TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - March 12th 2021 - Encrypting Exchange servers

【ニュース】

◆The Week in Ransomware - March 12th 2021 - Encrypting Exchange servers (BleepingComputer, 2021/03/12 18:51)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-12th-2021-encrypting-exchange-servers/


【詳細】

■2021年3月6日(土)

◆Ransomware gang plans to call victim's business partners about attacks (BleepingComputer, 2021/03/06 12:47)
https://www.bleepingcomputer.com/news/security/ransomware-gang-plans-to-call-victims-business-partners-about-attacks/
https://malware-log.hatenablog.com/entry/2021/03/06/000000_6

◆New Jessy Dharma ransomware variant (Jakub Kroustek(Twitter), 2021/03/06)

Ransomware: Jessy Dharma
拡張子: .Jessy

https://twitter.com/JakubKroustek/status/1368338402739970053


■2021年3月7日(日)

◆New ROG Dharma ransomware variant (Jakub Kroustek(Twitter), 2021/03/07)

Ransomware: ROG Dharma
拡張子: .ROG

https://twitter.com/JakubKroustek/status/1368646748382576642


■2021年3月8日(月)

◆New Sarbloh ransomware supports Indian farmers' protest (BleepingComputer, 2021/03/08 16:20)
[インドの農民の抗議行動を支援する新型ランサムウェア「Sarbloh」が登場]

Ransomware: Sarbloh
拡張子: .sarbloh, ランサムノート: README_SARBLOH.txt

f:id:tanigawa:20210317164213j:plain
https://www.bleepingcomputer.com/news/security/new-sarbloh-ransomware-supports-indian-farmers-protest/
https://malware-log.hatenablog.com/entry/2021/03/08/000000_1

◆Flagstar Bank hit by data breach exposing customer, employee data (BleepingComputer, 2021/03/08)
[フラッグスター・バンク、顧客と従業員のデータが流出するデータ侵害に遭う]
https://www.bleepingcomputer.com/news/security/flagstar-bank-hit-by-data-breach-exposing-customer-employee-data/
https://malware-log.hatenablog.com/entry/2021/03/08/000000_13

◆New Matrix ransomware variant (dnwls0719(Twitter), 2021/03/08)

Ransomware: Matrix
拡張子: .JDPR, ランサムノート: JDPR_README.rtf

https://twitter.com/fbgwls245/status/1368824998052261889

◆Healthcare Providers Were Warned of a Ransomware Surge Last Fall. Some Still Aren’t Sure How Serious the Threat Was (The Record, 2021/03/08)
[医療機関は、昨年秋にランサムウェアの急増を警告されました。その脅威がどれほど深刻なものだったのか、いまだにわからないところもある]

Late last October, when the U.S. government warned of an imminent ransomware threat to the country’s hospitals and healthcare providers, many in the industry had a similar reaction: they paused, took a deep breath, and braced for impact.
[昨年10月下旬、米国政府が国内の病院や医療機関にランサムウェアの脅威が迫っていると警告したとき、業界の多くの人たちは同じような反応を示しました。]

https://therecord.media/healthcare-providers-were-warned-of-a-ransomware-surge-last-fall-some-still-arent-sure-how-serious-the-threat-was/
https://malware-log.hatenablog.com/entry/2021/03/08/000000_14


■2021年3月9日(火)

◆GandCrab ransomware affiliate arrested for phishing attacks (BleepingComputer, 2021/03/09 10:07)
[ランサムウェア「GandCrab」の関連会社がフィッシング攻撃で逮捕される]

A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims.
[韓国で、GandCrabランサムウェアのメンバーと思われる人物が、フィッシングメールを使って被害者に感染させたとして逮捕されました]

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-affiliate-arrested-for-phishing-attacks/
https://malware-log.hatenablog.com/entry/2021/03/09/000000_17

◆New Bad Gopher ransomware (S!R!(Twitter), 2021/03/09)
https://twitter.com/siri_urz/status/1369275430243549184

f:id:tanigawa:20210317170514j:plain


■2021年3月10日(水)

◆Ryuk ransomware hits 700 Spanish government labor agency offices (BleepingComputer, 2021/03/10 08:35)
[ランサムウェア「Ryuk」がスペイン政府労働機関のオフィス700箇所を襲う]
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-hits-700-spanish-government-labor-agency-offices/
https://malware-log.hatenablog.com/entry/2021/03/10/000000_8

◆New STOP ransomware variants (Michael Gillespie(Twitter), 2021/03/10)

Ransomware: STOP Djvu
拡張子: .reig / .tirp

https://twitter.com/demonslay335/status/1369688275829555205

◆DarkSide Ransomware 2.0 released (3xp0rt(Twitter), 2021/03/10)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-12th-2021-encrypting-exchange-servers/


■2021年3月11日(木)

◆Molson Coors brewing operations disrupted by cyberattack (BleepingComputer.2021/03/11 13:12)
[モルソン・クアーズ社の醸造業務がサイバー攻撃により中断される]
https://www.bleepingcomputer.com/news/security/molson-coors-brewing-operations-disrupted-by-cyberattack/
https://malware-log.hatenablog.com/entry/2021/03/11/000000_16

◆DearCry ransomware attacks Microsoft Exchange with ProxyLogon exploits (BleepingComputer, 2021/03/11 19:39)
[ランサムウェア「DearCry」、ProxyLogonを悪用してMicrosoft Exchangeを攻撃]
https://www.bleepingcomputer.com/news/security/dearcry-ransomware-attacks-microsoft-exchange-with-proxylogon-exploits/
https://malware-log.hatenablog.com/entry/2021/03/11/000000_17

f:id:tanigawa:20210317172916j:plain

◆DearCry found to be targeting Exchange (Michael Gillespie(Twitter), 2021/03/11)
https://twitter.com/demonslay335/status/1370125343571509250?s=20

◆New Dharma ransomware variants (Jakub Kroustek(Twitter), 2021/03/11)

Ransomware: Dharma
拡張子: .biden / .eofyd / .duk

https://twitter.com/JakubKroustek/status/1370152896919126016

■2021年3月12日(金)

◆New Dharma ransomware variants (Jakub Kroustek(Twitter), 2021/03/12)

Ransomware: Dharma
拡張子: .LAO / .pirat

https://twitter.com/JakubKroustek/status/1370152896919126016

◆6,970 publicly exposed web shells on Exchange servers (Kryptos Logic(Twitter), 2021/03/12)
[Exchangeサーバ上で公開された6,970個のウェブシェル]
https://twitter.com/kryptoslogic/status/1370478455817637895


【関連まとめ記事】

全体まとめ
 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2020