TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - December 18th 2020 - Targeting Israel

【ニュース】

◆The Week in Ransomware - December 18th 2020 - Targeting Israel (BleepingComputer, 2020/12/18 17:59)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-18th-2020-targeting-israel/


【詳細】

■2020/12/13

◆Intel's Habana Labs hacked by Pay2Key ransomware, data stolen (BleepngComputer, 2020/12/13 13:19)

Ransomware: Pay2Key

https://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/
https://malware-log.hatenablog.com/entry/2020/12/13/000000_1

◆New Conti variant (Twitter(S!ri), 2020/12/13)

Ransomware: Conti
拡張子: .KCWTT

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-18th-2020-targeting-israel/


■2020/12/14

◆New Ouroboros ransomware variant (Twitter(S!Ri), 2020/12/14)

Ransomware: Ouroboros
拡張子: .Sophos

https://twitter.com/siri_urz/status/1338466580204761097?s=20

f:id:tanigawa:20201219215340j:plain

◆New Zeoticus variant (Twitter(MalwareHunterTeam), 2020/12/14)

Ransomware: Zeoticus
拡張子: .2020END

https://twitter.com/demonslay335/status/1338526613399613441?s=20

◆New STOP Ransomware variant (Twitter(Michael Gillespie), 2020/12/14)

Ransomware: STOP
拡張子: .booa

https://twitter.com/demonslay335/status/1338527407247142913?s=20

◆Clop sample used on Symrise (Twitter(Minhee Lee), 2020/12/14)

Ransomware: Clop

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-18th-2020-targeting-israel/


■2020/12/15

◆Ransomware attack causing billing delays for Missouri city (BleepingComputer, 2020/12/15 11:09)
[ランサムウェア攻撃により、ミズーリ州の市に請求遅延が発生]
https://www.bleepingcomputer.com/news/security/ransomware-attack-causing-billing-delays-for-missouri-city/

◆New Dharma ransomware variants (Twitter(Jakub Kroustek), 2020/12/15)
[新しいダルマのランサムウェアの亜種]

Ransomware: Dharma
拡張子: .msf or .lock

https://twitter.com/JakubKroustek/status/1338994027853701122

◆New Phobos Ransomware variant (Twitter(Michael Gillespie), 2020/12/15)

Ransomware: Phobos
拡張子: .id[].[ICQ_Sophos].Antivirus

https://twitter.com/demonslay335/status/1338927295407468545?s=20


■2020/12/16

◆Ransomware gangs automate payload delivery with SystemBC malware (BleepingComputer, 2020/12/16 09:00)
[ランサムウェアのギャングがSystemBCマルウェアでペイロードの配信を自動化]
https://www.bleepingcomputer.com/news/security/ransomware-gangs-automate-payload-delivery-with-systembc-malware/
https://malware-log.hatenablog.com/entry/2020/12/16/000000_4

◆Beazley Breach Insights - Q3 2020 (Beazley, 2020/12/16)
[Beazley Breach Insights - 2020年第3四半期]

Increasing severity in ransomware calls for layered cyber defenses
[ランサムウェアの深刻さが増しているため、サイバー防御の層別化が求められている]

https://www.beazley.com/news/2020/beazley_breach_insights_q3.html
https://malware-log.hatenablog.com/entry/2020/12/16/000000_5

◆New Hades Ransomware (Twitter(Michael Gillespie), 2020/12/16)

Ransomware: Hades
ランサムノート: HOW-TO-DECRYPT-xxxxx.txt

https://twitter.com/demonslay335/status/1339324224029274118?s=20

f:id:tanigawa:20201219225659j:plain

◆New HiddenTear variant (Twitter(MalwareHunterTeam), 2020/12/16)

Ransomware: HiddenTear
拡張子: .fmfgmfgm

https://twitter.com/malwrhunterteam/status/1339199174676520960

◆The COVID-20 Ransomware (Twitter(MalwareHunterTeam), 2020/12/16)

Ransomware: COVID-20

https://twitter.com/malwrhunterteam/status/1339285704325672960


■2020/12/17

◆Iranian nation-state hackers linked to Pay2Key ransomware (BleepingComputer, 2020/12/17)
[イランの国家ハッカーは、Pay2Keyランサムウェアにリンクされています]

Ransomware: Pay2Key
Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil.
[イランの支援を受けたハッキンググループ「Fox Kitten」は、最近イスラエルやブラジルの組織を標的にし始めた「Pay2Key」のランサムウェア作戦とリンクしています]

https://www.bleepingcomputer.com/news/security/iranian-nation-state-hackers-linked-to-pay2key-ransomware/
https://malware-log.hatenablog.com/entry/2020/12/17/000000_1

◆Ransomware masquerades as mobile version of Cyberpunk 2077 (BleepingComputer, 2020/12/17 14:01)
[サイバーパンク2077のモバイル版を装ったランサムウェア]

A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare.
[脅威のアクターが、CoderWareを名乗るランサムウェアをインストールする「Cyberpunk 2077」ゲーム用の偽のWindowsやAndroid用インストーラーを配布しています]

https://www.bleepingcomputer.com/news/security/ransomware-masquerades-as-mobile-version-of-cyberpunk-2077/
https://malware-log.hatenablog.com/entry/2020/12/17/000000_2


■2020/12/18

◆New STOP Ransomware variant (Twitter(Michael Gillespie), 2020/12/18)

Ransomware: STOP
拡張子: .omfl

https://twitter.com/demonslay335/status/1340043430412607488?s=20

◆New Hakbit variant (Twitter(xiaopao), 2020/12/18)

Ransomware: Hakbit
拡張子: .rastar

https://twitter.com/Kangxiaopao/status/1339853002023313408

◆New Inferno RaaS (Twitter(RAKESH KRISHNAN), 2020/12/18)
https://twitter.com/RakeshKrish12/status/1339838527891107840

f:id:tanigawa:20201219222655j:plain


【関連まとめ記事】

全体まとめ
 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020