TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - January 6th 2023 - Targeting Healthcare

【ニュース】

◆The Week in Ransomware - January 6th 2023 - Targeting Healthcare (BleepingComputer, 2023/01/06 19:51)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-6th-2023-targeting-healthcare/


【詳細】

■2023年1月1日 (日)

◆Ransomware gang apologizes, gives SickKids hospital free decryptor (BleepingComputer, 2023/01/01 14:00)
[ランサムウェアの一団が謝罪し、SickKids 病院に復号化ツールを無償で提供]

Ransomware: LockBit

https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/
https://malware-log.hatenablog.com/entry/2023/01/01/000000_1

◆Ransomware gang cloned victim’s website to leak stolen data (BleepingComputer, 2023/01/01 15:54)
[ランサムウェア集団が被害者のウェブサイトをクローンし、盗まれたデータを流出させる]
https://www.bleepingcomputer.com/news/security/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data/
https://malware-log.hatenablog.com/entry/2023/01/01/000000_2


■2023年1月2日 (月)

◆Ransomware impacts over 200 govt, edu, healthcare orgs in 2022 (BleepingComputer, 2023/01/02 13:14)
[ランサムウェアは2022年に200以上の政府機関、教育機関、医療機関に影響を与える]
https://www.bleepingcomputer.com/news/security/ransomware-impacts-over-200-govt-edu-healthcare-orgs-in-2022/
https://malware-log.hatenablog.com/entry/2023/01/02/000000

◆New STOP Ransomware variant (PCrisk(Twitter), 2023/01/02)

Ransomware: STOP / Djvu
拡張子: .znto, Ransomnote: _readme.txt

https://twitter.com/pcrisk/status/1609810415034241025

◆New Dharma ransomware variant (PCrisk(Twitter), 2023/01/02)

Ransomware: Dharma/CrySis
拡張子:.CY3 , Ransomnote: info.txt / Info.hta
Sha256: 5c2fb1c42f007093be5e463f70ee7e7192990b3385a3cbcc71043980efa312e0
https://www.virustotal.com/gui/file/5c2fb1c42f007093be5e463f70ee7e7192990b3385a3cbcc71043980efa312e0/detection

https://twitter.com/pcrisk/status/1610145452544131073

◆New Upsilon Ransomware (PCrisk(Twitter), 2023/01/02)

Ransomware: Upsilon
拡張子: .upsil0n , Ransomnote: Upsilon.txt

https://twitter.com/pcrisk/status/1610180479688245248

◆New BetterCallSaul ransomware (BetterCallSaul(Twitter), 2023/01/02)

Ransomware: BetterCallSaul
拡張子: .bettercallsaul, Ransomnote: DECRYPT_MY_FILES.txt
Sha256: 3268b1b9a1fa230859267defd9cb31a17e8bcadac4eef9fd2df4520bf4e603a7
https://www.virustotal.com/gui/file/3268b1b9a1fa230859267defd9cb31a17e8bcadac4eef9fd2df4520bf4e603a7/detection

https://twitter.com/pcrisk/status/1610190914068045824

■2023年1月3日 (火)

◆Royal ransomware claims attack on Queensland University of Technology (BleepingComputer, 2023/01/03)
[ロイヤルランサムウェアがクイーンズランド工科大学への攻撃を主張]

Ransomware: Royal

https://www.bleepingcomputer.com/news/security/royal-ransomware-claims-attack-on-queensland-university-of-technology/
https://malware-log.hatenablog.com/entry/2023/01/03/000000_2

◆Rail giant Wabtec discloses data breach after Lockbit ransomware attack (BleepingComputer, 2023/01/03 15:13)
[鉄道大手のワブテック、ランサムウェア「Lockbit」攻撃によるデータ流出を公表]

Ransomware: LockBit

https://www.bleepingcomputer.com/news/security/rail-giant-wabtec-discloses-data-breach-after-lockbit-ransomware-attack/
https://malware-log.hatenablog.com/entry/2023/01/03/000000_3

◆New Dharma ransomware variant (PCrisk (Twitter), 2023/01/03)

Ransomware: Dharma / CrySis
拡張子: .d0n, Ransomnote: info.txt / Info.hta
Sha256: 6a0017262def9565b504d04318c59f55bea136ac3dd48862d1ae90ff6b963811
https://www.virustotal.com/gui/file/6a0017262def9565b504d04318c59f55bea136ac3dd48862d1ae90ff6b963811/detection

https://twitter.com/pcrisk/status/1610539108614406145

■2023年1月4日 (水)

◆Rackspace confirms Play ransomware was behind recent cyberattack (BleepingComputer, 2024/01/04 17:21)
[Rackspace、最近のサイバー攻撃の背後にPlayランサムウェアがあったことを確認]

Ransomware: Play

https://www.bleepingcomputer.com/news/security/rackspace-confirms-play-ransomware-was-behind-recent-cyberattack/
https://malware-log.hatenablog.com/entry/2023/01/04/000000_1


■2023年1月5日 (木)

◆Bitdefender releases free MegaCortex ransomware decryptor (BleepingComputer, 2023/01/05 15:49)
[Bitdefender、ランサムウェア「MegaCortex」の解読ツールを無償で公開]

Ransomware: MegaCortex

https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-megacortex-ransomware-decryptor/
https://malware-log.hatenablog.com/entry/2023/01/05/000000

◆Rackspace: Customer email data accessed in ransomware attack (BleepingComputer, 2023/01/05 17:58)
[Rackspace: ランサムウェア攻撃で顧客の電子メールデータにアクセスされる]

Ransomware: Play

https://www.bleepingcomputer.com/news/security/rackspace-customer-email-data-accessed-in-ransomware-attack/
https://malware-log.hatenablog.com/entry/2023/01/05/000000_1

◆Ransomware Roundup – Monti, BlackHunt, and Putin Ransomware (Fortinet, 2023/01/05)
[ランサムウェア・ラウンドアップ - Monti、BlackHunt、Putin Ransomware]

Ransomware: Monti
Ransomware: BlackHunt
Ransomware: Putin

https://www.fortinet.com/blog/threat-research/ransomware-roundup-monti-blackhunt-and-more
https://malware-log.hatenablog.com/entry/2023/01/05/000000_2


■2023年1月6日 (金)

◆New STOP Ransomware variants (PCrisk(Twitter), 2023/01/06)

Ransomware: STOP / Djvu
拡張子: .bpws / .bpto , Ransomnote: _readme.txt
Sha256: 1c73e827e862f1400e60c4881c531522bb3243a8971c549ea48f8d3adf10db66
https://www.virustotal.com/gui/file/1c73e827e862f1400e60c4881c531522bb3243a8971c549ea48f8d3adf10db66/detection

https://twitter.com/pcrisk/status/1611259094165233667


【関連まとめ記事】

全体まとめ
 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023