TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

The Week in Ransomware - January 13th 2023 - LockBit in the spotlight

【ニュース】

◆The Week in Ransomware - January 13th 2023 - LockBit in the spotlight (BleepingComputer, 2023/01/13 19:17)
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-13th-2023-lockbit-in-the-spotlight/


【詳細】

■2023年1月9日 (月)

◆Dharma (PCrisk(Twitter), 2023/01/09)

Ransomware: Dharma / CrySis
拡張子: .mao
Ransomnote: info.txt / Info.hta
Sha256: 419bc8196013d7d8c72b060da1a02d202d7e3eb441101f7bcb6d7667871a5c16
https://www.virustotal.com/gui/file/419bc8196013d7d8c72b060da1a02d202d7e3eb441101f7bcb6d7667871a5c16/detection

https://twitter.com/pcrisk/status/1612327915210801153

◆New STOP Ransomware variant (PCrisk(Twitter), 2023/01/09)

Ransomware: Stop / Djvu
拡張子: .zoqw
Ransomnote: _readme.txt
Sha256: e2f16ab56cb56dadcf84368346c397a789039a3fa9a048f3c2734c52c5c25f64
https://www.virustotal.com/gui/file/e2f16ab56cb56dadcf84368346c397a789039a3fa9a048f3c2734c52c5c25f64/detection

https://twitter.com/pcrisk/status/1612337035158736898

◆VoidCrypt (PCrisk(Twitter), 2023/01/09)

Ransomware: VoidCrypt
拡張子: .RYKCRYPT
Ransomnote: unlock-info.txt
Sha256: 4a3d4930a9d5adc40a46828b061ae581685a5c0f93bf64400c8a6b99dbad0b66
https://www.virustotal.com/gui/file/4a3d4930a9d5adc40a46828b061ae581685a5c0f93bf64400c8a6b99dbad0b66/detection

https://twitter.com/pcrisk/status/1612415469969080320

◆ Xorist (PCrisk(Twitter), 2023/01/09)

Ransomware: Xorist
拡張子: .KoRyA
Ransomnote: HOW TO DECRYPT FILES.txt
Sha256: b2447bb9ef759c890d75e31eb07f0553065d74403f654c9757635b02f1b753be
https://www.virustotal.com/gui/file/b2447bb9ef759c890d75e31eb07f0553065d74403f654c9757635b02f1b753be/detection

b2447bb9ef759c890d75e31eb07f0553065d74403f654c9757635b02f1b753be


■2023年1月10日 (火)

◆Lorenz ransomware gang plants backdoors to use months later (BleepingComputer, 2023/01/10 16:30)
[Lorenz ransomware gang plants backdoors to use months later]

Ransomware: Lorenz

https://www.bleepingcomputer.com/news/security/lorenz-ransomware-gang-plants-backdoors-to-use-months-later/
https://malware-log.hatenablog.com/entry/2023/01/10/000000_2

◆CISA orders agencies to patch Exchange bug abused by ransomware gang (BleepingComputer, 2023/01/10 18:22)
[CISA、ランサムウェア集団に悪用されたExchangeのバグを修正するよう各機関に命令]

Ransomware: Play

https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-exchange-bug-abused-by-ransomware-gang/
https://malware-log.hatenablog.com/entry/2023/01/10/000000_3

◆New STOP Ransomware variant (PCrisk(Twitter), 2023/01/10)

Ransomware: Stop/Djvu
拡張子: .zouu
Ransomnote: _readme.txt
Sha256: 9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba
https://www.virustotal.com/gui/file/9fe04c781e72a87b131df24fa7f16567fcfe4c16c8e812650e5d583c65e6e3ba/detection

https://twitter.com/pcrisk/status/1612683185388752896


■2023年1月11日 (水)

◆Royal Mail halts international services after cyberattack (BleepingComputer, 2023/01/11 12:13)
[ロイヤルメール、サイバー攻撃を受けて国際サービスを停止]

Ransomware: LockBit

https://www.bleepingcomputer.com/news/security/royal-mail-halts-international-services-after-cyberattack/
https://malware-log.hatenablog.com/entry/2023/01/11/000000_1

◆Increasing The Sting of HIVE Ransomware (Rapid7, 2023/01/11 20:24)
[HIVEランサムウェアの脅威を増大させる]

Ransomware: Hive

https://www.rapid7.com/blog/post/2023/01/11/increasing-the-sting-of-hive-ransomware/
https://malware-log.hatenablog.com/entry/2023/01/11/000000_2


■2023年1月12日 (木)

◆Vice Society ransomware claims attack on Australian firefighting service (BleepingComputer, 2023/01/12 11:31)
[Vice Society ransomwareがオーストラリアの消防団に攻撃を主張]

Ransomware: Vice Society

https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-australian-firefighting-service/
https://malware-log.hatenablog.com/entry/2023/01/12/000000_1

◆Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw (BleepingComputer, 2023/01/12 14:53)
[マイクロソフト: キューバのランサムウェア、OWASSRFの欠陥でExchangeサーバをハッキング]

Ransomware: Cuba

https://www.bleepingcomputer.com/news/security/microsoft-cuba-ransomware-hacking-exchange-servers-via-owassrf-flaw/
https://malware-log.hatenablog.com/entry/2023/01/12/000000_2

◆Royal Mail halts international services after cyberattack (BleepingComputer, 2023/01/11 12:13)
[ロイヤルメール、サイバー攻撃を受けて国際サービスを停止]

Ransomware: LockBit

https://www.bleepingcomputer.com/news/security/royal-mail-halts-international-services-after-cyberattack/
https://malware-log.hatenablog.com/entry/2023/01/11/000000_1


【関連まとめ記事】

全体まとめ
 ◆資料・報告書 (まとめ)

◆The Week in Ransomware (まとめ)
https://malware-log.hatenablog.com/entry/The_Week_in_Ransomware


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023