Know your enemy.Defense leadership.

ランサムウェア/攻撃グループの変遷と繋がり (Rev.2)

本図は世界で確認されてきた主なランサムウェア攻撃グループ(※1)のうち、「リブランド」を軸とした複合的視点による組織間の繋がりを図示したものである(※2)。

本Rev.2は、昨年2022年5月に公開し好評を頂いたRev.1から、日々移り変わる様々な観点の関連情報を多数追加し大きくアップデートした更新版となる。現在までに確認されてきたランサムウェア攻撃グループに関するあらゆる繋がりを可能な限り盛り込んだ。

本図から、ランサムウェア攻撃グループの多くがお互いに何からの関連性を持ち活動している背景が浮かび上がる。CONTIやBABUKをはじめソースコードの流出やグループの解散/テイクダウンなどの影響が他の新種出現へ顕著に繋がる流れが見て取れる。一方、NIGHT SKYなどのように、周辺グループとの繋がりから特定国に帰属する攻撃者像が浮き上がってくるケースもある。全体を通して見え隠れするアフィリエイトの共通性などから、ランサムウェア攻撃グループの表面的な組織数とは裏腹に、背後にいる攻撃者らの絶対数は一般に想像されるよりも少ない可能性などもここから推測できるだろう。

本図では、暴露活動の有無や活動拠点の概要なども一覧で把握できるようにしており、攻撃グループ名の索引も付録として添えているため、インシデント発生時の情報収集用途など辞書的な使い方としても是非活用してほしい。

(※1)  暴露型や話題性の高いグループを選抜。攻撃グループが使用するランサムウェアの名称も一部含む。
(※2)  MBSDの独自調査の他、世界各国の様々なセキュリティーベンダーの公開/発信情報を元に作成。
(Rev.1:2022年5月下旬作成)
(Rev.2:2023年2月上旬作成)

(日本語版) ダウンロードはこちら▼
MBSD_History_of_ransomware_group_connections_and_transitions_JPN_Rev.2.12.pdf
(印刷する場合はA3以上を推奨)

(English version) Please click to download▼
MBSD_History_of_ransomware_group_connections_and_transitions_ENG_Rev.2.12.pdf
(Recommend to print on A3 or larger size.)

Thumb_1920_MBSD_History_of_ransomware_group_connections_and_transitions_JPN_Rev.2.12.jpg Rev.2のマイナーバージョンアップに関する更新履歴については以下の通り。
マイナーバージョン更新履歴 主な更新箇所 更新日付
2.00 ・初期バージョン一般公開 2023/2/2
2.01 ・HELLO KITTYのスペル修正
・NEVADAの新規追加
・LAPSUS$のコメント修正
・英語版の追加
・その他、細部の変更
2023/2/7
2.02 ・MEDUSA、ZEPPELIN、NEVADAの情報変更
・VEGA、DARKBIT に関する情報追加
2023/2/16
2.03 ・ CONTI、QUANTUM間の補助線にコメント追加
・ HARDBIT の新規追加
・ V IS VENDETTA の新規追加
・ その他、細部の変更
2023/3/6
2.04 ・ BLACKSNAKEの新規追加
・ DARK POWERの新規追加
・ SNAPMCの新規追加
・ SZ40の新規追加
・ MEOWのコメントを追加
・ MONTIとDONUTとの関係性を追加
・ BLOODYの情報変更
2023/3/20
2.05 ・ ABYSSの新規追加
・ CATB(CATB99,BAXTOY)の新規追加
・ BLOODYの情報変更
・ STORMOUSの情報変更
2023/3/28
2.06 ・ BADLOCK(RORSCHACH)の新規追加
・ AKIRAの新規追加
・ CIPHERLOCKERの新規追加
・ DUNGHILLの新規追加
・ TRIGONAの新規追加
2023/4/25
2.07 ・ ELBIEの新規追加
・ LOKI LOCKERの新規追加
・ BLACKBITの新規追加
・ BLACKSUITの新規追加
・ RA GROUPの新規追加
・ CACTUSの新規追加
・ AKIRAの新規追加
2023/5/12
2.08 ・ 8BASEの新規追加
・ CYCLOPSの新規追加
・ DARKRACEの新規追加
・ ESXIARGSの新規追加
・ LA PIOVRAの新規追加
・ MALASのの新規追加
・ NEBULAの新規追加
・ NOESCAPEの新規追加
・ RHYSIDAの新規追加
・ SHADOWの新規追加

・ BADLOCKの情報変更
・ BLACKSUITの情報変更
・ BLOODYの情報変更
・ CLOPの情報変更
・ NEVADAの情報変更
・ NOKOYAWAの情報変更
・ ROYALのの情報変更
・ SNATCHの情報変更
2023/6/16
2.09 ・ BIG HEADの新規追加
・ INC RANSOMの新規追加
・ KNIGHTの新規追加
・ METAENCRYPTORの新規追加

・ 8BASEの情報変更
・ AVADDONの情報変更
・ BLACKSUITの情報変更
・ CACTUSの情報変更
・ CHILE LOCKERの情報変更
・ CYCLOPSの情報変更
・ NOESCAPEの情報変更
・ RHYSIDAの情報変更
・ ROYALの情報変更
・ SNATCHの情報変更
2023/8/21
2.10 ・ CIPHBITの新規追加
・ CLOAKの新規追加
・ CRYPTBBの新規追加
・ CRYPTNETの新規追加
・ GOOD DAYの新規追加
・ LOSTTRUSTの新規追加
・ RANCOZの新規追加
・ RANSOMED.VCの新規追加
・ THREEAMの新規追加

・ ALPHV (BLACKCAT)の情報変更
・ BIANLIANの情報変更
・ CACTUSの情報変更
・ CLOPの情報変更
・ DARKSIDEの情報変更
・ EVERESTの情報変更
・ LOCKBIT3.0の情報変更
・ METAENCRYPTORの情報変更
・ NOKOYAWAの情報変更
・ PLAYの情報変更
・ QUANTUMの情報変更
・ ROYALの情報変更
・ ランサムウェア攻撃グループのアクティブ状況を再定義
・ ShadowSyndicateに関する項目を新規追加
2023/10/4
2.11 ・ CONTIの情報変更
・ RYUKの情報変更
・ ShadowSyndicateの情報変更
2023/10/4
2.12 ・ DRAGONFORCEの新規追加
・ GHOSTSECの新規追加
・ HUNTERS INTERNATIONALの新規追加
・ LAMBDAの新規追加
・ MADCATの新規追加
・ MALEKTEAMの新規追加
・ MEGACORTEXの新規追加
・ RANSOEMCORPの新規追加
・ RAZNATOVICの新規追加
・ SAMSAMの新規追加
・ SIEGEDSECの新規追加
・ SPARTACUSの新規追加
・ WEREWOLVESの新規追加
・ プリカーサーマルウェア(QBOT)に関する項目を追加
・ アフィリエイト(Wazawaka、他)に関する項目を追加
・ ハッカーグループ編成(Five Families)に関する項目を追加

・ DEATHRANSOMの情報追加
・ LOCKERGOGAの情報追加

・ ABYSSの情報変更
・ ALPHV (BLACKCAT)の情報変更
・ BABUKの情報変更
・ BIANLIANの情報変更
・ BLACKBASTAの情報変更
・ CACTUSの情報変更
・ CERBERの情報変更
・ CONTIの情報変更
・ CYCLOPSの情報変更
・ DHARMAの情報変更
・ EGREGORの情報変更
・ HELLO KITTY (FIVE HANDS) の情報変更
・ HIVEの情報変更
・ KNIGHTの情報変更
・ LOCKBIT2.0の情報変更
・ LOCKBIT3.0の情報変更
・ MARIOの情報変更
・ MEOWの情報変更
・ MONTIの情報変更
・ NOESCAPEの情報変更
・ NOKOYAWAの情報変更
・ PROLOCKの情報変更
・ PWNDLOCKERの情報変更
・ QILIN (AGENDA)の情報変更
・ RAGNAR LOCKERの情報変更
・ RANSOMED.VCの情報変更
・ REVIL (SODINOKIBI)の情報変更
・ STORMOUSの情報変更
・ TRIGONAの情報変更
・ WHITERABBITの情報変更
2023/12/26

