【ニュース】

◆The Week in Ransomware - April 9th 2021 - Massive ransom demands (BleepingComputer, 2021/04/09 16:47)

Ransomware attacks continue over the past two weeks with a continuation of the massive initial ransom demands we have seen recently.

Over the past two weeks, we have learned of attacks against Asteelflash, the Broward County Public Schools, Applus Technologies, Pierre Fabre, and Harris Federation, with many of the attack's initial ransoms ranging between $24 - $40 million.
[ランサムウェアの攻撃は、この2週間、最近見られるようになった多額の初期身代金の要求が続いています。

この2週間の間に、Asteelflash、Broward County Public Schools、Applus Technologies、Pierre Fabre、Harris Federationに対する攻撃が判明しており、攻撃の初期身代金の多くは2,400万ドルから4,000万ドルとなっています。]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-9th-2021-massive-ransom-demands/

【関連まとめ記事】

◆全体まとめ
　◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware

【詳細】

■2021年3月27日(土)

◆FatFace sends controversial data breach email after ransomware attack (BleepingComputer, 2021/03/27 09:41)
[FatFace、ランサムウェア攻撃の後、物議を醸したデータ漏洩メールを送信]

Ransomware: Conti

https://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/
⇒ https://malware-log.hatenablog.com/entry/2021/03/27/000000_3

■2021年3月28日(日)

◆Ransomware admin is refunding victims their ransom payments (BleepingComputer, 2021/03/28 18:53)
[ランサムウェアの管理者が被害者に身代金の返金を行う]
https://www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/
⇒ https://malware-log.hatenablog.com/entry/2021/03/28/000000_4

◆CompuCom MSP expects over $20M in losses after ransomware attack (BleepingComputer, 2021/03/28 10:41)

Ransomware: DarkSide

https://www.bleepingcomputer.com/news/security/compucom-msp-expects-over-20m-in-losses-after-ransomware-attack/
⇒ https://malware-log.hatenablog.com/entry/2021/03/28/000000_5

■2021年3月29日(月)

◆Harris Federation hit by ransomware attack affecting 50 schools  (BleepingComputer, 2021/03/29 14:00)
[Harris Federation、ランサムウェア攻撃を受け50校が被害に]

Ransomware: DoppelPaymer

https://www.bleepingcomputer.com/news/security/harris-federation-hit-by-ransomware-attack-affecting-50-schools/
⇒ https://malware-log.hatenablog.com/entry/2021/03/29/000000_10

■2021年3月30日(火)

◆Microsoft Exchange attacks increase while WannaCry gets a restart (BleepingComputer, 2021/03/30 07:56)
[WannaCryが再起動する中、Microsoft Exchangeへの攻撃が増加]
https://www.bleepingcomputer.com/news/security/microsoft-exchange-attacks-increase-while-wannacry-gets-a-restart/
⇒ https://malware-log.hatenablog.com/entry/2021/03/30/000000_10

◆New STOP Djvu Ransomware variant (Michael Gillespie(Twitter), 2021/03/30)

Ransomware: STOP Djvu
拡張子: .ytbn

https://twitter.com/demonslay335/status/1376969611279806467

■2021年4月1日(木)

◆New Dharma ransomware variants (Jakub Kroustek(Twitter), 2021/04/01)

Ransomware: Dharma
拡張子: .4o4 / .ctpl

https://twitter.com/JakubKroustek/status/1377698699208499203

■2021年4月2日(金)

◆Asteelflash electronics maker hit by REvil ransomware attack (BleepingComputer, 2021/04/02 14:17)
[電子機器メーカーAsteelflash社がランサムウェア「REvil」の攻撃を受ける]

Ransomware: REvil

https://www.bleepingcomputer.com/news/security/asteelflash-electronics-maker-hit-by-revil-ransomware-attack/
⇒ https://malware-log.hatenablog.com/entry/2021/04/02/000000_1

◆Qualys says Accellion hackers did not breach production systems (BleepingComputer, 2021/04/02 12:28)

Ransomware: Clop

https://www.bleepingcomputer.com/news/security/qualys-says-accellion-hackers-did-not-breach-production-systems/
⇒ https://malware-log.hatenablog.com/entry/2021/04/02/000000_7

◆Ransomware gang wanted $40 million in Florida schools cyberattack (BleepingComputer, 2021/04/02)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-9th-2021-massive-ransom-demands/
⇒ https://malware-log.hatenablog.com/entry/2021/04/02/000000_8

◆As ransomware stalks the manufacturing sector, victims are still keeping quiet (CyberScoop, 2021/04/02)
[ランサムウェアが製造業を襲う中、被害者はまだ沈黙を守っている]
https://www.cyberscoop.com/honeywell-hack-ransomware-manufacturing-norsk-hydro/
⇒ https://malware-log.hatenablog.com/entry/2021/04/02/000000_9

◆New Makop Ransomware variant (dnwls0719(Twitter), 2021/04/02)

Ransomware: Makop
拡張子: .dark, Ransomnote: readme-warning.txt

https://twitter.com/fbgwls245/status/1377883082997428224

◆New WhiteBlackGroup ransomware (S!Ri(Twitter), 2021/04/02)

Ransomware: WhiteBlackGroup
拡張子: .encrpt3d

https://twitter.com/siri_urz/status/1377877204776976384

■2021年4月3日(土)

◆Malware attack is preventing car inspections in eight US states (BleepingComputer, 2021/04/03)
[米国の8つの州でマルウェアの攻撃により車検ができなくなっている]
https://www.bleepingcomputer.com/news/security/malware-attack-is-preventing-car-inspections-in-eight-us-states/
⇒ https://malware-log.hatenablog.com/entry/2021/04/03/000000_6

