12:53)
[BazarLoaderは、高価値のターゲットにRyukランサムウェアを展開するために使用されています。]

Ransomware: Ryuk

https://www.bleepingcomputer.com/news/security/bazarloader-used-to-deploy-ryuk-ransomware-on-high-value-targets/
https://malware-log.hatenablog.com/entry/2020/10/12/000000

◆New Matrix Ransomware variant (Twitter(Michael Gillespie), 2020/10/12)
[マトリックスランサムウェアの新種]

Ransomware: Matrix

https://twitter.com/demonslay335/status/1315670196615622657?s=20

◆New STOP Ransomware variant (Twitter(Michael Gillespie), 2020/10/12)
[新しいSTOPランサムウェアの亜種]

Ransomware: STOP

https://twitter.com/demonslay335/status/1315670544356970497?s=20

◆City of Mt. Pleasant falls victim to remote ransomware attack (NBC25News, 2020/10/12)
[マウントプレザント市はリモートランサムウェア攻撃の犠牲になる]

The City of Mt. Pleasant has fallen victim to a ransomware attack, that is according to city officials.
[マウントプレザント市はランサムウェア攻撃の犠牲者になっています。]

https://nbc25news.com/news/local/city-of-mt-pleasant-falls-victim-to-remote-ransomware-attack

◆New Nephilim variant (Twitter(Siri), 2020/10/12)
[Nephilimの新バリエーション ]

Ransomware: Nephilim

https://twitter.com/siri_urz/status/1315633418017796097?s=20

f:id:tanigawa:20201017181454j:plain

◆New Loki Stealer encrypts your files (Twitter(Arkbird))
[新しいLoki Stealerはあなたのファイルを暗号化します。]

Ransomware: Loki Bot

https://twitter.com/Arkbird_SOLG/status/1315770660673777664?s=20


■2020/10/13

◆International law firm Seyfarth discloses ransomware attack (BleepingComputer, 2020/10/13 12:55)
[国際法律事務所シーファースがランサムウェア攻撃を公開]
https://www.bleepingcomputer.com/news/security/international-law-firm-seyfarth-discloses-ransomware-attack/
https://malware-log.hatenablog.com/entry/2020/10/13/000000_1

◆London Borough of Hackney suffers ‘serious’ cyberattack (BleepingComputer, 2020/10/13 09:47)
[ロンドンのハックニー区が「深刻な」サイバー攻撃を受ける]
https://www.bleepingcomputer.com/news/security/london-borough-of-hackney-suffers-serious-cyberattack/
https://malware-log.hatenablog.com/entry/2020/10/13/000000_2

◆New Badboymnb Ransomware (Twitter(xiaopao), 2020/10/13)
[新しい Badboymnb ランサムウェア]

Ransomware: Badboymnb
xiaopao found the Badboymnb Ransomware that appends the .Badboy extension and drops a ransom note named ReadME-BadboyEncryption.txt.

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-16th-2020-the-weekend-is-upon-us/


■2020/10/14

◆FIN11 hackers jump into the ransomware money-making scheme (BleepingComputer, 2020/10/14 11:57)
[FIN11のハッカーがランサムウェアの金儲けスキームに飛び込む]
https://www.bleepingcomputer.com/news/security/fin11-hackers-jump-into-the-ransomware-money-making-scheme/
https://malware-log.hatenablog.com/entry/2020/10/14/000000

◆Barnes & Noble hit by cyberattack that exposed customer data (BleepingComputer, 2020/10/14)
[バーンズ&ノーブル、顧客データを流出させたサイバー攻撃で被害に遭う]

​U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers' data.
[米書店大手のバーンズ&ノーブルは、顧客のデータが流出した可能性のあるサイバー攻撃の犠牲になったことを明らかにした。]

https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data/
https://malware-log.hatenablog.com/entry/2020/10/14/000000_1

◆Ransomware hits the Bureau of the Fire Department of Puerto Rico (Twitter(Robby Cortés), 2020/10/14)
https://twitter.com/RobbyCortes/status/1316503617558511619

◆New Philadelphia Ransomware variant (Twitter(xiaopao), 2020/10/14)

Ransomware: Philadelphia

https://twitter.com/Kangxiaopao/status/1316320242323255296

f:id:tanigawa:20201024112700j:plain

◆New Dharma Ransomware variant (Twitter(xiaopao), 2020/10/14)

Ransomware: Dharma
拡張子: .zxcv

https://twitter.com/Kangxiaopao/status/1316328495945936896?s=20

◆New PewPew ransomware variant (Twitter(Siri), 2020/10/14)