本図の作成に際して、弊社独自調査に併せ情報ソースとして参考にした主な参照先は以下の通り。
ランサムウェア攻撃グループ名 関連情報として参考にさせて頂いた主な参照先
8BASE https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html
https://thecyberexpress.com/losttrust-claims-ferguson-wellman-cyber-attack/
https://twitter.com/ido_cohen2/status/1702742049328443826
ABYSS https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/
AKO https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker
https://www.bleepingcomputer.com/news/security/ako-ransomware-another-day-another-infection-attacking-businesses/
ALPHV (BLACKCAT) https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps
https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html
https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat
https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/
https://www.group-ib.com/blog/shadowsyndicate-raas/
https://www.securityweek.com/law-enforcement-reportedly-behind-takedown-of-blackcat-alphv-ransomware-website/
https://www.bleepingcomputer.com/news/security/alphv-ransomware-site-outage-rumored-to-be-caused-by-law-enforcement/
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/
ARCANE https://www.natlawreview.com/article/rebranded-ransomware-group-sabbath-hitting-hospitals-and-schools
ARVINCLUB https://cloudsek.com/threatintelligence/ransomware-group-profile-arvin-club/
ASTRO (ASTRA) https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs
https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html
https://twitter.com/Arkbird_SOLG/status/1393994616496590848
https://twitter.com/darktracer_int/status/1433694601076822016
https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/
https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.mbsd.jp/research/20210415/astro-locker/
https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf
ATOMSILO https://medium.com/s2wblog/atomsilo-x-lockfile-atomsilo-copied-blackmatter-and-cerber-for-operating-the-double-extortion-site-7fb5aaac5f21
https://news.sophos.com/ja-jp/2021/10/11/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack-jp/
AVADDON https://medium.com/s2wblog/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4
https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/#google_vignette
AVOSLOCKER https://www.trendmicro.com/ja_jp/research/22/g/ransomware-spotlight-avoslocker.html
https://iototsecnews.jp/2022/09/07/google-says-former-conti-ransomware-members-now-attack-ukraine/#more-27616
https://www.bleepingcomputer.com/news/security/fbi-avoslocker-ransomware-targets-us-critical-infrastructure/
AXXES https://cloudsek.com/threatintelligence/axxes-ransomware-group-appears-to-be-the-rebranded-version-of-midas-group/
BABUK2023 https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
BADLOCK(RORSCHACH) https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/
https://www.group-ib.com/blog/bablock-ransomware/
BIANLIAN https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html
https://www.bleepingcomputer.com/news/security/bianlian-ransomware-gang-shifts-focus-to-pure-data-extortion/
BIG HEAD https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
BITPAYMER https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
https://www.bleepingcomputer.com/news/security/bitpaymer-ransomware-infection-forces-alaskan-town-to-use-typewriters-for-a-week/
BABUK https://cyberint.com/blog/research/babuk-locker/
https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs
https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/
https://blog.trendmicro.co.jp/archives/31517
https://cybelangel.com/blog/babuk-group-just-another-ransomware-gang/
https://www.bleepingcomputer.com/news/security/babuk-ransomware-readies-shut-down-post-plans-to-open-source-malware/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.databreaches.net/babuk-re-organizes-as-payload-bin-offers-its-first-leak/
https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html
https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html
https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/
https://www.group-ib.com/blog/bablock-ransomware/
https://riskybiznews.substack.com/p/risky-biz-news-chinas-great-firewall
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html
BLACK BASTA https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-the-fin7-hacking-group/
https://www.cybereason.com/blog/cybereason-vs.-black-basta-ransomware
https://www.trendmicro.com/ja_jp/research/22/f/examining-the-black-basta-ransomwares-infection-routine.html
https://www.zscaler.com/blogs/security-research/back-black-basta
https://www.cybereason.co.jp/blog/ransomware/9263/
https://digitaldata-forensics.com/column/ransomware/type/4415/
BLACKBIT https://asec.ahnlab.com/en/51497/
https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/
BLACKBYTE https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbyte
https://www.trendmicro.com/ja_jp/research/22/i/ransomware-spotlight-blackbyte.html
https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-gang-is-back-with-new-extortion-tactics/
https://www.anvilogic.com/threat-reports/conti-its-subsidiary-group-blackbyte
https://broadcom-software.security.com/blogs/japanese-broadcom-software/exbyte-blackbyteransamuueanogongjikurufukaxintanatetaqiequtsuruwozhankai
https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/
BLACKMAGIC https://blog.cyble.com/2022/12/07/a-closer-look-at-blackmagic-ransomware/
BLACKMATTER https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/
https://mytechdecisions.com/it-infrastructure/what-darksides-rebranding-means-for-it/
https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html
https://twitter.com/cyb3rops/status/1544216630296825856
https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://twitter.com/threatray/status/1544643305924960256
https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
https://www.itmedia.co.jp/news/articles/2108/16/news052.html
https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat
BLACKSHADOW (SPECTRAL KITTEN) https://www.binarydefense.com/threat_watch/blackshadow-threat-group-breaches-israeli-hosting-firm/
BLACKSNAKE https://blog.cyble.com/2023/03/09/blacksnake-ransomware-emerges-from-chaos-ransomwares-shadow/
BLACKSUIT https://blog.cyble.com/2023/05/12/blacksuit-ransomware-strikes-windows-and-linux-users/
https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html
https://www.trendmicro.com/ja_jp/research/23/h/investigating-blacksuit-ransomwares-similarities-to-royal.html
BLOODY https://securityaffairs.co/wordpress/136345/cyber-crime/bl00dy-ransomware-lockbit-3-encryptor.html
https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/
BLUESKY https://unit42.paloaltonetworks.jp/bluesky-ransomware/
BL4CKT0R https://www.tetradefense.com/wp-content/uploads/2021/08/ThreatIntel_July2021_RoundUp_Compressed.pdf
CATB (CAT99, BAXTOY) https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/
CACTUS https://www.group-ib.com/blog/shadowsyndicate-raas/
https://x.com/MsftSecIntel/status/1730383711437283757?s=20
https://securityaffairs.com/155184/cyber-crime/danabot-spread-cactus-ransomware.html
CERBER https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
https://www.itmedia.co.jp/news/articles/2108/16/news052.html