◆Ransomware gang leaks data from Stanford, Maryland universities  (BleepingComputer, 2021/04/03 09:31)
[ランサムウェアにより、スタンフォード大学、メリーランド大学のデータが流出]
https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-from-stanford-maryland-universities/
⇒ https://malware-log.hatenablog.com/entry/2021/04/03/000000_2

◆Sepa spends nearly £800,000 on cyber attack response (BBC, 2021/04/03)
[Sepa社、サイバー攻撃対策に約80万ポンドを費やす]
https://www.bbc.com/news/uk-scotland-56612867
⇒ https://malware-log.hatenablog.com/entry/2021/04/03/000000_7

◆New STOP Djvu Ransomware variant (Michael Gillespie(Twitter), 2021/04/03)

Ransomware: STOP Djvu
拡張子: .fdcz

https://twitter.com/demonslay335/status/1378477327198400517

◆New Jigsaw Ransomware variant (GrujaRS(Twitter), 2021/04/03)

Ransomware: Jigsaw
拡張子: .cat

https://twitter.com/GrujaRS/status/1378357626749259778

■2021年4月4日(日)

◆Sierra Wireless resumes production after ransomware attack (BleepingComputer, 2021/04/04)
[ランサムウェア攻撃を受けたSierra Wireless社が生産を再開]

Canadian IoT solutions provider Sierra Wireless announced that it resumed production at its manufacturing sites halted after a ransomware attack that hit its internal network and corporate website on March 20.
[カナダのIoTソリューションプロバイダーであるSierra Wireless社は、3月20日に社内ネットワークと企業ウェブサイトがランサムウェア攻撃を受けて停止していた製造拠点の生産を再開したことを発表しました]

https://www.bleepingcomputer.com/news/security/sierra-wireless-resumes-production-after-ransomware-attack/
⇒ https://malware-log.hatenablog.com/entry/2021/04/04/000000_1

◆New STOP Djvu Ransomware variant (Michael Gillespie(Twitter), 2021/04/04)

Ransomware: STOP Djvu
拡張子: .urnb

https://twitter.com/demonslay335/status/1378892654575030274

■2021年4月5日(月)

◆New Jormungand Ransomware variant (dnwls0719(Twitter), 2021/04/05)

Ransomware: Jormungand
拡張子: .glock, Ransomnote: READ-ME-NOW.txt

https://twitter.com/fbgwls245/status/1379007045186117637

■2021年4月6日(火)

◆Windows XP makes ransomware gangs work harder for their money (BleepingComputer, 2021/04/06 18:00)
https://www.bleepingcomputer.com/news/security/windows-xp-makes-ransomware-gangs-work-harder-for-their-money/
⇒ https://malware-log.hatenablog.com/entry/2021/04/06/000000_10

◆Ransomware hits TU Dublin and National College of Ireland (BleepingComputer, 2021/04/06)
https://www.bleepingcomputer.com/news/security/ransomware-hits-tu-dublin-and-national-college-of-ireland/
⇒ https://malware-log.hatenablog.com/entry/2021/04/06/000000_11

■2021年4月7日(水)

◆New Cring ransomware hits unpatched Fortinet VPN devices (BleepingComputer, 2021/04/07)

Ransomware: Cring

https://www.bleepingcomputer.com/news/security/new-cring-ransomware-hits-unpatched-fortinet-vpn-devices/
⇒ https://malware-log.hatenablog.com/entry/2021/04/07/000000_3

◆REvil ransomware now changes password to auto-login in Safe Mode (BleepingComputer, 2021/04/07 16:06)
https://www.bleepingcomputer.com/news/security/revil-ransomware-now-changes-password-to-auto-login-in-safe-mode/
⇒ https://malware-log.hatenablog.com/entry/2021/04/07/000000_4

◆New Wintenzz Security Tool ransomware (BleepingComputer, 2021/04/07)

Ransomware: Wintenzz Security Tool
拡張子: .wintenzz, Ransomnote: BUY_WINTENZZ.txt

https://twitter.com/siri_urz/status/1379754707053338624

■2021年4月8日(木)

◆New VHD ransomware variant (dnwls0719(Twitter), 2021/04/08)

Ransomware: VHD
拡張子: .beaf, Ransomnote: DecryptGuide.txt

https://twitter.com/fbgwls245/status/1380066518768082947

■2021年4月9日(金)

◆Leading cosmetics group Pierre Fabre hit with $25 million ransomware attack (BleepingComputer, 2021/04/09 14:52)
https://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/
⇒ https://malware-log.hatenablog.com/entry/2021/04/09/000000_13

◆New STOP Djvu Ransomware variant (Michael Gillespie(Twitter), 2021/04/09)

Ransomware: STOP Djvu
拡張子: .lmas

https://twitter.com/demonslay335/status/1380568930431995906

◆New GEHENNA Locker ransomware (dnwls0719(Twitter), 2021/04/09)

Ransomware: GEHENNA Locker
拡張子: .gehenna, Ransomnote: GEHENNA-README-WARNING.html

https://twitter.com/fbgwls245/status/1380446759231516673

◆Maze/Egregor ransomware cartel estimated to have made $75 million (The Record, 2021/04/09)
[ランサムウェア・カルテル「Maze/Egregor」、75百万ドルを稼いだと推定される]
https://therecord.media/maze-egregor-ransomware-cartel-estimated-to-have-made-75-million/
⇒ https://malware-log.hatenablog.com/entry/2021/04/09/000000_14

◆New RIP_lmao Ransomware (GrujaRS(Twitter), 2021/04/09)

Ransomware: RIP_lmao
拡張子: .crypted, Ransomnote: ___RECOVER__FILES__.crypted.txt

https://twitter.com/GrujaRS/status/1380597809376854022