TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - April 30th 2021 - Attacks Escalate


◆The Week in Ransomware - April 30th 2021 - Attacks Escalate (BleepingComputer, 2021/04/30 17:46)

Ransomware gangs continue to target organizations large and small, including a brazen attack on the Washington DC police department.
This week, we learned of attacks affecting the Metropolitan Police Department, Merseyrail UK rail operator, the Whistler Resort Municipality, and an attack on Brazil's court systems in Rio Grande do Sul.
今週は、警視庁、英国の鉄道事業者Merseyrail、Whistler Resort Municipality、ブラジルのリオグランデ・ド・スル州の裁判所システムへの攻撃などがありました]


■2021年4月24日 (土)

◆A ransomware gang made $260,000 in 5 days using the 7zip utility (BleepingComputer, 2021/04/24 12:06)

◆New Dharma ransomware variant (Jakub Kroustek(Twitter), 2021/04/21)
[新しいランサムウェア「Dharma」の亜種 ]

Ramsomware: Dharma
拡張子: .bdev

■2021年4月25日 (日)

◆New NoCry ransomware (GrujaRS(Twitter), 2021/04/25)

Ransomware: NoCry
拡張子: .Cry


◆New Conti ransomware variant (GrujaRS(Twitter), 2021/04/25)

Ransomware: Conti
拡張子: .GFYPK

■2021年4月26日 (月)

◆DC Police confirms cyberattack after ransomware gang leaks data (BleepingComputer, 2021/04/26 22:35)

Ransomware: Babuk

◆Ransomware gang now warns they will leak new Apple logos, iPad plans (BleepingComputer, 2021/04/26 15:48)

The REvil ransomware gang has mysteriously removed Apple's schematics from their data leak site after privately warning Quanta that they would leak drawings for the new iPad and new Apple logos.

Ransomware: REvil

◆Accellion data breaches drive up average ransom price (BleepingComputer, 2021/04/26 15:26)

Ransomware: Clop

◆New Conti ransomware variant (dnwls0719(Twitter), 2021/04/26)

Ransomware: Conti(Dharma)
拡張子: .ALNBR

◆Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound (Coveware, 2021/04/26)

◆New Phobos Ransomware variant (PCrisk(Twitter), 2021/04/26)

Ransomware: Phobos
拡張子: .lookfornewitguy

■2021年4月27日 (火)

◆Ransomware : Revil enchaîne les victimes… qui ne paient pas (LemagIT, 2021/04/27)

Le groupe REvil, aux commandes du ransomware Sodinokibi, est un habitué des coups d’éclat, avec récemment Acer ou Quanta, et indirectement avec lui, Apple. Mais son tableau de chasse cache mal des échecs toujours plus nombreux.

Ransomware: REvil

◆The cost of ransomware in 2021: A country-by-country analysis (Emsisoft, 2021/04/27)

◆Ransomware gang targets Microsoft SharePoint servers for the first time (The Record, 2021/04/27)
[Microsoft SharePointサーバを標的としたランサムウェアが登場]

Microsoft SharePoint servers have now joined the list of network devices being abused as an entry vector into corporate networks by ransomware gangs.
[Microsoft SharePointサーバは、ランサムウェアの侵入経路として悪用されているネットワーク機器の1つです]

■2021年4月28日 (水)

◆UK rail network Merseyrail likely hit by Lockbit ransomware (BleepingComputer, 2021/04/28 04:15)

Ransomware: Lockbit

◆New Dharma ransomware variant (dnwls0719(Twitter), 2021/04/28)

Ransomware: Dharma
拡張子: .cum

■2021年4月29日 (木)

◆Security expert coalition shares actions to disrupt ransomware (BleepingComputer, 2021/04/29 06:57)

◆Whistler resort municipality hit by new ransomware operation (BleepingComputer, 2021/04/29 12:01)

◆Brazil's Rio Grande do Sul court system hit by REvil ransomware (BleepingComputer, 2021/04/29 19:18)

Ransomware: REvil

◆New ransomware group uses SonicWall zero-day to breach networks (BleepingComputer, 2021/04/29 18:00)

◆QNAP warns of AgeLocker ransomware attacks on NAS devices (BleepingComputer, 2021/04/19 14:26)

Ransomware: AgeLocker

◆Babuk ransomware readies 'shut down' post, plans to open source malware (BleepingComputer, 2021/04/29 13:54)

Ransomware: Babuk

◆New CryBaby ransomware (MalwareHunterTeam(Twitter), 2021/04/29)

Ransomware: CryBaby


■2021年4月30日 (金)

◆Babuk quits ransomware encryption, focuses on data-theft extortion (BleepingComputer, 2021/04/30 15:28)

Ransomware: Babuk


 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)