https://www.trendmicro.com/en_us/research/17/e/cerber-ransomware-evolution.html
https://www.trendmicro.com/ja_jp/research/23/l/cerber-ransomware-exploits-cve-2023-22518.html
https://cyble.com/blog/cerber2021-ransomware-back-in-action/
CHAOS https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree
CHEERS https://www.bleepingcomputer.com/news/security/cheerscrypt-ransomware-linked-to-a-chinese-hacking-group/
https://blog.trendmicro.co.jp/archives/31517
https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html
CHILE LOCKER (ARCRYPTER) https://www.fortinet.com/blog/threat-research/ransomware-roundup-bisamware-and-chile-locker
https://blog.cyble.com/2023/07/06/arcrypt-ransomware-evolves-with-multiple-tor-communication-channels/
CLOAK https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/
CLOP (別名:TA505) https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-worm-to-clop-ransomware-attacks/
https://securityaffairs.co/wordpress/137722/malware/raspberry-robin-clop-ransomware.html
https://www.bleepingcomputer.com/news/security/clop-ransomware-uses-truebot-malware-for-access-to-networks/
https://unit42.paloaltonetworks.jp/clop-ransomware/
https://www.bleepingcomputer.com/news/security/microsoft-notorious-fin7-hackers-return-in-clop-ransomware-attacks/
https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html
https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html
https://sectrio.com/deconstructing-cl0p-ransomware-moveit-2023-breach/
https://www.group-ib.com/blog/shadowsyndicate-raas/
CONTI https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/
https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html
https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/
https://news.sophos.com/ja-jp/2021/03/03/conti-ransomware-attack-day-by-day-jp/
https://www.bleepingcomputer.com/news/security/conti-ransomware-shows-signs-of-being-ryuks-successor/
https://www.fortinet.com/blog/threat-research/ransomware-roundup-new-vohuk-scarecrow-and-aerst-variants
https://twitter.com/uuallan/status/1564655718531219456
https://twitter.com/VK_Intel/status/1557003350541242369
https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html
https://unit42.paloaltonetworks.jp/atoms/conti-ransomware/
https://www.trendmicro.com/ja_jp/research/22/l/ransomware-spotlight-blackcat.html
https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html
https://www.axios.com/2023/05/09/royal-ransomware-us-cities-cybersecurity-hacking
https://www.trellix.com/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html
https://www.group-ib.com/blog/shadowsyndicate-raas/
https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html
COOMING PROJECT https://www.cisa.gov/uscert/ncas/alerts/aa22-110a
COREID https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps
https://www.techrepublic.com/article/colonial-pipeline-ransomware-group-using-new-tactics-to-become-more-dangerous/
https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/
https://www.zdnet.com/article/fin7-hackers-evolve-operations-with-ransomware-novel-backdoor/
CYCLOPS https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/
https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/
CRYKAL / CRYLOCK https://heimdalsecurity.com/blog/crylock-ransomware/
https://unit42.paloaltonetworks.jp/trigona-ransomware-update/
CRYPTOMIX https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf
CRYPTON https://cyware.com/news/what-is-crypton-ransomware-new-campaign-sees-hackers-exploiting-remote-desktop-services-097a4372
https://www.twx-threatintel.com/hobokomo-securitynews/20220706/tips-342/
CRYPTWALL https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf
CRYPTBB https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware
https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/
https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware
CRYPTXXX https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf
CYLANCE https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
CRYSIS https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware
CUBA https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-cuba
DAGON LOCKER https://asec.ahnlab.com/ko/41577/
DAIXIN https://www.bleepingcomputer.com/news/security/us-govt-warns-of-daixin-team-targeting-health-orgs-with-ransomware/
DARK ANGELS https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/
https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/
https://cyware.com/news/darkangels-a-rebranded-version-of-babuk-8c62474b
https://thecyberexpress.com/dark-angels-ransomware-dunghill-leak/
DARKRYPT https://www.digitalshadows.com/blog-and-research/ransomware-q4-overview/
DARKSIDE https://mytechdecisions.com/it-infrastructure/what-darksides-rebranding-means-for-it/
https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/
https://www.flashpoint.io/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/
DATAF https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
DEATHRANSOM https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/
DEFRAY777 https://unit42.paloaltonetworks.jp/ransomware-threat-assessments/8/
https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
DHARMA https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware
https://cyberenso.jp/types-of-ransomware/dharma-ransomware/
https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war
DIAVOL https://arcticwolf.com/resources/blog/karakurt-web/
https://www.fortinet.com/jp/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider
DIKE https://mdba.info/ransomware/2022/03/20/%E3%80%8C-dike%E3%80%8D%E3%80%8C-zozl%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2-202/
DONUT https://www.bleepingcomputer.com/news/security/donut-extortion-group-also-targets-victims-with-ransomware/
DOPPELPAYMER https://socradar.io/dark-web-threat-profile-grief-ransomware-group/
https://unit42.paloaltonetworks.jp/ransomware-threat-assessments/4/
https://socprime.com/blog/doppelpaymer-ransomware-detection/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
DUNGHILL https://thecyberexpress.com/dark-angels-ransomware-dunghill-leak/
ECH0RAIX https://unit42.paloaltonetworks.jp/ech0raix-ransomware-soho/
https://www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/
https://www.bleepingcomputer.com/ransomware/decryptor/ech0raix-ransomware-decryptor-restores-qnap-files-for-free/
EGREGOR https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://unit42.paloaltonetworks.jp/egregor-ransomware-courses-of-action/
https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html
EL_COMETA https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/
EMPEROR DRAGONFLY https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group
ENTROPY https://cyberintelmag.com/malware-viruses/dridex-malware-downloader-connected-to-entropy-ransomware/
https://news.sophos.com/ja-jp/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks-jp/
https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/
https://www.cyclonis.com/ja/entropy-ransomware-may-have-links-to-the-dridex-gang/
EP918 https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-28-3/
ERUPTION https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html
https://www.mandiant.com/resources/sabbath-ransomware-affiliate
https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html
EVEREST https://www.marketscreener.com/quote/stock/NCC-GROUP-PLC-4004767/news/NCC-Monthly-Threat-Pulse-ndash-November-2021-37387006/
https://kcm.trellix.com/corporate/index?page=content&id=KB96132
https://exchange.xforce.ibmcloud.com/threats/guid:63387e50bd9400dc12ea6b47140aa0db
https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/
https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/
EVIL CORP https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://twitter.com/vxunderground/status/1533948505043124224
https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/
https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions
https://e.cyberint.com/hubfs/Cyberint_Evil%20Corp%20Wastedlocker%20Ransomware_Report.pdf
https://heimdalsecurity.com/blog/macaw-locker-evil-corps-latest-version-makes-new-victims/
https://pchandy.net/2021/06/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/
https://threatpost.com/evil-corp-impersonates-payloadbin/166710/
https://socprime.com/blog/doppelpaymer-ransomware-detection/
https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/
https://www.bleepingcomputer.com/news/security/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/
https://www.enigmasoftware.com/dridex-gang-returns-with-wastedlocker-ransomware/
EXORCIST https://sequretek.com/wp-content/uploads/2018/10/Sequretek-Advisory-Exorcist-Ransomware_.pdf
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-24th-2020-navigation-failure/
FONIX (XINOF) https://www.malwarebytes.com/blog/news/2021/02/fonix-ransomware-gives-up-life-of-crime-apologises
GANDCRAB https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/
https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
GHOSTSEC https://www.sompocybersecurity.com/column/column/hacker-group-launches-ghostlocker-raas
https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/
GOOD DAY https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/
GRIEF https://socradar.io/dark-web-threat-profile-grief-ransomware-group/
https://cyberintelmag.com/malware-viruses/dridex-malware-downloader-connected-to-entropy-ransomware/
https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
GROOVE https://blogs.mcafee.jp/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates
https://krebsonsecurity.com/2021/11/the-groove-ransomware-gang-was-a-hoax/
https://medium.com/s2wblog/groove-x-ramp-the-relation-between-groove-babuk-ramp-and-blackmatter-f75644f8f92d
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.trellix.com/ja-jp/about/newsroom/stories/research/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates.html
HARON https://medium.com/s2wblog/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4
https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-44-3/
HARDBIT https://www.varonis.com/blog/hardbit-2.0-ransomware
https://www.suspectfile.com/interview-with-hardbit-ransomware-a-new-group-with-great-ambitions/
https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/
https://www.securityweek.com/hardbit-ransomware-offers-to-set-ransom-based-on-victims-cyberinsurance/
HELLB0RN https://www.zerofox.com/blog/the-underground-economist-issue-5/
HELLO KITY (FIVE HANDS) https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html
https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/
HERMES https://www.cybereason.co.jp/blog/ransomware/5607/
https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-hermes-ransomware-cyber-report.pdf
HITLER (AGL0BGVYCG) https://en.wikipedia.org/wiki/Hitler-Ransomware
HIVE https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html
https://www.bleepingcomputer.com/news/security/donut-extortion-group-also-targets-victims-with-ransomware/
https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html
https://northwave-security.com/conti-ryuk-and-hive-affiliates-the-hidden-link/
https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html
https://thehackernews.com/2023/11/new-ransomware-group-emerges-with-hives.html
https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war
https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/
HOLYGHOST https://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/
https://www.hackread.com/lessons-from-holy-ghost-ransomware-attacks/
https://www.digitalshadows.com/blog-and-research/holy-ghosts-bargain-basement-approach-to-ransomware/
HUNTERS INTERNATIONAL https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/
https://thehackernews.com/2023/11/new-ransomware-group-emerges-with-hives.html
ICEFIRE https://twitter.com/malwrhunterteam/status/1503484073406345224/photo/3
ISOS https://mdba.info/ransomware/2020/10/02/%E3%80%8C-isos%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2/
JIGSAW https://www.secureworld.io/industry-news/venezuelan-doctor-jigsaw-thanos-ransomware
http://maruyama-mitsuhiko.cocolog-nifty.com/security/2022/05/post-ea8ab8.html
JSWORM https://cyware.com/news/its-time-we-talk-about-jsworm-ransomware-32787a6b
https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/
KARAKURT https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/
KARMA https://blogs.blackberry.com/en/2021/11/threat-thursday-karma-ransomware
https://www.cyfirma.com/outofband/karma-leak-ransomware-technical-analysis/
https://gadgettendency.com/new-ransomware-group-karma-actually-renamed-nefilim/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/
KNIGHT https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/
https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/
LAPSUS$ https://wired.jp/article/okta-hack-microsoft-bing-code-leak-lapsus/
https://iototsecnews.jp/2022/09/13/cisco-data-breach-attributed-to-lapsus-ransomware-group/
https://jp.tenable.com/blog/brazen-unsophisticated-and-illogical-understanding-the-lapsus-extortion-group
LILITH https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/
LIZARD https://www.enigmasoftware.jp/lizardphobosransomware-sakujo/
LOCK4 https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
LOCKBIT (ABCD) https://www.herjavecgroup.com/herjavec-group-lockbit-2-0-ransomware-profile/
https://www.kaspersky.co.jp/resource-center/threats/lockbit-ransomware
LOCKBIT2.0 https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/
https://www.herjavecgroup.com/herjavec-group-lockbit-2-0-ransomware-profile/
https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions
https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/
https://www.group-ib.com/blog/bablock-ransomware/
https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html
https://twitter.com/alvierid/status/1737763750940151998?s=61&t=cbDfoCunjPFFOy6AuZb1rw
LOCKBIT3.0 https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/
https://twitter.com/threatray/status/1544643305924960256
https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware
https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/
LOCKDATA https://www.pcrisk.com/removal-guides/23846-lockdata-ransomware
LOCKERGOGA https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war
LOCKFILE https://medium.com/s2wblog/atomsilo-x-lockfile-atomsilo-copied-blackmatter-and-cerber-for-operating-the-double-extortion-site-7fb5aaac5f21
https://news.sophos.com/ja-jp/2021/09/06/lockfile-ransomwares-box-of-tricks-intermittent-encryption-and-evasion-jp/
LOKI LOCKER https://blogs.blackberry.com/ja/jp/2022/07/blackberry-prevents-lokilocker
https://asec.ahnlab.com/en/51497/
https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/
LORENZ https://www.avertium.com/resources/threat-reports/an-in-depth-look-at-lorenz-ransomware
https://www.cybereason.com/blog/research/cybereason-vs.-lorenz-ransomware
https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
LOSTTRUST https://www.bleepingcomputer.com/news/security/meet-losttrust-ransomware-a-likely-rebrand-of-the-metaencryptor-gang/
LV https://www.secureworks.com/research/lv-ransomware
MACAW LOCKER https://heimdalsecurity.com/blog/macaw-locker-evil-corps-latest-version-makes-new-victims/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.bleepingcomputer.com/news/security/evil-corp-demands-40-million-in-new-macaw-ransomware-attacks/
MAILTO https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/
MARIO https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html
MALLOX (FARGO) https://www.suspectfile.com/interview-with-mallox-ransomware-group/
MAZE https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.zerofox.com/blog/maze-recent-ransomware-attacks/
MBC https://www.thenationalnews.com/business/2021/08/21/mbc-ransomware-group-claims-responsibility-for-cyber-attack-on-irans-railway-network/
https://twitter.com/S0ufi4n3/status/1541150802332598279
MEDUSA LOCKER https://www.cybereason.co.jp/blog/ransomware/5546/
MEGACORTEX https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war
https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html
MEOW https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/
https://www.bleepingcomputer.com/news/security/conti-based-ransomware-meowcorp-gets-free-decryptor/
METAENCRYPTOR https://www.bleepingcomputer.com/news/security/meet-losttrust-ransomware-a-likely-rebrand-of-the-metaencryptor-gang/
MICHAELKORS https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
MIDAS https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-44-3/
MINDWARE https://www.sentinelone.com/blog/from-the-front-lines-another-rebrand-mindware-and-sfile-ransomware-technical-breakdown/
MOISHA https://cyware.com/news/new-moisha-ransomware-pulls-off-highly-targeted-attacks-4be35d93
https://blog.cyble.com/2022/08/25/moisha-ransomware-in-action/
MONTI https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger
https://intel471.com/blog/conti-vs-monti-a-reinvention-or-just-a-simple-rebranding
https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html
MOUNT LOCKER https://asec.ahnlab.com/ko/41577/
https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html
https://twitter.com/Arkbird_SOLG/status/1393994616496590848
https://twitter.com/darktracer_int/status/1433694601076822016
https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/
https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/
https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware
https://www.cyclonis.com/ja/mount-locker-ransomware-is-getting-more-dangerous/
https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf
https://www.barracuda.co.jp/mountlocker-ransomware/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.guidepointsecurity.com/blog/mount-locker-ransomware-steps-up-counter-ir-capabilities/
MY DECRYPTER (MAGNIBER) https://www.2-spyware.com/remove-my-decryptor-ransomware-virus.html
https://howtofix.guide/ransomware/magniber/
https://japan.zdnet.com/paper/30001345/30005842/
N4UGHTYSEC https://www.pkware.com/blog/monthly-breach-report-april-2022-edition
https://www.itweb.co.za/content/o1Jr5Mx9BVjqKdWL
NB65 https://securityaffairs.co/130051/hacktivism/nb65-modified-version-conti-ransomware.html
https://www.malwarebytes.com/blog/news/2022/04/conti-ransomware-offshoot-targets-russian-organizations
NEFILIM https://cyberenso.jp/types-of-ransomware/nephilim-ransomware/
https://gadgettendency.com/new-ransomware-group-karma-actually-renamed-nefilim/
https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
NEMTY https://www.bitdefender.com/blog/hotforsecurity/nemty-ransomware-gang-shuts-down-public-gig-announces-exclusive-business-model
https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/
NETWALKER https://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/
https://www.cybereason.co.jp/blog/ransomware/5845/
NETWORM (N3TW0RM) https://www.bleepingcomputer.com/news/security/n3tw0rm-ransomware-emerges-in-wave-of-cyberattacks-in-israel/
https://www.acronis.com/en-us/blog/posts/n3tw0rm-ransomware/
NEVADA https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokoyawa-variant
NIGHT SKY https://twitter.com/vinopaljiri/status/1480059715392622597
https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md
https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html
https://twitter.com/Arkbird_SOLG/status/1503435955306434562
https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group
https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/
NOSCCAPE https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/#google_vignette
https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/
NOKOYAWA https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/
https://www.fortinet.com/blog/threat-research/nokoyawa-variant-catching-up
https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/
https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html
https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html
https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokoyawa-variant
https://www.group-ib.com/blog/shadowsyndicate-raas/
https://www.group-ib.com/blog/farnetwork/
OMEGA https://www.bleepingcomputer.com/news/security/new-0mega-ransomware-targets-businesses-in-double-extortion-attacks
https://cyware.com/news/new-0mega-ransomware-joins-the-double-extortion-threat-landscape-158fb321/
ONEPERCENT https://cybersecurity-info.com/news/fbi-onepercent-group/
ONYX https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree
PANDORA https://twitter.com/Arkbird_SOLG/status/1503435955306434562
https://www.avertium.com/resources/threat-reports/in-depth-pandora-ransomware
https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/
https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/
https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/
PHOBOS https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
PAY2KEY https://www.binarydefense.com/threat_watch/blackshadow-threat-group-breaches-israeli-hosting-firm/
PAYLOAD.BIN https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.databreaches.net/babuk-re-organizes-as-payload-bin-offers-its-first-leak/
PHOBOS https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware
https://www.enigmasoftware.jp/steelransomware-sakujo/
https://www.enigmasoftware.jp/lizardphobosransomware-sakujo/
https://mdba.info/ransomware/2020/10/02/%E3%80%8C-isos%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2/
https://mdba.info/ransomware/2022/03/20/%E3%80%8C-dike%E3%80%8D%E3%80%8C-zozl%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2-202/
