TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - November 27th 2020 - Attacks continue

【ニュース】

◆The Week in Ransomware - November 27th 2020 - Attacks continue (BleepingComputer, 2020/11/27)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-27th-2020-attacks-continue/


【詳細情報】

■2020年11月18日

◆Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative (Sentinel Labs, 2020/11/18)
[Ranzy Ransomware|ThunderX 派生製品の新機能に暗号化機能の向上が含まれています。]

Ranzy ransomware emerged in September/October this year, and appears to be an evolution of ThunderX and, to a lesser extent, Ako ransomware. Ranzy shares many features and under-the-hood elements with its predecessors. However there have been a few key updates, including tweaks to encryption, methods of exfiltration, and the (now commonplace) use of a public “leak blog” to post victim data for those who do not comply with the ransom demand.
[Ranzyランサムウェアは今年の9月から10月にかけて出現し、ThunderXやAkoランサムウェアの進化形と思われます。Ranzyは、多くの機能やアンダーザフッドの要素を前任者と共有しています。しかし、暗号化の微調整、脱出方法、身代金要求に応じない者のために被害者データを公開する「リークブログ」の使用(今では当たり前になっている)など、いくつかの重要なアップデートが行われています。]

https://labs.sentinelone.com/ranzy-ransomware-better-encryption-among-new-features-of-thunderx-derivative/
https://malware-log.hatenablog.com/entry/2020/11/18/000000_2
Ransomware: Ranzy Locker

f:id:tanigawa:20201129081047j:plain



■2020年11月23日

◆Ransomware forces E-Land South Korean retail giant to close stores (BleepingComputer, 2020/11/23 13:37)
[ランサムウェアが韓国の小売大手イーランドに店舗閉鎖を迫る]
https://www.bleepingcomputer.com/news/security/ransomware-forces-e-land-south-korean-retail-giant-to-close-stores/
https://malware-log.hatenablog.com/entry/2020/11/23/000000

◆New STOP Ransomware variant (Twitter(New STOP Ransomware variant), 2020/11/23)
[新しいSTOPランサムウェアの亜種 ]
https://twitter.com/demonslay335/status/1330912943333117961

◆PYSA/Mespinoza Ransomware (The Dfir Report, 2020/11/23)

Ransomware: Mespinoza

https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/
https://malware-log.hatenablog.com/entry/2020/11/23/000000_1

◆New LolKek ransomware variant (Twitter(Emmanuel_ADC-Soft), 202011/23)
[ランサムウェアの新種LolKek ]

Ransomware: LolKek
拡張子: .xls

https://twitter.com/Emm_ADC_Soft/status/1330785306749054978


■2020年11月25日

◆Sopra Steria expects €50 million loss after Ryuk ransomware attack (BleepingComputer, 2020/11/25)
[ソプラステリアは、Ryukランサムウェア攻撃の後、5000万ユーロの損失を見込んでいる]

Ransomware: Ryuk

https://www.bleepingcomputer.com/news/security/sopra-steria-expects-50-million-loss-after-ryuk-ransomware-attack/
https://malware-log.hatenablog.com/entry/2020/11/25/000000_2

◆Danish news agency Ritzau refuses to pay after ransomware attack (BleepingComputer, 2020/11/25 14:11)
https://www.bleepingcomputer.com/news/security/danish-news-agency-ritzau-refuses-to-pay-after-ransomware-attack/
https://malware-log.hatenablog.com/entry/2020/11/25/000000_1

◆Baltimore County Public Schools hit by ransomware attack (BleepingComputer, 2020/11/25)
https://www.bleepingcomputer.com/news/security/baltimore-county-public-schools-hit-by-ransomware-attack/
https://malware-log.hatenablog.com/entry/2020/11/25/000000_3

◆Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone (Sentinel Labs, 2020/11/25)

Ransomware: Egregor

https://labs.sentinelone.com/egregor-raas-continues-the-chaos-with-cobalt-strike-and-rclone/
https://malware-log.hatenablog.com/entry/2020/11/25/000000_4

◆Belden networking giant's company data stolen in cyberattack (BleepingComputer, 2020/11/25 10:18)
https://www.bleepingcomputer.com/news/security/belden-networking-giants-company-data-stolen-in-cyberattack/
https://malware-log.hatenablog.com/entry/2020/11/25/000000_5

◆New Vash Sorena variant (Twitter(GrujaRS ), 2020/11/25)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-27th-2020-attacks-continue/

■2020年11月26日

◆Ransomware hits largest US fertility network, patient data stolen (BleepingComputer, 2020/11/26 11:26)
https://www.bleepingcomputer.com/news/security/ransomware-hits-largest-us-fertility-network-patient-data-stolen/
https://malware-log.hatenablog.com/entry/2020/11/26/000000_1

◆Truck routing provider Rand McNally hit by cyberattack (BleepingComputer, 2020/11/26 13:45)
https://www.bleepingcomputer.com/news/security/truck-routing-provider-rand-mcnally-hit-by-cyberattack/
https://malware-log.hatenablog.com/entry/2020/11/26/000000_2

◆Canon publicly confirms August ransomware attack, data theft (BleepingComputer, 2020/11/26)
https://www.bleepingcomputer.com/news/security/canon-publicly-confirms-august-ransomware-attack-data-theft/
https://malware-log.hatenablog.com/entry/2020/11/26/000000_3


■2020年11月27日

◆MasterChef, Big Brother producer hit by DoppelPaymer ransomware (BleepingComputer, 2020/11/27)

Ransomware: DoppelPaymer

https://www.bleepingcomputer.com/news/security/masterchef-big-brother-producer-hit-by-doppelpaymer-ransomware/
https://malware-log.hatenablog.com/entry/2020/11/27/000000_1


【関連まとめ記事】

全体まとめ
 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020