【ニュース】
◆The Week in Ransomware - November 27th 2020 - Attacks continue (BleepingComputer, 2020/11/27)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-27th-2020-attacks-continue/
【詳細情報】
■2020年11月18日
◆Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative (Sentinel Labs, 2020/11/18)
[Ranzy Ransomware|ThunderX 派生製品の新機能に暗号化機能の向上が含まれています。]Ranzy ransomware emerged in September/October this year, and appears to be an evolution of ThunderX and, to a lesser extent, Ako ransomware. Ranzy shares many features and under-the-hood elements with its predecessors. However there have been a few key updates, including tweaks to encryption, methods of exfiltration, and the (now commonplace) use of a public “leak blog” to post victim data for those who do not comply with the ransom demand.
[Ranzyランサムウェアは今年の9月から10月にかけて出現し、ThunderXやAkoランサムウェアの進化形と思われます。Ranzyは、多くの機能やアンダーザフッドの要素を前任者と共有しています。しかし、暗号化の微調整、脱出方法、身代金要求に応じない者のために被害者データを公開する「リークブログ」の使用(今では当たり前になっている)など、いくつかの重要なアップデートが行われています。]https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/
⇒ https://malware-log.hatenablog.com/entry/2020/11/18/000000_2
Ransomware: Ranzy Locker
■2020年11月23日
◆Ransomware forces E-Land South Korean retail giant to close stores (BleepingComputer, 2020/11/23 13:37)
[ランサムウェアが韓国の小売大手イーランドに店舗閉鎖を迫る]
https://www.bleepingcomputer.com/news/security/ransomware-forces-e-land-south-korean-retail-giant-to-close-stores/
⇒ https://malware-log.hatenablog.com/entry/2020/11/23/000000
◆New STOP Ransomware variant (Twitter(New STOP Ransomware variant), 2020/11/23)
[新しいSTOPランサムウェアの亜種 ]
https://twitter.com/demonslay335/status/1330912943333117961
◆PYSA/Mespinoza Ransomware (The Dfir Report, 2020/11/23)
Ransomware: Mespinoza
https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/
⇒ https://malware-log.hatenablog.com/entry/2020/11/23/000000_1
◆New LolKek ransomware variant (Twitter(Emmanuel_ADC-Soft), 202011/23)
[ランサムウェアの新種LolKek ]Ransomware: LolKek
拡張子: .xls
■2020年11月25日
◆Sopra Steria expects €50 million loss after Ryuk ransomware attack (BleepingComputer, 2020/11/25)
[ソプラステリアは、Ryukランサムウェア攻撃の後、5000万ユーロの損失を見込んでいる]Ransomware: Ryuk
https://www.bleepingcomputer.com/news/security/sopra-steria-expects-50-million-loss-after-ryuk-ransomware-attack/
⇒ https://malware-log.hatenablog.com/entry/2020/11/25/000000_2
◆Danish news agency Ritzau refuses to pay after ransomware attack (BleepingComputer, 2020/11/25 14:11)
https://www.bleepingcomputer.com/news/security/danish-news-agency-ritzau-refuses-to-pay-after-ransomware-attack/
⇒ https://malware-log.hatenablog.com/entry/2020/11/25/000000_1
◆Baltimore County Public Schools hit by ransomware attack (BleepingComputer, 2020/11/25)
https://www.bleepingcomputer.com/news/security/baltimore-county-public-schools-hit-by-ransomware-attack/
⇒ https://malware-log.hatenablog.com/entry/2020/11/25/000000_3
◆Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone (Sentinel Labs, 2020/11/25)
Ransomware: Egregor
https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/
⇒ https://malware-log.hatenablog.com/entry/2020/11/25/000000_4
◆Belden networking giant's company data stolen in cyberattack (BleepingComputer, 2020/11/25 10:18)
https://www.bleepingcomputer.com/news/security/belden-networking-giants-company-data-stolen-in-cyberattack/
⇒ https://malware-log.hatenablog.com/entry/2020/11/25/000000_5
◆New Vash Sorena variant (Twitter(GrujaRS ), 2020/11/25)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-27th-2020-attacks-continue/
■2020年11月26日
◆Ransomware hits largest US fertility network, patient data stolen (BleepingComputer, 2020/11/26 11:26)
https://www.bleepingcomputer.com/news/security/ransomware-hits-largest-us-fertility-network-patient-data-stolen/
⇒ https://malware-log.hatenablog.com/entry/2020/11/26/000000_1
◆Truck routing provider Rand McNally hit by cyberattack (BleepingComputer, 2020/11/26 13:45)
https://www.bleepingcomputer.com/news/security/truck-routing-provider-rand-mcnally-hit-by-cyberattack/
⇒ https://malware-log.hatenablog.com/entry/2020/11/26/000000_2
◆Canon publicly confirms August ransomware attack, data theft (BleepingComputer, 2020/11/26)
https://www.bleepingcomputer.com/news/security/canon-publicly-confirms-august-ransomware-attack-data-theft/
⇒ https://malware-log.hatenablog.com/entry/2020/11/26/000000_3
■2020年11月27日
◆MasterChef, Big Brother producer hit by DoppelPaymer ransomware (BleepingComputer, 2020/11/27)
Ransomware: DoppelPaymer
https://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/
⇒ https://malware-log.hatenablog.com/entry/2020/11/27/000000_1
【関連まとめ記事】
◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware
