TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - January 22nd 2021 - Calm before the storm


◆The Week in Ransomware - January 22nd 2021 - Calm before the storm (BleepingComputer, 2021/01/22)



◆New FCorp Ransomware (Twitter(GrujaRS ), 2021/01/16)

Ransomware: FCorp
拡張子: .fcorp, Ransomnote: READ_IT.txt



◆New DeroHE ransomware (BleepingComputer, 2021/01/18 14:57)

Ransomware: DeroHE
拡張子: .DeroHE, RansomNote: READ_TO_DECRYPT.html


◆New DIS Dharma ransomware variant (Twitter(Jakub Kroustek), 2021/01/18)

Ransomware: DIS Dharma
拡張子: .dis


◆IObit forums hacked to spread ransomware to its members (BleepingComputer, 2021/01/18 14:57)

Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.

◆DeCovid19Bot ransomware discovered (Twitter(S!ri), 2021/01/18)

Ransomware: DeCovid19Bot
拡張子: .locked, Ransom Note: ATTENTION!!!!0.txt

◆Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack

Members of one of England’s most exclusive golf clubs has warned its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack.
[イングランドで最も高級なゴルフ クラブの 1 つのメンバーは、その 4000 人のメンバーの個人情報がランサムウェアの攻撃に続いてハッカーの手に落ちている可能性があると警告しています]

◆The city of Angers in turn bears the brunt of a cyberattack by ransomware

The services of the metropolis are also affected by an attack which entered its final phase on the night of Friday 15 to Saturday 16 January. A “long” cleaning and restoration process is expected.

◆New COOS STOP Ransomware variant (Twitter(Raavan Extended), 2021/01/18)

Ransomware: COOS STOP
拡張子: .COOS


◆New STOP Ransomware variant (Twitter(Amigo-A), 2021/01/20)

Ransomware: STOP
拡張子: .wbxd

◆Pulp Fiction ransomware (Twitter(Amigo-A), 2021/01/20)

Ransomware: Pulp Fiction
Ransom note: read_this.txt


◆Ucar victim of a cyberattack

The vehicle rental company reveals that it was the victim of a computer attack at the start of the year. Thanks to a data backup, the activity was not affected.

◆New Cring Ransomware

Ransomware: Cring
拡張子: .cring, Ransom note: deReadMe!!!.txt


◆CHwapi hospital hit by Windows BitLocker encryption cyberattack (BleepingComputer, 2021/01/21)
[CHwapi病院は、Windows BitLocker暗号化サイバー攻撃によって打撃を受けました]

The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker.
[ベルギーのCHwapi病院は、脅威の行為者がWindows Bitlockerを使用して40台のサーバーと100TBのデータを暗号化したと主張するサイバー攻撃に悩まされています。]

◆CNH Ransomware discovered (Twitter(0x4143 ), 2021/01/21)

Ransomware: CNH
拡張子: .cnh


◆TeslaCrypt imposter created (Twitter(TheAnalyst), 2021/01/22)

Ransomware: TeslaCrypt
拡張子: .0l0lqq

◆Colliers International Group gets slammed by cyberattack (Insurance Business Canada, 2021/01/22)

A spokesperson for Colliers verified that it had been targeted by a cyberattack after IT World Canada confronted the company about a listing on the dark web by the Netfilm ransomware gang – a listing which suggests that the firm was hit by the gang, and that Colliers’ files were copied.

◆New Flamingo ransomware variant (Twitter(Amigo_A), 2021/01/22)

Ransomware: Flamingo
拡張子: .DoNotWorry, Ransom note: #ReadThis.TXT and #ReadThis.HTA

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020