Ransomware: PewPew
拡張子: .artemis

https://twitter.com/siri_urz/status/1316288145202139137?s=20

◆New Scarab Ransomware variant (Twitter(Amigo-A), 2020/10/14)

Ransomware: Scarab
拡張子: .Bioawards, Ransom Note: Instruction.txt and DECRYPT FILES.TXT

https://twitter.com/Amigo_A_/status/1316455353547190278?s=20


■2020/10/15

◆Crytek hit by Egregor ransomware, Ubisoft data leaked (BleepingComputer, 2020/10/15 14:24)
https://www.bleepingcomputer.com/news/security/crytek-hit-by-egregor-ransomware-ubisoft-data-leaked/

◆New STOP Ransomware variant (Twitter(Michael Gillespie), 2020/10/15)

Ransomware: STOP
拡張子: .mmpa

https://twitter.com/demonslay335/status/1316759837368299521?s=20

◆New Adhubllka Ransomware (Twitter(xiaopao), 2020/10/15)

Ransamware: Adhubllka
拡張子: .see_read_me, Ransom Note: Read_Me.txt

https://twitter.com/Kangxiaopao/status/1316693281649029120?s=20

◆Unknown ransomware found (Twitter(Siri), 2020/10/15)

Ransomware: CRPTD (Naampa)
拡張子: .CRPTD

https://twitter.com/siri_urz/status/1316688822877388800


■2020/10/16

◆ThunderX Ransomware rebrands as Ranzy Locker, adds data leak site (BleepingComputer, 2020/10/16 16:07)
[ThunderXランサムウェアがRanzy Lockerに改名、データ漏洩サイトを追加]

Ransomware: Ranzy Locker
拡張子: .ranzy , Ransam Note: readme.txt
ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom.
[ThunderXはRanzy Lockerに改名し、身代金を払わない被害者を辱めるデータ流出サイトを立ち上げた。]

https://www.bleepingcomputer.com/news/security/thunderx-ransomware-rebrands-as-ranzy-locker-adds-data-leak-site/
https://malware-log.hatenablog.com/entry/2020/10/16/000000_3

◆FANDUEL, DRAFTKINGS DATA PROVIDER STATS PERFORM HIT BY RANSOMWARE ATTACK (Legal Sports Report, 2020/10/16)
[ランサムウェアの攻撃を受けたファンデル、ドラフトキン グスのデータ プロバイダの統計のパフォーマンス ]

Sports data provider Stats Perform has been down for almost a week thanks to a ransomware hack, Legal Sports Report understands.
[スポーツデータプロバイダーのStats Performは、ランサムウェアのハッキングのおかげで、ほぼ1週間ダウンしています、Legal Sports Reportは理解しています。]

https://www.legalsportsreport.com/44946/stats-perform-ransomware-attack/
https://malware-log.hatenablog.com/entry/2020/10/16/000000_5

◆MaMoCrypt Ransomware Decryption Tool (Bitdefender, 2020/10/16)
[MaMoCrypt ランサムウェア復号化ツール]

We’re happy to announce the availability of a new decryptor for MaMoCrypt, a strain of ransomware that appeared in December last year.
[昨年12月に登場したランサムウェアの系統であるMaMoCrypt用の新しい復号器が利用可能になったことを発表します。]

https://labs.bitdefender.com/2020/10/mamocrypt-ransomware-decryption-tool/
https://malware-log.hatenablog.com/entry/2020/10/16/000000_4

◆New MadDog Ransomware (Twitter(Michael Gillespie), 2020/10/16)
[新型MadDogランサムウェア]

Ransomware: MadDog (HiddenTear)
拡張子: .id-.[maddogteam@airmail.cc].MadDog
Michael Gillespie found a new HiddenTear ransomware named MadDog that appends the .id-.[maddogteam@airmail.cc].MadDog to encrypted files.
[Michael Gillespieは、暗号化されたファイルに.id-....[maddogteam@airmail.cc].MadDogを追加する新しいHiddenTearランサムウェア「MadDog」を発見しました。]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-16th-2020-the-weekend-is-upon-us/

f:id:tanigawa:20201018014609p:plain
f:id:tanigawa:20201018014639p:plain


【関連情報】

◇前週

◆The Week in Ransomware - October 9th 2020 - Giant ransoms (BleepingComputer, 2020/10/09 18:22)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-9th-2020-giant-ransoms/
https://malware-log.hatenablog.com/entry/2020/10/09/000000

◇次週

◆The Week in Ransomware - October 23rd 2020 - From Russia with Love (BleepingComputer, 2020/10/23 17:38)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-23rd-2020-from-russia-with-love/
https://malware-log.hatenablog.com/entry/2020/10/23/000000


【関連まとめ記事】

全体まとめ
 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020