PHOENIX LOCKER https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://iototsecnews.jp/2022/06/02/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/
PLAY https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
https://www.group-ib.com/blog/shadowsyndicate-raas/
POLYVICE https://securityaffairs.co/139924/cyber-crime/vice-society-ransomware-custom-locker.html
https://cyware.com/news/vice-society-adds-custom-branded-payload-polyvice-to-its-arsenal-a335bbe1
PROLOCK https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-with-qakbot-trojan-for-network-access/
https://www.intrinsec.com/egregor-prolock/
https://www.cisa.gov/sites/default/files/2023-02/202010221030_qakbot_tlpwhite.pdf
https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/qakbot
https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html
PROMETHEUS https://medium.com/s2wblog/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.cybereason.co.jp/blog/ransomware/6559/
PUTIN TEAM https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/
PWNDLOCKER https://www.bleepingcomputer.com/news/security/new-pwndlocker-ransomware-targeting-us-cities-enterprises/
https://www.bleepingcomputer.com/news/security/pwndlocker-fixes-crypto-bug-rebrands-as-prolock-ransomware/
https://malpedia.caad.fkie.fraunhofer.de/details/win.pwndlocker
https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html
PYSA / MESPINOZA https://www.cybereason.co.jp/blog/ransomware/7069/
https://www.emsisoft.com/en/blog/38840/ransomware-profile-mespinoza-pysa/
https://www.cybersecurity-insiders.com/details-of-new-pysa-n-everest-ransomware/
QILIN (AGENDA) https://securityaffairs.co/wordpress/139811/cyber-crime/agenda-ransomware-rust.html
https://www.trendmicro.com/ja_jp/research/22/i/new-golang-ransomware-agenda-customizes-attacks.html
https://www.guidepointsecurity.com/blog/grit-ransomware-report-october-2022/
https://twitter.com/alvierid/status/1737763750940151998?s=61&t=cbDfoCunjPFFOy6AuZb1rw
QLOCKER https://iototsecnews.jp/2022/01/16/a-new-wave-of-qlocker-ransomware-attacks-targets-qnap-nas-devices/
https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/
QUANTUM https://asec.ahnlab.com/ko/41577/
https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html
https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware
https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/
https://www.group-ib.com/blog/shadowsyndicate-raas/
RA GROUP https://riskybiznews.substack.com/p/risky-biz-news-chinas-great-firewall
RAGNAR LOCKER https://automaton-media.com/articles/newsjp/20201110-142870/
https://blog.cyble.com/2022/01/20/deep-dive-into-ragnar-locker-ransomware-gang/
https://www.cybereason.com/blog/threat-analysis-report-ragnar-locker-ransomware-targeting-the-energy-sector
https://www.europol.europa.eu/media-press/newsroom/news/ragnar-locker-ransomware-gang-taken-down-international-police-swoop
https://therecord.media/ragnar-locker-ransomware-site-taken-down-fbi-europol
https://www.malwarebytes.com/blog/news/2023/10/ragnar-locker-taken-down
RAGNAROK https://www.fortinet.com/jp/blog/threat-research/ranion-ransomware-quiet-and-persistent-raas
https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/
https://therecord.media/ragnarok-ransomware-operation-shuts-down-and-releases-free-decrypter/
https://resources.infosecinstitute.com/topic/malware-analysis-ragnarok-ransomware/
RAMP https://www.advintel.io/post/groove-vs-babuk-groove-ransom-manifesto-ramp-underground-platform-secret-inner-workings
https://securityaffairs.co/121985/cyber-crime/groove-gang-fortinet-leaks.html
RANION https://www.fortinet.com/jp/blog/threat-research/ranion-ransomware-quiet-and-persistent-raas
https://www.digitalshadows.com/blog-and-research/ransomware-franchising-how-do-groups-get-started/
RANSOM CARTEL https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/
RANSOMCORP https://twitter.com/signorina37H/status/1724314318856941729
https://twitter.com/AlvieriD/status/1724269503633056240
https://twitter.com/EquationCorp/status/1724592227978985836
https://twitter.com/FalconFeedsio/status/1697879943911518363
RANSOMED.VC https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild
https://www.zerofox.com/blog/ransomed-vc-sunsets-operations-auctions-off-infrastructure/
https://twitter.com/signorina37H/status/1724314318856941729
https://twitter.com/AlvieriD/status/1724269503633056240
https://twitter.com/EquationCorp/status/1724592227978985836
https://twitter.com/FalconFeedsio/status/1697879943911518363
https://twitter.com/karol_paciorek/status/1734590357260673170
RANSOMEXX https://therecord.media/ibm-ransomexx-becomes-latest-ransomware-group-to-create-rust-variant/
https://www.cybereason.co.jp/blog/ransomware/5795/
https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
RANSOMHOUSE https://www.the420.in/ransomware-attack-on-pharma-company-aarti-drugs/
https://www.malwarebytes.com/blog/news/2022/05/threat-profile-ransomhouse-makes-extortion-work-without-ransomware
https://www.scmagazine.com/brief/risk-management/novel-ransomhouse-cybercrime-operation-detailed
https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/
https://cyberint.com/blog/research/ransomhouse/
https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html
RANZY LOCKER https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker
REDALERT(N13V) https://socradar.io/redalert-ransomware-targets-windows-and-linux-mware-esxi-servers/
https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
RELIC https://angle.ankura.com/post/102i1mb/relic-project-a-new-threat-group-or-rebranded-ransomware
REVIL (SODINOKIBI) https://blogs.mcafee.jp/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars
https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/
https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
https://www.flashpoint.io/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/
https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/qakbot
https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html
RHYSIDA https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/
https://socradar.io/threat-profile-rhysida-ransomware/
https://thehackernews.com/2023/08/new-report-exposes-vice-societys.html
ROBBINHOOD https://www.sompocybersecurity.com/column/column/a72
ROOK https://www.prsol.cc/ja/post-2773/
https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md
https://twitter.com/Arkbird_SOLG/status/1503435955306434562
https://twitter.com/vinopaljiri/status/1480059715392622597
https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/
https://www.avertium.com/resources/threat-reports/in-depth-pandora-ransomware
ROYAL https://heimdalsecurity.com/blog/royal-ransomware-operation-amplifying-in-multi-million-dollar-attacks/
https://www.cybereason.com/blog/royal-ransomware-analysis
https://www.scmagazine.com/brief/ransomware/royal-ransomware-tied-to-conti-gang
https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks/
https://blog.cyble.com/2023/05/12/blacksuit-ransomware-strikes-windows-and-linux-users/
https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html
https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html
