本サイトは、快適にご利用いただくためにクッキー(Cookie)を使用しております。
Cookieの使用に同意いただける場合は「同意する」ボタンを押してください。
なお本サイトのCookie使用については、「個人情報保護方針」をご覧ください。
本図は世界で確認されてきた主なランサムウェア攻撃グループ(※1)のうち、「リブランド」を軸とした複合的視点による組織間の繋がりを図示したものである(※2)。
本Rev.2は、昨年2022年5月に公開し好評を頂いたRev.1から、日々移り変わる様々な観点の関連情報を多数追加し大きくアップデートした更新版となる。現在までに確認されてきたランサムウェア攻撃グループに関するあらゆる繋がりを可能な限り盛り込んだ。
本図から、ランサムウェア攻撃グループの多くがお互いに何からの関連性を持ち活動している背景が浮かび上がる。CONTIやBABUKをはじめソースコードの流出やグループの解散/テイクダウンなどの影響が他の新種出現へ顕著に繋がる流れが見て取れる。一方、NIGHT SKYなどのように、周辺グループとの繋がりから特定国に帰属する攻撃者像が浮き上がってくるケースもある。全体を通して見え隠れするアフィリエイトの共通性などから、ランサムウェア攻撃グループの表面的な組織数とは裏腹に、背後にいる攻撃者らの絶対数は一般に想像されるよりも少ない可能性などもここから推測できるだろう。
本図では、暴露活動の有無や活動拠点の概要なども一覧で把握できるようにしており、攻撃グループ名の索引も付録として添えているため、インシデント発生時の情報収集用途など辞書的な使い方としても是非活用してほしい。
(※1) 暴露型や話題性の高いグループを選抜。攻撃グループが使用するランサムウェアの名称も一部含む。
(※2) MBSDの独自調査の他、世界各国の様々なセキュリティーベンダーの公開/発信情報を元に作成。
(Rev.1:2022年5月下旬作成)
(Rev.2:2023年2月上旬作成)
(日本語版) ダウンロードはこちら▼
MBSD_History_of_ransomware_group_connections_and_transitions_JPN_Rev.2.12.pdf
(印刷する場合はA3以上を推奨)
(English version) Please click to download▼
MBSD_History_of_ransomware_group_connections_and_transitions_ENG_Rev.2.12.pdf
(Recommend to print on A3 or larger size.)
Rev.2のマイナーバージョンアップに関する更新履歴については以下の通り。
| マイナーバージョン更新履歴 | 主な更新箇所 | 更新日付 |
| 2.00 | ・初期バージョン一般公開 | 2023/2/2 |
| 2.01 | ・HELLO KITTYのスペル修正 ・NEVADAの新規追加 ・LAPSUS$のコメント修正 ・英語版の追加 ・その他、細部の変更 |
2023/2/7 |
| 2.02 | ・MEDUSA、ZEPPELIN、NEVADAの情報変更 ・VEGA、DARKBIT に関する情報追加 |
2023/2/16 |
| 2.03 | ・ CONTI、QUANTUM間の補助線にコメント追加 ・ HARDBIT の新規追加 ・ V IS VENDETTA の新規追加 ・ その他、細部の変更 |
2023/3/6 |
| 2.04 | ・ BLACKSNAKEの新規追加 ・ DARK POWERの新規追加 ・ SNAPMCの新規追加 ・ SZ40の新規追加 ・ MEOWのコメントを追加 ・ MONTIとDONUTとの関係性を追加 ・ BLOODYの情報変更 |
2023/3/20 |
| 2.05 | ・ ABYSSの新規追加 ・ CATB(CATB99,BAXTOY)の新規追加 ・ BLOODYの情報変更 ・ STORMOUSの情報変更 |
2023/3/28 |
| 2.06 | ・ BADLOCK(RORSCHACH)の新規追加 ・ AKIRAの新規追加 ・ CIPHERLOCKERの新規追加 ・ DUNGHILLの新規追加 ・ TRIGONAの新規追加 |
2023/4/25 |
| 2.07 | ・ ELBIEの新規追加 ・ LOKI LOCKERの新規追加 ・ BLACKBITの新規追加 ・ BLACKSUITの新規追加 ・ RA GROUPの新規追加 ・ CACTUSの新規追加 ・ AKIRAの新規追加 |
2023/5/12 |
| 2.08 | ・ 8BASEの新規追加 ・ CYCLOPSの新規追加 ・ DARKRACEの新規追加 ・ ESXIARGSの新規追加 ・ LA PIOVRAの新規追加 ・ MALASのの新規追加 ・ NEBULAの新規追加 ・ NOESCAPEの新規追加 ・ RHYSIDAの新規追加 ・ SHADOWの新規追加 ・ BADLOCKの情報変更 ・ BLACKSUITの情報変更 ・ BLOODYの情報変更 ・ CLOPの情報変更 ・ NEVADAの情報変更 ・ NOKOYAWAの情報変更 ・ ROYALのの情報変更 ・ SNATCHの情報変更 |
2023/6/16 |
| 2.09 | ・ BIG HEADの新規追加 ・ INC RANSOMの新規追加 ・ KNIGHTの新規追加 ・ METAENCRYPTORの新規追加 ・ 8BASEの情報変更 ・ AVADDONの情報変更 ・ BLACKSUITの情報変更 ・ CACTUSの情報変更 ・ CHILE LOCKERの情報変更 ・ CYCLOPSの情報変更 ・ NOESCAPEの情報変更 ・ RHYSIDAの情報変更 ・ ROYALの情報変更 ・ SNATCHの情報変更 |
2023/8/21 |
| 2.10 | ・ CIPHBITの新規追加 ・ CLOAKの新規追加 ・ CRYPTBBの新規追加 ・ CRYPTNETの新規追加 ・ GOOD DAYの新規追加 ・ LOSTTRUSTの新規追加 ・ RANCOZの新規追加 ・ RANSOMED.VCの新規追加 ・ THREEAMの新規追加 ・ ALPHV (BLACKCAT)の情報変更 ・ BIANLIANの情報変更 ・ CACTUSの情報変更 ・ CLOPの情報変更 ・ DARKSIDEの情報変更 ・ EVERESTの情報変更 ・ LOCKBIT3.0の情報変更 ・ METAENCRYPTORの情報変更 ・ NOKOYAWAの情報変更 ・ PLAYの情報変更 ・ QUANTUMの情報変更 ・ ROYALの情報変更 ・ ランサムウェア攻撃グループのアクティブ状況を再定義 ・ ShadowSyndicateに関する項目を新規追加 |
2023/10/4 |
| 2.11 | ・ CONTIの情報変更 ・ RYUKの情報変更 ・ ShadowSyndicateの情報変更 |
2023/10/4 |
本図の作成に際して、弊社独自調査に併せ情報ソースとして参考にした主な参照先は以下の通り。
| ランサムウェア攻撃グループ名 | 関連情報として参考にさせて頂いた主な参照先 |
| 8BASE | https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html https://thecyberexpress.com/losttrust-claims-ferguson-wellman-cyber-attack/ https://twitter.com/ido_cohen2/status/1702742049328443826 |
| AKO | https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker https://www.bleepingcomputer.com/news/security/ako-ransomware-another-day-another-infection-attacking-businesses/ |
| ALPHV (BLACKCAT) | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/ https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| ARCANE | https://www.natlawreview.com/article/rebranded-ransomware-group-sabbath-hitting-hospitals-and-schools |
| ARVINCLUB | https://cloudsek.com/threatintelligence/ransomware-group-profile-arvin-club/ |
| ASTRO (ASTRA) | https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/Arkbird_SOLG/status/1393994616496590848 https://twitter.com/darktracer_int/status/1433694601076822016 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/ https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.mbsd.jp/research/20210415/astro-locker/ https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf |
| ATOMSILO | https://medium.com/s2wblog/atomsilo-x-lockfile-atomsilo-copied-blackmatter-and-cerber-for-operating-the-double-extortion-site-7fb5aaac5f21 https://news.sophos.com/ja-jp/2021/10/11/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack-jp/ |
| AVADDON | https://medium.com/s2wblog/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4 https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/#google_vignette |
| AVOSLOCKER | https://www.trendmicro.com/ja_jp/research/22/g/ransomware-spotlight-avoslocker.html https://iototsecnews.jp/2022/09/07/google-says-former-conti-ransomware-members-now-attack-ukraine/#more-27616 https://www.bleepingcomputer.com/news/security/fbi-avoslocker-ransomware-targets-us-critical-infrastructure/ |
| AXXES | https://cloudsek.com/threatintelligence/axxes-ransomware-group-appears-to-be-the-rebranded-version-of-midas-group/ |
| BABUK2023 | https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html |
| BLACKSNAKE | https://blog.cyble.com/2023/03/09/blacksnake-ransomware-emerges-from-chaos-ransomwares-shadow/ |
| BABUK | https://cyberint.com/blog/research/babuk-locker/ https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/ https://blog.trendmicro.co.jp/archives/31517 https://cybelangel.com/blog/babuk-group-just-another-ransomware-gang/ https://www.bleepingcomputer.com/news/security/babuk-ransomware-readies-shut-down-post-plans-to-open-source-malware/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.databreaches.net/babuk-re-organizes-as-payload-bin-offers-its-first-leak/ https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://www.group-ib.com/blog/bablock-ransomware/ https://riskybiznews.substack.com/p/risky-biz-news-chinas-great-firewall https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo |
| BLACKSUIT | https://blog.cyble.com/2023/05/12/blacksuit-ransomware-strikes-windows-and-linux-users/ https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html https://www.trendmicro.com/ja_jp/research/23/h/investigating-blacksuit-ransomwares-similarities-to-royal.html |
| BIG HEAD | https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html |
| BADLOCK(RORSCHACH) | https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://www.group-ib.com/blog/bablock-ransomware/ |
| BITPAYMER | https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.bleepingcomputer.com/news/security/bitpaymer-ransomware-infection-forces-alaskan-town-to-use-typewriters-for-a-week/ |
| BL4CKT0R | https://www.tetradefense.com/wp-content/uploads/2021/08/ThreatIntel_July2021_RoundUp_Compressed.pdf |
| BLACK BASTA | https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-the-fin7-hacking-group/ https://www.cybereason.com/blog/cybereason-vs.-black-basta-ransomware https://www.trendmicro.com/ja_jp/research/22/f/examining-the-black-basta-ransomwares-infection-routine.html https://www.zscaler.com/blogs/security-research/back-black-basta |
| BLACKBIT | https://asec.ahnlab.com/en/51497/ https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/ |
| BLACKBYTE | https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbyte https://www.trendmicro.com/ja_jp/research/22/i/ransomware-spotlight-blackbyte.html https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-gang-is-back-with-new-extortion-tactics/ https://www.anvilogic.com/threat-reports/conti-its-subsidiary-group-blackbyte https://broadcom-software.security.com/blogs/japanese-broadcom-software/exbyte-blackbyteransamuueanogongjikurufukaxintanatetaqiequtsuruwozhankai https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/ |
| BLACKMAGIC | https://blog.cyble.com/2022/12/07/a-closer-look-at-blackmagic-ransomware/ |
| BLACKMATTER | https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/ https://mytechdecisions.com/it-infrastructure/what-darksides-rebranding-means-for-it/ https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html https://twitter.com/cyb3rops/status/1544216630296825856 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://twitter.com/threatray/status/1544643305924960256 https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.itmedia.co.jp/news/articles/2108/16/news052.html https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/ https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat |
| BLACKSHADOW (SPECTRAL KITTEN) | https://www.binarydefense.com/threat_watch/blackshadow-threat-group-breaches-israeli-hosting-firm/ |
| BLOODY | https://securityaffairs.co/wordpress/136345/cyber-crime/bl00dy-ransomware-lockbit-3-encryptor.html https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/ |
| BLUESKY | https://unit42.paloaltonetworks.jp/bluesky-ransomware/ |
| CATB (CAT99, BAXTOY) | https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/ https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/ |
| CACTUS | https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| CERBER | https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.itmedia.co.jp/news/articles/2108/16/news052.html https://www.trendmicro.com/en_us/research/17/e/cerber-ransomware-evolution.html |
| CHAOS | https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree |
| CHEERS | https://www.bleepingcomputer.com/news/security/cheerscrypt-ransomware-linked-to-a-chinese-hacking-group/ https://blog.trendmicro.co.jp/archives/31517 https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html |
| CHILE LOCKER (ARCRYPTER) | https://www.fortinet.com/blog/threat-research/ransomware-roundup-bisamware-and-chile-locker https://blog.cyble.com/2023/07/06/arcrypt-ransomware-evolves-with-multiple-tor-communication-channels/ |
| CLOAK | https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/ |
| CLOP (別名:TA505) | https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-worm-to-clop-ransomware-attacks/ https://securityaffairs.co/wordpress/137722/malware/raspberry-robin-clop-ransomware.html https://www.bleepingcomputer.com/news/security/clop-ransomware-uses-truebot-malware-for-access-to-networks/ https://unit42.paloaltonetworks.jp/clop-ransomware/ https://www.bleepingcomputer.com/news/security/microsoft-notorious-fin7-hackers-return-in-clop-ransomware-attacks/ https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html https://sectrio.com/deconstructing-cl0p-ransomware-moveit-2023-breach/ https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| CONTI | https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/ https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ https://news.sophos.com/ja-jp/2021/03/03/conti-ransomware-attack-day-by-day-jp/ https://www.bleepingcomputer.com/news/security/conti-ransomware-shows-signs-of-being-ryuks-successor/ https://www.fortinet.com/blog/threat-research/ransomware-roundup-new-vohuk-scarecrow-and-aerst-variants https://twitter.com/uuallan/status/1564655718531219456 https://twitter.com/VK_Intel/status/1557003350541242369 https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://unit42.paloaltonetworks.jp/atoms/conti-ransomware/ https://www.trendmicro.com/ja_jp/research/22/l/ransomware-spotlight-blackcat.html https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/ https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html https://www.axios.com/2023/05/09/royal-ransomware-us-cities-cybersecurity-hacking https://www.trellix.com/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| COOMING PROJECT | https://www.cisa.gov/uscert/ncas/alerts/aa22-110a |
| COREID | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps https://www.techrepublic.com/article/colonial-pipeline-ransomware-group-using-new-tactics-to-become-more-dangerous/ https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/ https://www.zdnet.com/article/fin7-hackers-evolve-operations-with-ransomware-novel-backdoor/ |
| CYCLOPS | https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/ |
| CRYKAL / CRYLOCK | https://heimdalsecurity.com/blog/crylock-ransomware/ https://unit42.paloaltonetworks.jp/trigona-ransomware-update/ |
| CRYPTOMIX | https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf |
| CRYPTON | https://cyware.com/news/what-is-crypton-ransomware-new-campaign-sees-hackers-exploiting-remote-desktop-services-097a4372 https://www.twx-threatintel.com/hobokomo-securitynews/20220706/tips-342/ |
| CRYPTWALL | https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf |
| CRYPTBB | https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/ https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware |
| CRYPTXXX | https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf |
| CYLANCE | https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html |
| CRYSIS | https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware |
| CUBA | https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-cuba |
| DAGON LOCKER | https://asec.ahnlab.com/ko/41577/ |
| DAIXIN | https://www.bleepingcomputer.com/news/security/us-govt-warns-of-daixin-team-targeting-health-orgs-with-ransomware/ |
| DARK ANGELS | https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/ https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/ https://cyware.com/news/darkangels-a-rebranded-version-of-babuk-8c62474b https://thecyberexpress.com/dark-angels-ransomware-dunghill-leak/ |
| DARKRYPT | https://www.digitalshadows.com/blog-and-research/ransomware-q4-overview/ |
| DARKSIDE | https://mytechdecisions.com/it-infrastructure/what-darksides-rebranding-means-for-it/ https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/ https://www.flashpoint.io/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/ |
| DATAF | https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html |
| DEFRAY777 | https://unit42.paloaltonetworks.jp/ransomware-threat-assessments/8/ https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ |
| DHARMA | https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware https://cyberenso.jp/types-of-ransomware/dharma-ransomware/ |
| DIAVOL | https://arcticwolf.com/resources/blog/karakurt-web/ https://www.fortinet.com/jp/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider |
| DIKE | https://mdba.info/ransomware/2022/03/20/%E3%80%8C-dike%E3%80%8D%E3%80%8C-zozl%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2-202/ |
| DONUT | https://www.bleepingcomputer.com/news/security/donut-extortion-group-also-targets-victims-with-ransomware/ |
| DOPPELPAYMER | https://socradar.io/dark-web-threat-profile-grief-ransomware-group/ https://unit42.paloaltonetworks.jp/ransomware-threat-assessments/4/ https://socprime.com/blog/doppelpaymer-ransomware-detection/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ |
| DUNGHILL | https://thecyberexpress.com/dark-angels-ransomware-dunghill-leak/ |
| ECH0RAIX | https://unit42.paloaltonetworks.jp/ech0raix-ransomware-soho/ https://www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/ https://www.bleepingcomputer.com/ransomware/decryptor/ech0raix-ransomware-decryptor-restores-qnap-files-for-free/ |
| EGREGOR | https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://unit42.paloaltonetworks.jp/egregor-ransomware-courses-of-action/ |
| EL_COMETA | https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/ |
| EMPEROR DRAGONFLY | https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group |
| ENTROPY | https://cyberintelmag.com/malware-viruses/dridex-malware-downloader-connected-to-entropy-ransomware/ https://news.sophos.com/ja-jp/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks-jp/ https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/ https://www.cyclonis.com/ja/entropy-ransomware-may-have-links-to-the-dridex-gang/ |
| EP918 | https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-28-3/ |
| ERUPTION | https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html https://www.mandiant.com/resources/sabbath-ransomware-affiliate https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html |
| EVEREST | https://www.marketscreener.com/quote/stock/NCC-GROUP-PLC-4004767/news/NCC-Monthly-Threat-Pulse-ndash-November-2021-37387006/ https://kcm.trellix.com/corporate/index?page=content&id=KB96132 https://exchange.xforce.ibmcloud.com/threats/guid:63387e50bd9400dc12ea6b47140aa0db https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/ https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/ |
| EVIL CORP | https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://twitter.com/vxunderground/status/1533948505043124224 https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/ https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions https://e.cyberint.com/hubfs/Cyberint_Evil%20Corp%20Wastedlocker%20Ransomware_Report.pdf https://heimdalsecurity.com/blog/macaw-locker-evil-corps-latest-version-makes-new-victims/ https://pchandy.net/2021/06/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/ https://threatpost.com/evil-corp-impersonates-payloadbin/166710/ https://socprime.com/blog/doppelpaymer-ransomware-detection/ https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/ https://www.bleepingcomputer.com/news/security/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/ https://www.enigmasoftware.com/dridex-gang-returns-with-wastedlocker-ransomware/ |
| EXORCIST | https://sequretek.com/wp-content/uploads/2018/10/Sequretek-Advisory-Exorcist-Ransomware_.pdf https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-24th-2020-navigation-failure/ |
| FONIX (XINOF) | https://www.malwarebytes.com/blog/news/2021/02/fonix-ransomware-gives-up-life-of-crime-apologises |
| GANDCRAB | https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ |
| GOOD DAY | https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/ |
| GRIEF | https://socradar.io/dark-web-threat-profile-grief-ransomware-group/ https://cyberintelmag.com/malware-viruses/dridex-malware-downloader-connected-to-entropy-ransomware/ https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ |
| GROOVE | https://blogs.mcafee.jp/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates https://krebsonsecurity.com/2021/11/the-groove-ransomware-gang-was-a-hoax/ https://medium.com/s2wblog/groove-x-ramp-the-relation-between-groove-babuk-ramp-and-blackmatter-f75644f8f92d https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.trellix.com/ja-jp/about/newsroom/stories/research/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates.html |
| HARON | https://medium.com/s2wblog/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4 https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-44-3/ |
| HARDBIT | https://www.varonis.com/blog/hardbit-2.0-ransomware https://www.suspectfile.com/interview-with-hardbit-ransomware-a-new-group-with-great-ambitions/ https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/ https://www.securityweek.com/hardbit-ransomware-offers-to-set-ransom-based-on-victims-cyberinsurance/ |
| HELLB0RN | https://www.zerofox.com/blog/the-underground-economist-issue-5/ |
| HELLO KITY (FIVE HANDS) | https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/ |
| HERMES | https://www.cybereason.co.jp/blog/ransomware/5607/ https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-hermes-ransomware-cyber-report.pdf |
| HITLER (AGL0BGVYCG) | https://en.wikipedia.org/wiki/Hitler-Ransomware |
| HIVE | https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html https://www.bleepingcomputer.com/news/security/donut-extortion-group-also-targets-victims-with-ransomware/ https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html https://northwave-security.com/conti-ryuk-and-hive-affiliates-the-hidden-link/ |
| HOLYGHOST | https://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/ https://www.hackread.com/lessons-from-holy-ghost-ransomware-attacks/ https://www.digitalshadows.com/blog-and-research/holy-ghosts-bargain-basement-approach-to-ransomware/ |
| ICEFIRE | https://twitter.com/malwrhunterteam/status/1503484073406345224/photo/3 |
| ISOS | https://mdba.info/ransomware/2020/10/02/%E3%80%8C-isos%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2/ |
| JIGSAW | https://www.secureworld.io/industry-news/venezuelan-doctor-jigsaw-thanos-ransomware http://maruyama-mitsuhiko.cocolog-nifty.com/security/2022/05/post-ea8ab8.html |
| JSWORM | https://cyware.com/news/its-time-we-talk-about-jsworm-ransomware-32787a6b https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/ |
| KARAKURT | https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/ |
| KARMA | https://blogs.blackberry.com/en/2021/11/threat-thursday-karma-ransomware https://www.cyfirma.com/outofband/karma-leak-ransomware-technical-analysis/ https://gadgettendency.com/new-ransomware-group-karma-actually-renamed-nefilim/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/ |
| KNIGHT | https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/ |
| LAPSUS$ | https://wired.jp/article/okta-hack-microsoft-bing-code-leak-lapsus/ https://iototsecnews.jp/2022/09/13/cisco-data-breach-attributed-to-lapsus-ransomware-group/ https://jp.tenable.com/blog/brazen-unsophisticated-and-illogical-understanding-the-lapsus-extortion-group |
| LILITH | https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/ |
| LIZARD | https://www.enigmasoftware.jp/lizardphobosransomware-sakujo/ |
| LOCK4 | https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html |
| LOCKBIT (ABCD) | https://www.herjavecgroup.com/herjavec-group-lockbit-2-0-ransomware-profile/ https://www.kaspersky.co.jp/resource-center/threats/lockbit-ransomware |
| LOCKBIT2.0 | https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/ https://www.herjavecgroup.com/herjavec-group-lockbit-2-0-ransomware-profile/ https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://www.group-ib.com/blog/bablock-ransomware/ https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo |
| LOCKBIT3.0 | https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/ https://twitter.com/threatray/status/1544643305924960256 https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/ https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit |
| LOCKDATA | https://www.pcrisk.com/removal-guides/23846-lockdata-ransomware |
| LOCKFILE | https://medium.com/s2wblog/atomsilo-x-lockfile-atomsilo-copied-blackmatter-and-cerber-for-operating-the-double-extortion-site-7fb5aaac5f21 https://news.sophos.com/ja-jp/2021/09/06/lockfile-ransomwares-box-of-tricks-intermittent-encryption-and-evasion-jp/ |
| LOKI LOCKER | https://blogs.blackberry.com/ja/jp/2022/07/blackberry-prevents-lokilocker https://asec.ahnlab.com/en/51497/ https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/ |
| LORENZ | https://www.avertium.com/resources/threat-reports/an-in-depth-look-at-lorenz-ransomware https://www.cybereason.com/blog/research/cybereason-vs.-lorenz-ransomware https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/ |
| LOSTTRUST | https://www.bleepingcomputer.com/news/security/meet-losttrust-ransomware-a-likely-rebrand-of-the-metaencryptor-gang/ |
| LV | https://www.secureworks.com/research/lv-ransomware |
| MACAW LOCKER | https://heimdalsecurity.com/blog/macaw-locker-evil-corps-latest-version-makes-new-victims/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.bleepingcomputer.com/news/security/evil-corp-demands-40-million-in-new-macaw-ransomware-attacks/ |
| MAILTO | https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/ |
| MALLOX (FARGO) | https://www.suspectfile.com/interview-with-mallox-ransomware-group/ |
| MAZE | https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.zerofox.com/blog/maze-recent-ransomware-attacks/ |
| MBC | https://www.thenationalnews.com/business/2021/08/21/mbc-ransomware-group-claims-responsibility-for-cyber-attack-on-irans-railway-network/ https://twitter.com/S0ufi4n3/status/1541150802332598279 |
| MEDUSA LOCKER | https://www.cybereason.co.jp/blog/ransomware/5546/ |
| MEOW | https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ https://www.bleepingcomputer.com/news/security/conti-based-ransomware-meowcorp-gets-free-decryptor/ |
| METAENCRYPTOR | https://www.bleepingcomputer.com/news/security/meet-losttrust-ransomware-a-likely-rebrand-of-the-metaencryptor-gang/ |
| MICHAELKORS | https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html |
| MIDAS | https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-44-3/ |
| MINDWARE | https://www.sentinelone.com/blog/from-the-front-lines-another-rebrand-mindware-and-sfile-ransomware-technical-breakdown/ |
| MOISHA | https://cyware.com/news/new-moisha-ransomware-pulls-off-highly-targeted-attacks-4be35d93 https://blog.cyble.com/2022/08/25/moisha-ransomware-in-action/ |
| MONTI | https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://intel471.com/blog/conti-vs-monti-a-reinvention-or-just-a-simple-rebranding |
| MOUNT LOCKER | https://asec.ahnlab.com/ko/41577/ https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/Arkbird_SOLG/status/1393994616496590848 https://twitter.com/darktracer_int/status/1433694601076822016 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/ https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/ https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.cyclonis.com/ja/mount-locker-ransomware-is-getting-more-dangerous/ https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf https://www.barracuda.co.jp/mountlocker-ransomware/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.guidepointsecurity.com/blog/mount-locker-ransomware-steps-up-counter-ir-capabilities/ |
| MY DECRYPTER (MAGNIBER) | https://www.2-spyware.com/remove-my-decryptor-ransomware-virus.html https://howtofix.guide/ransomware/magniber/ https://japan.zdnet.com/paper/30001345/30005842/ |
| N4UGHTYSEC | https://www.pkware.com/blog/monthly-breach-report-april-2022-edition https://www.itweb.co.za/content/o1Jr5Mx9BVjqKdWL |
| NB65 | https://securityaffairs.co/130051/hacktivism/nb65-modified-version-conti-ransomware.html https://www.malwarebytes.com/blog/news/2022/04/conti-ransomware-offshoot-targets-russian-organizations |
| NEFILIM | https://cyberenso.jp/types-of-ransomware/nephilim-ransomware/ https://gadgettendency.com/new-ransomware-group-karma-actually-renamed-nefilim/ https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ |
| NEMTY | https://www.bitdefender.com/blog/hotforsecurity/nemty-ransomware-gang-shuts-down-public-gig-announces-exclusive-business-model https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/ |
| NETWALKER | https://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/ https://www.cybereason.co.jp/blog/ransomware/5845/ |
| NETWORM (N3TW0RM) | https://www.bleepingcomputer.com/news/security/n3tw0rm-ransomware-emerges-in-wave-of-cyberattacks-in-israel/ https://www.acronis.com/en-us/blog/posts/n3tw0rm-ransomware/ |
| NEVADA | https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokoyawa-variant |
| NIGHT SKY | https://twitter.com/vinopaljiri/status/1480059715392622597 https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html https://twitter.com/Arkbird_SOLG/status/1503435955306434562 https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/ |
| NOSCCAPE | https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/#google_vignette |
| NOKOYAWA | https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/ https://www.fortinet.com/blog/threat-research/nokoyawa-variant-catching-up https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/ https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokoyawa-variant https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| OMEGA | https://www.bleepingcomputer.com/news/security/new-0mega-ransomware-targets-businesses-in-double-extortion-attacks https://cyware.com/news/new-0mega-ransomware-joins-the-double-extortion-threat-landscape-158fb321/ |
| ONEPERCENT | https://cybersecurity-info.com/news/fbi-onepercent-group/ |
| ONYX | https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree |
| PANDORA | https://twitter.com/Arkbird_SOLG/status/1503435955306434562 https://www.avertium.com/resources/threat-reports/in-depth-pandora-ransomware https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/ https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/ https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/ |
| PHOBOS | https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html |
| PAY2KEY | https://www.binarydefense.com/threat_watch/blackshadow-threat-group-breaches-israeli-hosting-firm/ |
| PAYLOAD.BIN | https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.databreaches.net/babuk-re-organizes-as-payload-bin-offers-its-first-leak/ |
| PHOBOS | https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware https://www.enigmasoftware.jp/steelransomware-sakujo/ https://www.enigmasoftware.jp/lizardphobosransomware-sakujo/ https://mdba.info/ransomware/2020/10/02/%E3%80%8C-isos%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2/ https://mdba.info/ransomware/2022/03/20/%E3%80%8C-dike%E3%80%8D%E3%80%8C-zozl%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2-202/ |
| PHOENIX LOCKER | https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://iototsecnews.jp/2022/06/02/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/ |
| PLAY | https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| POLYVICE | https://securityaffairs.co/139924/cyber-crime/vice-society-ransomware-custom-locker.html https://cyware.com/news/vice-society-adds-custom-branded-payload-polyvice-to-its-arsenal-a335bbe1 |
| PROLOCK | https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-with-qakbot-trojan-for-network-access/ https://www.intrinsec.com/egregor-prolock/ |
| PROMETHEUS | https://medium.com/s2wblog/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.cybereason.co.jp/blog/ransomware/6559/ |
| PUTIN TEAM | https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ |
| PWNDLOCKER | https://www.bleepingcomputer.com/news/security/new-pwndlocker-ransomware-targeting-us-cities-enterprises/ https://www.bleepingcomputer.com/news/security/pwndlocker-fixes-crypto-bug-rebrands-as-prolock-ransomware/ https://malpedia.caad.fkie.fraunhofer.de/details/win.pwndlocker |
| PYSA / MESPINOZA | https://www.cybereason.co.jp/blog/ransomware/7069/ https://www.emsisoft.com/en/blog/38840/ransomware-profile-mespinoza-pysa/ https://www.cybersecurity-insiders.com/details-of-new-pysa-n-everest-ransomware/ |
| QILIN (AGENDA) | https://securityaffairs.co/wordpress/139811/cyber-crime/agenda-ransomware-rust.html https://www.trendmicro.com/ja_jp/research/22/i/new-golang-ransomware-agenda-customizes-attacks.html https://www.guidepointsecurity.com/blog/grit-ransomware-report-october-2022/ |
| QLOCKER | https://iototsecnews.jp/2022/01/16/a-new-wave-of-qlocker-ransomware-attacks-targets-qnap-nas-devices/ https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/ |
| QUANTUM | https://asec.ahnlab.com/ko/41577/ https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/ https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| RA GROUP | https://riskybiznews.substack.com/p/risky-biz-news-chinas-great-firewall |
| RAGNAR LOCKER | https://automaton-media.com/articles/newsjp/20201110-142870/ https://blog.cyble.com/2022/01/20/deep-dive-into-ragnar-locker-ransomware-gang/ https://www.cybereason.com/blog/threat-analysis-report-ragnar-locker-ransomware-targeting-the-energy-sector |
| RAGNAROK | https://www.fortinet.com/jp/blog/threat-research/ranion-ransomware-quiet-and-persistent-raas https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/ https://therecord.media/ragnarok-ransomware-operation-shuts-down-and-releases-free-decrypter/ https://resources.infosecinstitute.com/topic/malware-analysis-ragnarok-ransomware/ |
| RAMP | https://www.advintel.io/post/groove-vs-babuk-groove-ransom-manifesto-ramp-underground-platform-secret-inner-workings https://securityaffairs.co/121985/cyber-crime/groove-gang-fortinet-leaks.html |
| RANION | https://www.fortinet.com/jp/blog/threat-research/ranion-ransomware-quiet-and-persistent-raas https://www.digitalshadows.com/blog-and-research/ransomware-franchising-how-do-groups-get-started/ |
| RANSOM CARTEL | https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/ |
| RANSOMED.VC | https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/ |
| RANSOMEXX | https://therecord.media/ibm-ransomexx-becomes-latest-ransomware-group-to-create-rust-variant/ https://www.cybereason.co.jp/blog/ransomware/5795/ https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ |
| RANSOMHOUSE | https://www.the420.in/ransomware-attack-on-pharma-company-aarti-drugs/ https://www.malwarebytes.com/blog/news/2022/05/threat-profile-ransomhouse-makes-extortion-work-without-ransomware https://www.scmagazine.com/brief/risk-management/novel-ransomhouse-cybercrime-operation-detailed https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ https://cyberint.com/blog/research/ransomhouse/ https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html |
| RANZY LOCKER | https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker |
| REDALERT(N13V) | https://socradar.io/redalert-ransomware-targets-windows-and-linux-mware-esxi-servers/ https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/ |
| RELIC | https://angle.ankura.com/post/102i1mb/relic-project-a-new-threat-group-or-rebranded-ransomware |
| REVIL (SODINOKIBI) | https://blogs.mcafee.jp/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://www.flashpoint.io/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/ |
| RHYSIDA | https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/ https://socradar.io/threat-profile-rhysida-ransomware/ https://thehackernews.com/2023/08/new-report-exposes-vice-societys.html |
| ROBBINHOOD | https://www.sompocybersecurity.com/column/column/a72 |
| ROOK | https://www.prsol.cc/ja/post-2773/ https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md https://twitter.com/Arkbird_SOLG/status/1503435955306434562 https://twitter.com/vinopaljiri/status/1480059715392622597 https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/ https://www.avertium.com/resources/threat-reports/in-depth-pandora-ransomware |
| ROYAL | https://heimdalsecurity.com/blog/royal-ransomware-operation-amplifying-in-multi-million-dollar-attacks/ https://www.cybereason.com/blog/royal-ransomware-analysis https://www.scmagazine.com/brief/ransomware/royal-ransomware-tied-to-conti-gang https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks/ https://blog.cyble.com/2023/05/12/blacksuit-ransomware-strikes-windows-and-linux-users/ https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html https://www.axios.com/2023/05/09/royal-ransomware-us-cities-cybersecurity-hacking https://www.trellix.com/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html https://www.trendmicro.com/ja_jp/research/23/h/investigating-blacksuit-ransomwares-similarities-to-royal.html https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| RTM | https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html |
| RYUK | https://www.cybereason.co.jp/blog/ransomware/5607/ https://www.trendmicro.com/ja_jp/what-is/ransomware/ryuk-ransomware.html https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| SABBATH | https://www.mandiant.com/resources/sabbath-ransomware-affiliate https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html https://www.anvilogic.com/threat-reports/unc2190-arcane-and-sabbath |
| SCARECROW | https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ |
| SCHOOLBOYS | https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/ |
| SEKHMET | https://news.sophos.com/ja-jp/2020/12/15/egregor-ransomware-mazes-heir-apparent-jp/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ |
| ShadowSyndicate | https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| SHAOLEAKS | https://www.guidepointsecurity.com/blog/grit-ransomware-report-october-2022/ |
| SILENT RANSOM GROUP | https://www.bleepingcomputer.com/news/security/ransomware-gangs-move-to-callback-social-engineering-attacks/ https://cyware.com/news/ransomware-gangs-use-callback-phishing-method-to-target-corporate-networks-ce1b0069 |
| SNAPMC | https://www.nccgroup.com/jp/snapmc-the-non-ransomware-blackmail-attack/ https://www.bleepingcomputer.com/news/security/bianlian-ransomware-gang-shifts-focus-to-pure-data-extortion/ https://www.bleepingcomputer.com/news/security/snapmc-hackers-skip-file-encryption-and-just-steal-your-files/ |
| SNATCH | https://www.picussecurity.com/resource/snatch-ransomware-gang https://thedfirreport.com/2020/06/21/snatch-ransomware/ |
| SOLIDBIT | https://medium.com/s2wblog/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16 |
| SPARTA | https://ke-la.com/wp-content/uploads/2022/11/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022-JA.pdf |
| SPOOK | https://medium.com/s2wblog/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ |
| STEEL | https://www.enigmasoftware.jp/steelransomware-sakujo/ |
| STORMOUS | https://socradar.io/who-is-stormous-ransomware-group/ https://securelist.com/new-ransomware-trends-in-2022/106457/ https://cdn.www.gob.pe/uploads/document/file/3290929/Alerta%20integrada%20de%20seguridad%20digital%20N%C2%B0%20168-2022-CNSD.pdf.pdf |
| SUGAR | https://defpr.com/sugar-ransomware/ |
| SUNCRYPT | https://analyst1.com/ransomware-diaries-volume-1/ https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-is-still-alive-and-kicking-in-2022/ https://minerva-labs.com/blog/suncrypt-ransomware-gains-new-abilities-in-2022/ |
| SYNACK | https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/ |
| SZ40 | https://www.cybereason.com/blog/research/cybereason-vs.-lorenz-ransomware |
| THANOS | https://www.secureworld.io/industry-news/venezuelan-doctor-jigsaw-thanos-ransomware http://maruyama-mitsuhiko.cocolog-nifty.com/security/2022/05/post-ea8ab8.html |
| THUNDER X | https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker |
| TOMMYLEAKS | https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/ |
| TREEAM | https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/ https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit https://www.group-ib.com/blog/shadowsyndicate-raas/ |
| TRIGONA | https://unit42.paloaltonetworks.jp/trigona-ransomware-update/ |
| VASA LOCKER (BABY) | https://cyberint.com/blog/research/babuk-locker/ https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html |
| VICE SOCIETY | https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/ https://securityaffairs.co/wordpress/139924/cyber-crime/vice-society-ransomware-custom-locker.html https://therecord.media/microsoft-ties-vice-society-hackers-to-additional-ransomware-strains/ https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/ https://socradar.io/threat-profile-rhysida-ransomware/ |
| VSOP | https://blog.cyble.com/2022/08/10/onyx-ransomware-renames-its-leak-site-to-vsop/ |
| WASTEDLOCKER | https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html |
| WHITERABBIT (MARIO) | https://www.crn.com.au/news/amd-claims-potential-attack-from-ransomhouse-gang-582029 https://howtofix.guide/white-rabbit-ransomware/ https://twitter.com/malwrhunterteam/status/1560327142621208577 https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html |
| X001XS | https://www.insicurezzadigitale.com/en/nuovo-leak-site-nuovo-gruppo-ransomware-ex-rook/ |
| https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/darktracer_int/status/1433694601076822016 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf https://www.trendmicro.com/en_us/research/21/j/ransomware-operators-found-using-new-franchise-business-model.html |
|
| YANLUOWANG | https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://iototsecnews.jp/2022/09/01/infra-used-in-cisco-hack-also-targeted-workforce-management-solution/ |
| YASHMA | https://medium.com/s2wblog/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16 https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree |
| ZEON | https://exchange.xforce.ibmcloud.com/malware-analysis/guid:c0a25a3d60116cf5142da3303876ce16 https://www.sentinelone.com/blog/from-the-front-lines-3-new-and-emerging-ransomware-threats-striking-businesses-in-2022/ |
| ZEPPELIN | https://www.picussecurity.com/resource/zeppelin-ransomware-analysis-simulation-and-mitigation https://blogs.blackberry.com/en/2019/12/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/ |
| VEGA | https://www.picussecurity.com/resource/zeppelin-ransomware-analysis-simulation-and-mitigation https://blogs.blackberry.com/en/2019/12/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe |
おすすめ記事
