TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - March 26th 2021 - Attacks increase


◆The Week in Ransomware - March 26th 2021 - Attacks increase  (BleepingComputer, 2021/03/26 19:45)



◆New Pay2Decrypt variant (S!R!(Twitter), 2021/03/21)

Ransomware: Pay2Decrypt
拡張子: .aes


◆Microsoft Exchange servers now targeted by Black Kingdom ransomware (BleepingComputer, 2021/03/22 09:07)
[Microsoft ExchangeサーバがBlack Kingdomランサムウェアの標的に]

Ransomware: Black Kingdom
ランサムノート: decrypt_file.TxT, ReadMe.txt

◆Energy giant Shell discloses data breach after Accellion hack (BleepingComputer, 2021/03/22 10:58)
[エネルギー大手のShell、Accellionのハッキングによるデータ流出を公表 ]

Ransomware: Clop

◆New Dharma ransomware variant (Jakub Kroustek(Twitter), 2021/03/22)

Ransomware: Dharma
拡張子: .bqd2


◆Ransomware attack shuts down Sierra Wireless IoT maker  (BleepingComputer, 2021/03/23 11:39)
[ランサムウェアの攻撃により、Sierra Wireless社のIoTメーカーが停止]

◆High-availability server maker Stratus hit by ransomware  (BleepingComputer, 2021/03/23)

◆Ransomware gang leaks data stolen from Colorado, Miami universities  (BleepingComputer, 2021/03/23 16:20)

Ransomware: Clop

◆CNA insurance firm hit by a cyberattack, operations impacted  (BleepingComputer, 2021/03/23)

Ransomware: Phoenix CryptoLocker


◆New Makop variant (dnwls0719(Twitter), 2021/02/24)

Ransomware: Makop
拡張子: .pecunia, ランサムノート: readme-warning.txt


◆Insurance giant CNA hit by new Phoenix CryptoLocker ransomware (BleepingComputer, 2021/03/25 14:26)

Ransomware: Phoenix CryptoLocker

◆Evil Corp switches to Hades ransomware to evade sanctions (BleepingComputer, 2021/03/25 13:34)

Ransomware: Hades Locker, Hades

◆Ransomware gang leaks data from US military contractor the PDI Group (The Record, 2021/03/25)

◆New Stop Ransomware variant (Amigo-A(Twitter), 2021/03/29)

Ransomware: Stop
拡張子: .ekvf

◆This company was hit by ransomware. Here's what they did next, and why they didn't pay up  (ZDNet, 2021/03/25)


◆FBI exposes weakness in Mamba ransomware, DiskCryptor (BleepingComputer, 2021/03/26 03:30)

An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom.
[ランサムウェア「Mamba」に関する米国連邦捜査局(Federal Bureau of Investigation)の警告では、暗号化プロセスの弱点が明らかになっており、標的となった組織が身代金を支払わずに攻撃から回復できる可能性があるとしています。]

Ransomware: Mamba

◆Ransomware gang urges victims’ customers to fight for their privacy (BleepingComputer, 2021/03/26 15:42)

A ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy.

Ransomware: Clop

◆Microsoft: Black Kingdom ransomware hacked 1.5K Exchange servers (BleepingComputer, 2021/03/26 12:03)
[マイクロソフト: ランサムウェア「Black Kingdom」が1.5KのExchangeサーバをハッキング]

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks.
[マイクロソフトは、ProxyLogon攻撃に脆弱な約1,500台のExchangeサーバーに、Black Kingdomのオペレーターが展開したWebシェルを発見しました。]

Ransomware: Black Kingdom

◆Retailer FatFace pays $2m ransom to Conti cyber criminals (, 2021/03/26 14:00)

Retailer FatFace paid out a $2m ransom to restore its data following a January 2021 cyber attack by the Conti ransomware syndicate

Ransomware: Conti

◆New HiddenTear variant (dnwls0719(Twitter), 2021/03/26)

Ransomware: HiddenTear
拡張子: .HANTA, ランサムノート: how_to_recover.txt


 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)