https://www.axios.com/2023/05/09/royal-ransomware-us-cities-cybersecurity-hacking
https://www.trellix.com/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html
https://www.trendmicro.com/ja_jp/research/23/h/investigating-blacksuit-ransomwares-similarities-to-royal.html
https://www.group-ib.com/blog/shadowsyndicate-raas/
RTM https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
RYUK https://www.cybereason.co.jp/blog/ransomware/5607/
https://www.trendmicro.com/ja_jp/what-is/ransomware/ryuk-ransomware.html
https://www.group-ib.com/blog/shadowsyndicate-raas/
SABBATH https://www.mandiant.com/resources/sabbath-ransomware-affiliate
https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html
https://www.anvilogic.com/threat-reports/unc2190-arcane-and-sabbath
SAMSAM https://cyble.com/blog/cerber2021-ransomware-back-in-action/
https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public:
SCARECROW https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/
SCHOOLBOYS https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/
SEKHMET https://news.sophos.com/ja-jp/2020/12/15/egregor-ransomware-mazes-heir-apparent-jp/
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
ShadowSyndicate https://www.group-ib.com/blog/shadowsyndicate-raas/
SHAOLEAKS https://www.guidepointsecurity.com/blog/grit-ransomware-report-october-2022/
SIEGEDSEC https://twitter.com/karol_paciorek/status/1734590357260673170
https://www.sompocybersecurity.com/column/column/hacker-group-launches-ghostlocker-raas
https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/
SILENT RANSOM GROUP https://www.bleepingcomputer.com/news/security/ransomware-gangs-move-to-callback-social-engineering-attacks/
https://cyware.com/news/ransomware-gangs-use-callback-phishing-method-to-target-corporate-networks-ce1b0069
SNAPMC https://www.nccgroup.com/jp/snapmc-the-non-ransomware-blackmail-attack/
https://www.bleepingcomputer.com/news/security/bianlian-ransomware-gang-shifts-focus-to-pure-data-extortion/
https://www.bleepingcomputer.com/news/security/snapmc-hackers-skip-file-encryption-and-just-steal-your-files/
SNATCH https://www.picussecurity.com/resource/snatch-ransomware-gang
https://thedfirreport.com/2020/06/21/snatch-ransomware/
SOLIDBIT https://medium.com/s2wblog/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16
SPARTA https://ke-la.com/wp-content/uploads/2022/11/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022-JA.pdf
SPARTACUS https://cyble.com/blog/cerber2021-ransomware-back-in-action/
https://www.malwarebytes.com/blog/news/2018/04/spartacus-introduction-unsophisticated-ransomware
SPOOK https://medium.com/s2wblog/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
STEEL https://www.enigmasoftware.jp/steelransomware-sakujo/
STORMOUS https://socradar.io/who-is-stormous-ransomware-group/
https://securelist.com/new-ransomware-trends-in-2022/106457/
https://cdn.www.gob.pe/uploads/document/file/3290929/Alerta%20integrada%20de%20seguridad%20digital%20N%C2%B0%20168-2022-CNSD.pdf.pdf
https://www.sompocybersecurity.com/column/column/hacker-group-launches-ghostlocker-raas
https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/
https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/
SUGAR https://defpr.com/sugar-ransomware/
SUNCRYPT https://analyst1.com/ransomware-diaries-volume-1/
https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-is-still-alive-and-kicking-in-2022/
https://minerva-labs.com/blog/suncrypt-ransomware-gains-new-abilities-in-2022/
SYNACK https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/
SZ40 https://www.cybereason.com/blog/research/cybereason-vs.-lorenz-ransomware
THANOS https://www.secureworld.io/industry-news/venezuelan-doctor-jigsaw-thanos-ransomware
http://maruyama-mitsuhiko.cocolog-nifty.com/security/2022/05/post-ea8ab8.html
THUNDER X https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker
TOMMYLEAKS https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/
TREEAM https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
https://www.group-ib.com/blog/shadowsyndicate-raas/
TRIGONA https://unit42.paloaltonetworks.jp/trigona-ransomware-update/
https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html
https://therecord.media/trigona-ransomware-group-website-takedown-ukrainian-cyber-alliance
VASA LOCKER (BABY) https://cyberint.com/blog/research/babuk-locker/
https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html
VEGA https://www.picussecurity.com/resource/zeppelin-ransomware-analysis-simulation-and-mitigation
https://blogs.blackberry.com/en/2019/12/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe
VICE SOCIETY https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
https://securityaffairs.co/wordpress/139924/cyber-crime/vice-society-ransomware-custom-locker.html
https://therecord.media/microsoft-ties-vice-society-hackers-to-additional-ransomware-strains/
https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/
https://socradar.io/threat-profile-rhysida-ransomware/
VSOP https://blog.cyble.com/2022/08/10/onyx-ransomware-renames-its-leak-site-to-vsop/
WASTEDLOCKER https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html
WHITERABBIT https://www.crn.com.au/news/amd-claims-potential-attack-from-ransomhouse-gang-582029
https://howtofix.guide/white-rabbit-ransomware/
https://twitter.com/malwrhunterteam/status/1560327142621208577
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html
https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/
https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html
https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html
X001XS https://www.insicurezzadigitale.com/en/nuovo-leak-site-nuovo-gruppo-ransomware-ex-rook/
WEREWOLVES https://twitter.com/alvierid/status/1737763750940151998?s=61&t=cbDfoCunjPFFOy6AuZb1rw
XING https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html
https://twitter.com/darktracer_int/status/1433694601076822016
https://twitter.com/LawrenceAbrams/status/1519495698680623104
https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware
https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/
https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf
https://www.trendmicro.com/en_us/research/21/j/ransomware-operators-found-using-new-franchise-business-model.html
YANLUOWANG https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html
https://iototsecnews.jp/2022/09/01/infra-used-in-cisco-hack-also-targeted-workforce-management-solution/
YASHMA https://medium.com/s2wblog/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16
https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree
ZEON https://exchange.xforce.ibmcloud.com/malware-analysis/guid:c0a25a3d60116cf5142da3303876ce16
https://www.sentinelone.com/blog/from-the-front-lines-3-new-and-emerging-ransomware-threats-striking-businesses-in-2022/
ZEPPELIN https://www.picussecurity.com/resource/zeppelin-ransomware-analysis-simulation-and-mitigation
https://blogs.blackberry.com/en/2019/12/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe
https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/

MBSD Cyber Intelligence Group (CIG)

シェアする ツイートする