【ニュース】
◆The Week in Ransomware - December 18th 2020 - Targeting Israel (BleepingComputer, 2020/12/18 17:59)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-18th-2020-targeting-israel/
【詳細】
■2020/12/13
◆Intel's Habana Labs hacked by Pay2Key ransomware, data stolen (BleepngComputer, 2020/12/13 13:19)
Ransomware: Pay2Key
https://www.bleepingcomputer.com/news/security/intels-habana-labs-hacked-by-pay2key-ransomware-data-stolen/
⇒ https://malware-log.hatenablog.com/entry/2020/12/13/000000_1
◆New Conti variant (Twitter(S!ri), 2020/12/13)
Ransomware: Conti
拡張子: .KCWTT
■2020/12/14
◆New Ouroboros ransomware variant (Twitter(S!Ri), 2020/12/14)
Ransomware: Ouroboros
拡張子: .Sophoshttps://twitter.com/siri_urz/status/1338466580204761097?s=20
◆New Zeoticus variant (Twitter(MalwareHunterTeam), 2020/12/14)
Ransomware: Zeoticus
拡張子: .2020ENDhttps://twitter.com/demonslay335/status/1338526613399613441?s=20
◆New STOP Ransomware variant (Twitter(Michael Gillespie), 2020/12/14)
Ransomware: STOP
拡張子: .booahttps://twitter.com/demonslay335/status/1338527407247142913?s=20
◆Clop sample used on Symrise (Twitter(Minhee Lee), 2020/12/14)
Ransomware: Clop
■2020/12/15
◆Ransomware attack causing billing delays for Missouri city (BleepingComputer, 2020/12/15 11:09)
[ランサムウェア攻撃により、ミズーリ州の市に請求遅延が発生]
https://www.bleepingcomputer.com/news/security/ransomware-attack-causing-billing-delays-for-missouri-city/
◆New Dharma ransomware variants (Twitter(Jakub Kroustek), 2020/12/15)
[新しいダルマのランサムウェアの亜種]Ransomware: Dharma
拡張子: .msf or .lockhttps://twitter.com/JakubKroustek/status/1338994027853701122
◆New Phobos Ransomware variant (Twitter(Michael Gillespie), 2020/12/15)
Ransomware: Phobos
拡張子: .id[].[ICQ_Sophos].Antivirushttps://twitter.com/demonslay335/status/1338927295407468545?s=20
■2020/12/16
◆Ransomware gangs automate payload delivery with SystemBC malware (BleepingComputer, 2020/12/16 09:00)
[ランサムウェアのギャングがSystemBCマルウェアでペイロードの配信を自動化]
https://www.bleepingcomputer.com/news/security/ransomware-gangs-automate-payload-delivery-with-systembc-malware/
⇒ https://malware-log.hatenablog.com/entry/2020/12/16/000000_4
◆Beazley Breach Insights - Q3 2020 (Beazley, 2020/12/16)
[Beazley Breach Insights - 2020年第3四半期]Increasing severity in ransomware calls for layered cyber defenses
[ランサムウェアの深刻さが増しているため、サイバー防御の層別化が求められている]https://www.beazley.com/news/2020/beazley_breach_insights_q3.html
⇒ https://malware-log.hatenablog.com/entry/2020/12/16/000000_5
◆New Hades Ransomware (Twitter(Michael Gillespie), 2020/12/16)
Ransomware: Hades
ランサムノート: HOW-TO-DECRYPT-xxxxx.txthttps://twitter.com/demonslay335/status/1339324224029274118?s=20
◆New HiddenTear variant (Twitter(MalwareHunterTeam), 2020/12/16)
Ransomware: HiddenTear
拡張子: .fmfgmfgmhttps://twitter.com/malwrhunterteam/status/1339199174676520960
◆The COVID-20 Ransomware (Twitter(MalwareHunterTeam), 2020/12/16)
Ransomware: COVID-20
https://twitter.com/malwrhunterteam/status/1339285704325672960
■2020/12/17
◆Iranian nation-state hackers linked to Pay2Key ransomware (BleepingComputer, 2020/12/17)
[イランの国家ハッカーは、Pay2Keyランサムウェアにリンクされています]Ransomware: Pay2Key
Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil.
[イランの支援を受けたハッキンググループ「Fox Kitten」は、最近イスラエルやブラジルの組織を標的にし始めた「Pay2Key」のランサムウェア作戦とリンクしています]https://www.bleepingcomputer.com/news/security/iranian-nation-state-hackers-linked-to-pay2key-ransomware/
⇒ https://malware-log.hatenablog.com/entry/2020/12/17/000000_1
◆Ransomware masquerades as mobile version of Cyberpunk 2077 (BleepingComputer, 2020/12/17 14:01)
[サイバーパンク2077のモバイル版を装ったランサムウェア]A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare.
[脅威のアクターが、CoderWareを名乗るランサムウェアをインストールする「Cyberpunk 2077」ゲーム用の偽のWindowsやAndroid用インストーラーを配布しています]https://www.bleepingcomputer.com/news/security/ransomware-masquerades-as-mobile-version-of-cyberpunk-2077/
⇒ https://malware-log.hatenablog.com/entry/2020/12/17/000000_2
■2020/12/18
◆New STOP Ransomware variant (Twitter(Michael Gillespie), 2020/12/18)
Ransomware: STOP
拡張子: .omflhttps://twitter.com/demonslay335/status/1340043430412607488?s=20
◆New Hakbit variant (Twitter(xiaopao), 2020/12/18)
Ransomware: Hakbit
拡張子: .rastar
◆New Inferno RaaS (Twitter(RAKESH KRISHNAN), 2020/12/18)
https://twitter.com/RakeshKrish12/status/1339838527891107840
【関連まとめ記事】
◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware