2023.02.01

ランサムウェア／攻撃グループの変遷と繋がり (Rev.2)

本図は世界で確認されてきた主なランサムウェア攻撃グループ(※1)のうち、「リブランド」を軸とした複合的視点による組織間の繋がりを図示したものである(※2)。

本Rev.2は、2022年5月に公開し好評を頂いたRev. 1から、日々移り変わる様々な観点の関連情報を多数追加し大きくアップデートした更新版となる。現在までに確認されてきたランサムウェア攻撃グループに関するあらゆる繋がりを可能な限り盛り込んだ。

本図から、ランサムウェア攻撃グループの多くがお互いに何からの関連性を持ち活動している背景が浮かび上がる。CONTIやBABUKをはじめソースコードの流出やグループの解散／テイクダウンなどの影響が他の新種出現へ顕著に繋がる流れが見て取れる。一方、NIGHT SKYなどのように、周辺グループとの繋がりから特定国に帰属する攻撃者像が浮き上がってくるケースもある。全体を通して見え隠れするアフィリエイトの共通性などから、ランサムウェア攻撃グループの表面的な組織数とは裏腹に、背後にいる攻撃者らの絶対数は一般に想像されるよりも少ない可能性などもここから推測できるだろう。

本図では、暴露活動の有無や活動拠点の概要なども一覧で把握できるようにしており、攻撃グループ名の索引も付録として添えているため、インシデント発生時の情報収集用途など辞書的な使い方としても是非活用してほしい。

(※1) 暴露型や話題性の高いグループを選抜。攻撃グループが使用するランサムウェアの名称も一部含む。
(※2) MBSDの独自調査の他、世界各国の様々なセキュリティーベンダーの公開／発信情報を元に作成。
(Rev.1：2022年5月下旬作成)
(Rev.2：2023年2月上旬作成)

(日本語版) 最新版のダウンロードはこちら▼
MBSD_RansomwareMap_JP_Rev2.20.pdf
(印刷する場合はA3以上を推奨)

(English version) Please click to download latest version▼
MBSD_RansomwareMap_EN_Rev2.20.pdf
(Recommend to print on A3 or larger size.)

Rev.2のマイナーバージョンアップに関する更新履歴については以下の通り。

マイナーバージョン更新履歴	主な更新箇所	更新日付
2.00	・初期バージョン一般公開	2023/2/2
2.01	・HELLO KITTYのスペル修正・NEVADAの新規追加・LAPSUS$のコメント修正・英語版の追加・その他、細部の変更	2023/2/7
2.02	・MEDUSA、ZEPPELIN、NEVADAの情報変更・VEGA、DARKBIT に関する情報追加	2023/2/16
2.03	・ CONTI、QUANTUM間の補助線にコメント追加・ HARDBIT の新規追加・ V IS VENDETTA の新規追加・その他、細部の変更	2023/3/6
2.04	・ BLACKSNAKEの新規追加・ DARK POWERの新規追加・ SNAPMCの新規追加・ SZ40の新規追加・ MEOWのコメントを追加・ MONTIとDONUTとの関係性を追加・ BLOODYの情報変更	2023/3/20
2.05	・ ABYSSの新規追加・ CATB（CATB99,BAXTOY）の新規追加・ BLOODYの情報変更・ STORMOUSの情報変更	2023/3/28
2.06	・ BADLOCK（RORSCHACH）の新規追加・ AKIRAの新規追加・ CIPHERLOCKERの新規追加・ DUNGHILLの新規追加・ TRIGONAの新規追加	2023/4/25
2.07	・ ELBIEの新規追加・ LOKI LOCKERの新規追加・ BLACKBITの新規追加・ BLACKSUITの新規追加・ RA GROUPの新規追加・ CACTUSの新規追加・ AKIRAの新規追加	2023/5/12
2.08	・ 8BASEの新規追加・ CYCLOPSの新規追加・ DARKRACEの新規追加・ ESXIARGSの新規追加・ LA PIOVRAの新規追加・ MALASのの新規追加・ NEBULAの新規追加・ NOESCAPEの新規追加・ RHYSIDAの新規追加・ SHADOWの新規追加・ BADLOCKの情報変更・ BLACKSUITの情報変更・ BLOODYの情報変更・ CL0P (CLOP)の情報変更・ NEVADAの情報変更・ NOKOYAWAの情報変更・ ROYALのの情報変更・ SNATCHの情報変更	2023/6/16
2.09	・ BIG HEADの新規追加・ INC RANSOMの新規追加・ KNIGHTの新規追加・ METAENCRYPTORの新規追加・ 8BASEの情報変更・ AVADDONの情報変更・ BLACKSUITの情報変更・ CACTUSの情報変更・ CHILE LOCKERの情報変更・ CYCLOPSの情報変更・ NOESCAPEの情報変更・ RHYSIDAの情報変更・ ROYALの情報変更・ SNATCHの情報変更	2023/8/21
2.10	・ CIPHBITの新規追加・ CLOAKの新規追加・ CRYPTBBの新規追加・ CRYPTNETの新規追加・ GOOD DAYの新規追加・ LOSTTRUSTの新規追加・ RANCOZの新規追加・ RANSOMED.VCの新規追加・ THREEAM (3AM)の新規追加・ ALPHV (BLACKCAT)の情報変更・ BIANLIANの情報変更・ CACTUSの情報変更・ CL0P (CLOP)の情報変更・ DARKSIDEの情報変更・ EVERESTの情報変更・ LOCKBIT3.0の情報変更・ METAENCRYPTORの情報変更・ NOKOYAWAの情報変更・ PLAYの情報変更・ QUANTUMの情報変更・ ROYALの情報変更・ランサムウェア攻撃グループのアクティブ状況を再定義・ ShadowSyndicateに関する項目を新規追加	2023/10/4
2.11	・ CONTIの情報変更・ RYUKの情報変更・ ShadowSyndicateの情報変更	2023/10/4
2.12	・ DRAGONFORCEの新規追加・ GHOSTSECの新規追加・ HUNTERS INTERNATIONALの新規追加・ LAMBDAの新規追加・ MADCATの新規追加・ MALEKTEAMの新規追加・ MEGACORTEXの新規追加・ RANSOEMCORPの新規追加・ RAZNATOVICの新規追加・ SAMSAMの新規追加・ SIEGEDSECの新規追加・ SPARTACUSの新規追加・ WEREWOLVESの新規追加・プリカーサーマルウェア(QBOT)に関する項目を追加・アフィリエイト(Wazawaka、他)に関する項目を追加・ハッカーグループ編成(Five Families)に関する項目を追加・ DEATHRANSOMの情報追加・ LOCKERGOGAの情報追加・ ABYSSの情報変更・ ALPHV (BLACKCAT)の情報変更・ BABUKの情報変更・ BIANLIANの情報変更・ BLACKBASTAの情報変更・ CACTUSの情報変更・ CERBERの情報変更・ CONTIの情報変更・ CYCLOPSの情報変更・ DHARMAの情報変更・ EGREGORの情報変更・ HELLO KITTY (FIVE HANDS) の情報変更・ HIVEの情報変更・ KNIGHTの情報変更・ LOCKBIT2.0の情報変更・ LOCKBIT3.0の情報変更・ MARIOの情報変更・ MEOWの情報変更・ MONTIの情報変更・ NOESCAPEの情報変更・ NOKOYAWAの情報変更・ PROLOCKの情報変更・ PWNDLOCKERの情報変更・ QILIN (AGENDA)の情報変更・ RAGNAR LOCKERの情報変更・ RANSOMED.VCの情報変更・ REVIL (SODINOKIBI)の情報変更・ STORMOUSの情報変更・ TRIGONAの情報変更・ WHITERABBITの情報変更	2023/12/26
2.20	・ ALPHA (MYDATA)の新規追加・ APOS SECURITYの新規追加・ APT73 (ERALEIG)の新規追加・ ARCUS MEDIAの新規追加・ BLACKOUTの新規追加・ BUHTIの新規追加・ CROSSLOCKの新規追加・ DAN0N (DANON)の新規追加・ DARK VAULTの新規追加・ DISPOSSESSORの新規追加・ DONEXの新規追加・ EL DORADOの新規追加・ EMBARGOの新規追加・ FAUSTの新規追加・ FSOCIETY / FLOCKERの新規追加・ GOING INSANEの新規追加・ HELLO GOOKIEの新規追加・ INDUSTRIAL SPYの新規追加・ KILLSECの新規追加・ MOGILEVICHの新規追加・ MORLOCKの新規追加・ NONAMEの新規追加・ QIULONGの新規追加・ RA WORLDの新規追加・ RABBIT HOLEの新規追加・ RANSOMHUBの新規追加・ RANSOMWARE BLOGの新規追加・ RED RANSOMWARE GROUP (RED CRYPTOAPP)の新規追加・ SENSAYQの新規追加・ SLUGの新規追加・ SPACE BEARSの新規追加・ TRISECの新規追加・ UNDERGROUNDの新規追加・ ZERO TOLERANCEの新規追加・ AKIRAの情報変更・ ALPHV (BLACKCAT)の情報変更・ CL0P (CLOP)の情報変更・ CONTIの情報変更・ CUBAの情報変更・ DIAVOLの情報変更・ DRAGONFORCEの情報変更・ GHOSTSECの情報変更・ HUNTERS INTERNATIONALの情報変更・ KNIGHTの情報変更・ LOCKBIT3.0の情報変更・ NETWALKERの情報変更・ 0MEGA (OMEGA)の情報変更・ QILIN (AGENDA)の情報変更・ RANSOMHOUSEの情報変更・ ROYALの情報変更・ STORMOUSの情報変更・ THREEAM (3AM)の情報変更・ WEREWOLVESの情報変更	2024/6/10

本図の作成に際して、弊社独自調査に併せ情報ソースとして参考にした主な参照先は以下の通り。

ランサムウェア攻撃グループ名	関連情報として参考にさせて頂いた主な参照先
8BASE	https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html https://thecyberexpress.com/losttrust-claims-ferguson-wellman-cyber-attack/ https://twitter.com/ido_cohen2/status/1702742049328443826


ABYSS	https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/
AKIRA	https://www.trendmicro.com/ja_jp/research/23/j/ransomware-spotlight-akira.html https://arcticwolf.com/resources/blog/conti-and-akira-chained-together/ https://www.scmagazine.com/news/blockchain-conti-akira-ransomware https://x.com/MalGamy12/status/1651972583615602694 https://labs.k7computing.com/index.php/akira-ransomware-unleashing-chaos-using-conti-leaks/




AKO	https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker https://www.bleepingcomputer.com/news/security/ako-ransomware-another-day-another-infection-attacking-businesses/

ALPHA (MYDATA)	https://www.infosecurity-magazine.com/news/alpha-ransomware-launches-data/ https://netenrich.com/blog/alpha-ransomware-a-deep-dive-into-its-operations https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/alpha-netwalker-ransomware https://www.bleepingcomputer.com/news/security/alpha-ransomware-linked-to-netwalker-operation-dismantled-in-2021/



ALPHV (BLACKCAT)	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/ https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.securityweek.com/law-enforcement-reportedly-behind-takedown-of-blackcat-alphv-ransomware-website/ https://www.bleepingcomputer.com/news/security/alphv-ransomware-site-outage-rumored-to-be-caused-by-law-enforcement/ https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/ https://www.bleepingcomputer.com/news/security/blackcat-ransomware-shuts-down-in-exit-scam-blames-the-feds/








ARCANE	https://www.natlawreview.com/article/rebranded-ransomware-group-sabbath-hitting-hospitals-and-schools
ARCUS MEDIA	https://dailydarkweb.net/new-ransomware-group-arcus-attacks-targeted-south-american-companies/ https://x.com/AlvieriD/status/1790971069358027010

ARVINCLUB	https://cloudsek.com/threatintelligence/ransomware-group-profile-arvin-club/
ASTRO (ASTRA)	https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/Arkbird_SOLG/status/1393994616496590848 https://twitter.com/darktracer_int/status/1433694601076822016 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/ https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.mbsd.jp/research/20210415/astro-locker/ https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf









ATOMSILO	https://medium.com/s2wblog/atomsilo-x-lockfile-atomsilo-copied-blackmatter-and-cerber-for-operating-the-double-extortion-site-7fb5aaac5f21 https://news.sophos.com/ja-jp/2021/10/11/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack-jp/

AVADDON	https://medium.com/s2wblog/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4 https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/#google_vignette
AVOSLOCKER	https://www.trendmicro.com/ja_jp/research/22/g/ransomware-spotlight-avoslocker.html https://iototsecnews.jp/2022/09/07/google-says-former-conti-ransomware-members-now-attack-ukraine/#more-27616 https://www.bleepingcomputer.com/news/security/fbi-avoslocker-ransomware-targets-us-critical-infrastructure/


AXXES	https://cloudsek.com/threatintelligence/axxes-ransomware-group-appears-to-be-the-rebranded-version-of-midas-group/
BABUK2023	https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html


BADLOCK (RORSCHACH)	https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://www.group-ib.com/blog/bablock-ransomware/

BIANLIAN	https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html https://www.bleepingcomputer.com/news/security/bianlian-ransomware-gang-shifts-focus-to-pure-data-extortion/

BIG HEAD	https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
BITPAYMER	https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.bleepingcomputer.com/news/security/bitpaymer-ransomware-infection-forces-alaskan-town-to-use-typewriters-for-a-week/



BABUK	https://cyberint.com/blog/research/babuk-locker/ https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/ https://blog.trendmicro.co.jp/archives/31517 https://cybelangel.com/blog/babuk-group-just-another-ransomware-gang/ https://www.bleepingcomputer.com/news/security/babuk-ransomware-readies-shut-down-post-plans-to-open-source-malware/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.databreaches.net/babuk-re-organizes-as-payload-bin-offers-its-first-leak/ https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://www.group-ib.com/blog/bablock-ransomware/ https://riskybiznews.substack.com/p/risky-biz-news-chinas-great-firewall https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html

















BLACKBASTA	https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-the-fin7-hacking-group/ https://www.cybereason.com/blog/cybereason-vs.-black-basta-ransomware https://www.trendmicro.com/ja_jp/research/22/f/examining-the-black-basta-ransomwares-infection-routine.html https://www.zscaler.com/blogs/security-research/back-black-basta https://www.cybereason.co.jp/blog/ransomware/9263/ https://digitaldata-forensics.com/column/ransomware/type/4415/





BLACKBIT	https://asec.ahnlab.com/en/51497/ https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/

BLACKBYTE	https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbyte https://www.trendmicro.com/ja_jp/research/22/i/ransomware-spotlight-blackbyte.html https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-gang-is-back-with-new-extortion-tactics/ https://www.anvilogic.com/threat-reports/conti-its-subsidiary-group-blackbyte https://broadcom-software.security.com/blogs/japanese-broadcom-software/exbyte-blackbyteransamuueanogongjikurufukaxintanatetaqiequtsuruwozhankai https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/





BLACKMAGIC	https://blog.cyble.com/2022/12/07/a-closer-look-at-blackmagic-ransomware/
BLACKMATTER	https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/ https://mytechdecisions.com/it-infrastructure/what-darksides-rebranding-means-for-it/ https://thehackernews.com/2022/03/experts-find-some-affiliates-of.html https://twitter.com/cyb3rops/status/1544216630296825856 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://twitter.com/threatray/status/1544643305924960256 https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.itmedia.co.jp/news/articles/2108/16/news052.html https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/ https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat











BLACKOUT	https://socradar.io/dark-peep-12-the-ransomware-group-that-never-was/
BLACKSHADOW (SPECTRAL KITTEN)	https://www.binarydefense.com/threat_watch/blackshadow-threat-group-breaches-israeli-hosting-firm/
BLACKSNAKE	https://blog.cyble.com/2023/03/09/blacksnake-ransomware-emerges-from-chaos-ransomwares-shadow/
BLACKSUIT	https://blog.cyble.com/2023/05/12/blacksuit-ransomware-strikes-windows-and-linux-users/ https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html https://www.trendmicro.com/ja_jp/research/23/h/investigating-blacksuit-ransomwares-similarities-to-royal.html https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a https://socradar.io/dark-web-profile-blacksuit-ransomware/




BLOODY	https://securityaffairs.co/wordpress/136345/cyber-crime/bl00dy-ransomware-lockbit-3-encryptor.html https://www.bleepingcomputer.com/news/security/leaked-lockbit-30-builder-used-by-bl00dy-ransomware-gang-in-attacks/

BLUESKY	https://unit42.paloaltonetworks.jp/bluesky-ransomware/
BL4CKT0R (BLACKTOR)	https://www.tetradefense.com/wp-content/uploads/2021/08/ThreatIntel_July2021_RoundUp_Compressed.pdf
BUHTI	https://news.sophos.com/en-us/2024/02/23/connectwise-screenconnect-attacks-deliver-malware/
CATB (CAT99 / BAXTOY)	https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/ https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/
CACTUS	https://www.group-ib.com/blog/shadowsyndicate-raas/ https://x.com/MsftSecIntel/status/1730383711437283757?s=20 https://securityaffairs.com/155184/cyber-crime/danabot-spread-cactus-ransomware.html


CERBER	https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.itmedia.co.jp/news/articles/2108/16/news052.html https://www.trendmicro.com/en_us/research/17/e/cerber-ransomware-evolution.html https://www.trendmicro.com/ja_jp/research/23/l/cerber-ransomware-exploits-cve-2023-22518.html https://cyble.com/blog/cerber2021-ransomware-back-in-action/




CHAOS	https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree
CHEERS	https://www.bleepingcomputer.com/news/security/cheerscrypt-ransomware-linked-to-a-chinese-hacking-group/ https://blog.trendmicro.co.jp/archives/31517 https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html


CHILE LOCKER (ARCRYPTER)	https://www.fortinet.com/blog/threat-research/ransomware-roundup-bisamware-and-chile-locker https://blog.cyble.com/2023/07/06/arcrypt-ransomware-evolves-with-multiple-tor-communication-channels/

CLOAK	https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/
CL0P (CLOP)	https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-worm-to-clop-ransomware-attacks/ https://securityaffairs.co/wordpress/137722/malware/raspberry-robin-clop-ransomware.html https://www.bleepingcomputer.com/news/security/clop-ransomware-uses-truebot-malware-for-access-to-networks/ https://unit42.paloaltonetworks.jp/clop-ransomware/ https://www.bleepingcomputer.com/news/security/microsoft-notorious-fin7-hackers-return-in-clop-ransomware-attacks/ https://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html https://sectrio.com/deconstructing-cl0p-ransomware-moveit-2023-breach/ https://www.group-ib.com/blog/shadowsyndicate-raas/ https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/ https://gemserv.com/our-thoughts/threat-actor-review-clop-ransomware-group/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a https://fourcore.io/blogs/clop-ransomware-history-adversary-simulation












CONTI	https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/ https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ https://news.sophos.com/ja-jp/2021/03/03/conti-ransomware-attack-day-by-day-jp/ https://www.bleepingcomputer.com/news/security/conti-ransomware-shows-signs-of-being-ryuks-successor/ https://www.fortinet.com/blog/threat-research/ransomware-roundup-new-vohuk-scarecrow-and-aerst-variants https://twitter.com/uuallan/status/1564655718531219456 https://twitter.com/VK_Intel/status/1557003350541242369 https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://unit42.paloaltonetworks.jp/atoms/conti-ransomware/ https://www.trendmicro.com/ja_jp/research/22/l/ransomware-spotlight-blackcat.html https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/ https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html https://www.axios.com/2023/05/09/royal-ransomware-us-cities-cybersecurity-hacking https://www.trellix.com/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html https://www.group-ib.com/blog/shadowsyndicate-raas/ https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://www.trendmicro.com/ja_jp/research/23/j/ransomware-spotlight-akira.html https://arcticwolf.com/resources/blog/conti-and-akira-chained-together/ https://www.scmagazine.com/news/blockchain-conti-akira-ransomware https://labs.k7computing.com/index.php/akira-ransomware-unleashing-chaos-using-conti-leaks/ https://x.com/MalGamy12/status/1651972583615602694 https://www.bleepingcomputer.com/news/security/researchers-link-3am-ransomware-to-conti-royal-cybercrime-gangs/ https://www.kelacyber.com/wp-content/uploads/2022/05/KELA-Intelligence-Report-ContiLeaks-JA-1.pdf https://socradar.io/dark-web-profile-blacksuit-ransomware/



























COOMING PROJECT	https://www.cisa.gov/uscert/ncas/alerts/aa22-110a
COREID	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps https://www.techrepublic.com/article/colonial-pipeline-ransomware-group-using-new-tactics-to-become-more-dangerous/ https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/ https://www.zdnet.com/article/fin7-hackers-evolve-operations-with-ransomware-novel-backdoor/



CROSSROCK	https://jp.sentinelone.com/anthology/crosslock/
CYCLOPS	https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/ https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/


CRYKAL / CRYLOCK	https://heimdalsecurity.com/blog/crylock-ransomware/ https://unit42.paloaltonetworks.jp/trigona-ransomware-update/

CRYPTOMIX	https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf
CRYPTON	https://cyware.com/news/what-is-crypton-ransomware-new-campaign-sees-hackers-exploiting-remote-desktop-services-097a4372 https://www.twx-threatintel.com/hobokomo-securitynews/20220706/tips-342/

CRYPTWALL	https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf
CRYPTBB	https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/ https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware


CRYPTXXX	https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-cryptomix-ransomware-cyber-report.pdf
CYLANCE	https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html


CRYSIS	https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware
CUBA	https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-cuba https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/

DRAGONFORCE	https://cyble.com/blog/lockbit-blacks-legacy-unraveling-the-dragonforce-ransomware-connection/
DAGON LOCKER	https://asec.ahnlab.com/ko/41577/
DAIXIN	https://www.bleepingcomputer.com/news/security/us-govt-warns-of-daixin-team-targeting-health-orgs-with-ransomware/
DARKANGELS	https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/ https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/ https://cyware.com/news/darkangels-a-rebranded-version-of-babuk-8c62474b https://thecyberexpress.com/dark-angels-ransomware-dunghill-leak/



DARK VAULT	https://cybernews.com/news/lockbit-dark-vault-rebrand/
DARKRYPT	https://www.digitalshadows.com/blog-and-research/ransomware-q4-overview/
DARKSIDE	https://mytechdecisions.com/it-infrastructure/what-darksides-rebranding-means-for-it/ https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-linked-to-blackmatter-darkside-gangs/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.theregister.com/2022/09/25/noberus_ransomware_symantec/ https://www.flashpoint.io/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/






DATAF	https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html


DEATHRANSOM	https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/
DEFRAY777	https://unit42.paloaltonetworks.jp/ransomware-threat-assessments/8/ https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/


DHARMA	https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware https://cyberenso.jp/types-of-ransomware/dharma-ransomware/ https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war


DIAVOL	https://arcticwolf.com/resources/blog/karakurt-web/ https://www.fortinet.com/jp/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider https://www.kelacyber.com/wp-content/uploads/2022/05/KELA-Intelligence-Report-ContiLeaks-JA-1.pdf


DIKE	https://mdba.info/ransomware/2022/03/20/%E3%80%8C-dike%E3%80%8D%E3%80%8C-zozl%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2-202/
DISPOSSESSOR	https://webz.io/dwp/lockbit-reborn-new-site-defies-fbi-takedown
DONUT	https://www.bleepingcomputer.com/news/security/donut-extortion-group-also-targets-victims-with-ransomware/
DOPPELPAYMER	https://socradar.io/dark-web-threat-profile-grief-ransomware-group/ https://unit42.paloaltonetworks.jp/ransomware-threat-assessments/4/ https://socprime.com/blog/doppelpaymer-ransomware-detection/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/




DUNGHILL	https://thecyberexpress.com/dark-angels-ransomware-dunghill-leak/
ECH0RAIX (ECHORAIX)	https://unit42.paloaltonetworks.jp/ech0raix-ransomware-soho/ https://www.bleepingcomputer.com/news/security/new-ech0raix-ransomware-brute-forces-qnap-nas-devices/ https://www.bleepingcomputer.com/ransomware/decryptor/ech0raix-ransomware-decryptor-restores-qnap-files-for-free/


EGREGOR	https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://unit42.paloaltonetworks.jp/egregor-ransomware-courses-of-action/ https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html


EL_COMETA	https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/
EMBARGO	https://www.bleepingcomputer.com/news/security/largest-non-bank-lender-in-australia-warns-of-a-data-breach/
EMPEROR DRAGONFLY	https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group
ENTROPY	https://cyberintelmag.com/malware-viruses/dridex-malware-downloader-connected-to-entropy-ransomware/ https://news.sophos.com/ja-jp/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks-jp/ https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/ https://www.cyclonis.com/ja/entropy-ransomware-may-have-links-to-the-dridex-gang/



EP918	https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-28-3/
ERUPTION	https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html https://www.mandiant.com/resources/sabbath-ransomware-affiliate https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html


EVEREST	https://www.marketscreener.com/quote/stock/NCC-GROUP-PLC-4004767/news/NCC-Monthly-Threat-Pulse-ndash-November-2021-37387006/ https://kcm.trellix.com/corporate/index?page=content&id=KB96132 https://exchange.xforce.ibmcloud.com/threats/guid:63387e50bd9400dc12ea6b47140aa0db https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/ https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/




EVIL CORP	https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://twitter.com/vxunderground/status/1533948505043124224 https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/ https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions https://e.cyberint.com/hubfs/Cyberint_Evil%20Corp%20Wastedlocker%20Ransomware_Report.pdf https://heimdalsecurity.com/blog/macaw-locker-evil-corps-latest-version-makes-new-victims/ https://pchandy.net/2021/06/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/ https://threatpost.com/evil-corp-impersonates-payloadbin/166710/ https://socprime.com/blog/doppelpaymer-ransomware-detection/ https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/ https://www.bleepingcomputer.com/news/security/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/ https://www.enigmasoftware.com/dridex-gang-returns-with-wastedlocker-ransomware/











EXORCIST	https://sequretek.com/wp-content/uploads/2018/10/Sequretek-Advisory-Exorcist-Ransomware_.pdf https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-july-24th-2020-navigation-failure/

FAUST	https://thehackernews.com/2024/01/albabat-kasseika-kuiper-new-ransomware.html
FONIX (XINOF)	https://www.malwarebytes.com/blog/news/2021/02/fonix-ransomware-gives-up-life-of-crime-apologises
GANDCRAB	https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/



GHOSTSEC	https://www.sompocybersecurity.com/column/column/hacker-group-launches-ghostlocker-raas https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/ https://thehackernews.com/2024/03/alert-ghostsec-and-stormous-launch.html


GOOD DAY	https://www.sentinelone.com/blog/threat-actor-interplay-good-days-victim-portals-and-their-ties-to-cloak/
GRIEF	https://socradar.io/dark-web-threat-profile-grief-ransomware-group/ https://cyberintelmag.com/malware-viruses/dridex-malware-downloader-connected-to-entropy-ransomware/ https://www.bleepingcomputer.com/news/security/entropy-ransomware-linked-to-evil-corps-dridex-malware/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/




GROOVE	https://blogs.mcafee.jp/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates https://krebsonsecurity.com/2021/11/the-groove-ransomware-gang-was-a-hoax/ https://medium.com/s2wblog/groove-x-ramp-the-relation-between-groove-babuk-ramp-and-blackmatter-f75644f8f92d https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.trellix.com/ja-jp/about/newsroom/stories/research/how-groove-gang-is-shaking-up-the-ransomware-as-a-service-market-to-empower-affiliates.html




HARON	https://medium.com/s2wblog/quick-analysis-of-haron-ransomware-feat-avaddon-and-thanos-1ebb70f64dc4 https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-44-3/

HARDBIT	https://www.varonis.com/blog/hardbit-2.0-ransomware https://www.suspectfile.com/interview-with-hardbit-ransomware-a-new-group-with-great-ambitions/ https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/ https://www.securityweek.com/hardbit-ransomware-offers-to-set-ransom-based-on-victims-cyberinsurance/



HELLB0RN	https://www.zerofox.com/blog/the-underground-economist-issue-5/
HELLO GOOKIE	https://blog.barracuda.com/2024/04/24/hellokitty--hellogookie--hello--lockbit https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-rebrands-releases-cd-projekt-and-cisco-data/

HELLO KITY (FIVE HANDS)	https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/ https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-source-code-leaked-on-hacking-forum/


HERMES	https://www.cybereason.co.jp/blog/ransomware/5607/ https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-hermes-ransomware-cyber-report.pdf

HITLER (AGL0BGVYCG)	https://en.wikipedia.org/wiki/Hitler-Ransomware
HIVE	https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html https://www.bleepingcomputer.com/news/security/donut-extortion-group-also-targets-victims-with-ransomware/ https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html https://northwave-security.com/conti-ryuk-and-hive-affiliates-the-hidden-link/ https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://thehackernews.com/2023/11/new-ransomware-group-emerges-with-hives.html https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/







HOLYGHOST	https://www.bleepingcomputer.com/news/security/microsoft-links-holy-ghost-ransomware-operation-to-north-korean-hackers/ https://www.hackread.com/lessons-from-holy-ghost-ransomware-attacks/ https://www.digitalshadows.com/blog-and-research/holy-ghosts-bargain-basement-approach-to-ransomware/


HUNTERS INTERNATIONAL	https://www.bleepingcomputer.com/news/security/new-hunters-international-ransomware-possible-rebrand-of-hive/ https://thehackernews.com/2023/11/new-ransomware-group-emerges-with-hives.html https://www.quorumcyber.com/malware-reports/hunters-international-ransomware-report/ https://iototsecnews.jp/2023/10/29/new-hunters-international-ransomware-possible-rebrand-of-hive/



ICEFIRE	https://twitter.com/malwrhunterteam/status/1503484073406345224/photo/3
INDUSTRIAL SPY	https://www.fortiguard.com/threat-signal-report/5215/underground-team-ransomware https://securityscorecard.com/research/a-technical-analysis-of-the-underground-ransomware-deployed-by-storm-0978/ https://www.privacyaffairs.com/underground-ransomware-actor-breaches-11-targets/ https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/ https://unit42.paloaltonetworks.jp/cuba-ransomware-tropical-scorpius/#post-124395-_xnikeicczfm4




ISOS	https://mdba.info/ransomware/2020/10/02/%E3%80%8C-isos%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2/
JIGSAW	https://www.secureworld.io/industry-news/venezuelan-doctor-jigsaw-thanos-ransomware http://maruyama-mitsuhiko.cocolog-nifty.com/security/2022/05/post-ea8ab8.html

JSWORM	https://cyware.com/news/its-time-we-talk-about-jsworm-ransomware-32787a6b https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/

KARAKURT	https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/
KARMA	https://blogs.blackberry.com/en/2021/11/threat-thursday-karma-ransomware https://www.cyfirma.com/outofband/karma-leak-ransomware-technical-analysis/ https://gadgettendency.com/new-ransomware-group-karma-actually-renamed-nefilim/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/




KILLSEC	https://foresiet.com/blog/kill-ransomware-a-new-entrant-strikes-breaching-kerala-police-and-beyond https://ransomwareattacks.halcyon.ai/news/ransomware-on-the-move-ra-world-killsec-8base-medusa

KNIGHT	https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/ https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/ https://www.bleepingcomputer.com/news/security/knight-ransomware-source-code-for-sale-after-leak-site-shuts-down/ https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware https://thehackernews.com/2024/06/rebranded-knight-ransomware-targeting.html




LAPSUS$	https://wired.jp/article/okta-hack-microsoft-bing-code-leak-lapsus/ https://iototsecnews.jp/2022/09/13/cisco-data-breach-attributed-to-lapsus-ransomware-group/ https://jp.tenable.com/blog/brazen-unsophisticated-and-illogical-understanding-the-lapsus-extortion-group


LILITH	https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/
LIZARD	https://www.enigmasoftware.jp/lizardphobosransomware-sakujo/
LOCK4	https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html


LOCKBIT (ABCD)	https://www.herjavecgroup.com/herjavec-group-lockbit-2-0-ransomware-profile/ https://www.kaspersky.co.jp/resource-center/threats/lockbit-ransomware

LOCKBIT2.0	https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/ https://www.herjavecgroup.com/herjavec-group-lockbit-2-0-ransomware-profile/ https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ https://www.group-ib.com/blog/bablock-ransomware/ https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://twitter.com/alvierid/status/1737763750940151998?s=61&t=cbDfoCunjPFFOy6AuZb1rw







LOCKBIT3.0	https://cluster25.io/2022/07/06/lockbit-3-0-making-the-ransomware-great-again/ https://twitter.com/threatray/status/1544643305924960256 https://www.pcrisk.com/removal-guides/25159-cryptbb-ransomware https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/ https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/ https://news.sophos.com/en-us/2024/02/23/connectwise-screenconnect-attacks-deliver-malware/ https://x.com/AlvieriD/status/1790971069358027010 https://twitter.com/AlvieriD/status/1760640047433269282








LOCKDATA	https://www.pcrisk.com/removal-guides/23846-lockdata-ransomware
LOCKERGOGA	https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war
LOCKFILE	https://medium.com/s2wblog/atomsilo-x-lockfile-atomsilo-copied-blackmatter-and-cerber-for-operating-the-double-extortion-site-7fb5aaac5f21 https://news.sophos.com/ja-jp/2021/09/06/lockfile-ransomwares-box-of-tricks-intermittent-encryption-and-evasion-jp/

LOKI LOCKER	https://blogs.blackberry.com/ja/jp/2022/07/blackberry-prevents-lokilocker https://asec.ahnlab.com/en/51497/ https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/


LORENZ	https://www.avertium.com/resources/threat-reports/an-in-depth-look-at-lorenz-ransomware https://www.cybereason.com/blog/research/cybereason-vs.-lorenz-ransomware https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/


LOSTTRUST	https://www.bleepingcomputer.com/news/security/meet-losttrust-ransomware-a-likely-rebrand-of-the-metaencryptor-gang/
LV	https://www.secureworks.com/research/lv-ransomware
MACAW LOCKER	https://heimdalsecurity.com/blog/macaw-locker-evil-corps-latest-version-makes-new-victims/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.bleepingcomputer.com/news/security/evil-corp-demands-40-million-in-new-macaw-ransomware-attacks/


MAILTO	https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/
MARIO	https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html



MALLOX (FARGO)	https://www.suspectfile.com/interview-with-mallox-ransomware-group/
MAZE	https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.zerofox.com/blog/maze-recent-ransomware-attacks/



MBC	https://www.thenationalnews.com/business/2021/08/21/mbc-ransomware-group-claims-responsibility-for-cyber-attack-on-irans-railway-network/ https://twitter.com/S0ufi4n3/status/1541150802332598279

MEDUSA LOCKER	https://www.cybereason.co.jp/blog/ransomware/5546/
MEGACORTEX	https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html

MEOW	https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/ https://www.bleepingcomputer.com/news/security/conti-based-ransomware-meowcorp-gets-free-decryptor/

METAENCRYPTOR	https://www.bleepingcomputer.com/news/security/meet-losttrust-ransomware-a-likely-rebrand-of-the-metaencryptor-gang/
MICHAELKORS	https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html


MIDAS	https://www.sentinelone.com/blog/the-good-the-bad-and-the-ugly-in-cybersecurity-week-44-3/
MINDWARE	https://www.sentinelone.com/blog/from-the-front-lines-another-rebrand-mindware-and-sfile-ransomware-technical-breakdown/
MOISHA	https://cyware.com/news/new-moisha-ransomware-pulls-off-highly-targeted-attacks-4be35d93 https://blog.cyble.com/2022/08/25/moisha-ransomware-in-action/

MONTI	https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://intel471.com/blog/conti-vs-monti-a-reinvention-or-just-a-simple-rebranding https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html


MORLOCK	https://www.facct.ru/blog/morlock-ransomware/
MOUNT LOCKER	https://asec.ahnlab.com/ko/41577/ https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/Arkbird_SOLG/status/1393994616496590848 https://twitter.com/darktracer_int/status/1433694601076822016 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/ https://www.bleepingcomputer.com/news/security/mountlocker-ransomware-uses-windows-api-to-worm-through-networks/ https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.cyclonis.com/ja/mount-locker-ransomware-is-getting-more-dangerous/ https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf https://www.barracuda.co.jp/mountlocker-ransomware/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.guidepointsecurity.com/blog/mount-locker-ransomware-steps-up-counter-ir-capabilities/












MY DECRYPTER (MAGNIBER)	https://www.2-spyware.com/remove-my-decryptor-ransomware-virus.html https://howtofix.guide/ransomware/magniber/ https://japan.zdnet.com/paper/30001345/30005842/


N4UGHTYSEC	https://www.pkware.com/blog/monthly-breach-report-april-2022-edition https://www.itweb.co.za/content/o1Jr5Mx9BVjqKdWL

NB65	https://securityaffairs.co/130051/hacktivism/nb65-modified-version-conti-ransomware.html https://www.malwarebytes.com/blog/news/2022/04/conti-ransomware-offshoot-targets-russian-organizations

NEFILIM	https://cyberenso.jp/types-of-ransomware/nephilim-ransomware/ https://gadgettendency.com/new-ransomware-group-karma-actually-renamed-nefilim/ https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/



NEMTY	https://www.bitdefender.com/blog/hotforsecurity/nemty-ransomware-gang-shuts-down-public-gig-announces-exclusive-business-model https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/



NETWALKER	https://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/ https://www.cybereason.co.jp/blog/ransomware/5845/ https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/alpha-netwalker-ransomware https://www.bleepingcomputer.com/news/security/alpha-ransomware-linked-to-netwalker-operation-dismantled-in-2021/



N3TW0RM (NETWORM)	https://www.bleepingcomputer.com/news/security/n3tw0rm-ransomware-emerges-in-wave-of-cyberattacks-in-israel/ https://www.acronis.com/en-us/blog/posts/n3tw0rm-ransomware/

NEVADA	https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokoyawa-variant
NIGHTSKY	https://twitter.com/vinopaljiri/status/1480059715392622597 https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html https://twitter.com/Arkbird_SOLG/status/1503435955306434562 https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/





NONAME	https://medium.com/coinmonks/older-leaks-re-surfaces-lockbit-imitator-on-surface-web-2c85229a3cf7/ https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/noname#:~:text=NO%2DNAME%20appears%20unrelated%20to%20another%20group%20with,3.0%20and%20has%20several%20data%20leak%20sites./

NOSCCAPE	https://www.bleepingcomputer.com/news/security/meet-noescape-avaddon-ransomware-gangs-likely-successor/#google_vignette https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/


NOKOYAWA	https://blog.talosintelligence.com/de-anonymizing-ransomware-domains-on/ https://www.fortinet.com/blog/threat-research/nokoyawa-variant-catching-up https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/ https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html https://www.zscaler.com/blogs/security-research/nevada-ransomware-yet-another-nokoyawa-variant https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.group-ib.com/blog/farnetwork/







0MEGA (OMEGA)	https://www.bleepingcomputer.com/news/security/new-0mega-ransomware-targets-businesses-in-double-extortion-attacks https://cyware.com/news/new-0mega-ransomware-joins-the-double-extortion-threat-landscape-158fb321/ https://www.helpnetsecurity.com/2023/06/07/0mega-ransomware-gang-changes-tactics/ https://www.linkedin.com/posts/keepnetlabs_0mega-ransomware-gang-changes-tactics-help-activity-7080546293990744065-GH6T/



ONEPERCENT	https://cybersecurity-info.com/news/fbi-onepercent-group/
ONYX	https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree
PANDORA	https://twitter.com/Arkbird_SOLG/status/1503435955306434562 https://www.avertium.com/resources/threat-reports/in-depth-pandora-ransomware https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/ https://www.sentinelone.com/blog/decrypting-catb-ransomware-analyzing-their-latest-attack-methods/ https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/




PHOBOS	https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html


PAY2KEY	https://www.binarydefense.com/threat_watch/blackshadow-threat-group-breaches-israeli-hosting-firm/
PAYLOAD.BIN	https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.databreaches.net/babuk-re-organizes-as-payload-bin-offers-its-first-leak/

PHOBOS	https://blogs.blackberry.com/ja/jp/2021/11/threat-thursday-phobos-ransomware https://www.enigmasoftware.jp/steelransomware-sakujo/ https://www.enigmasoftware.jp/lizardphobosransomware-sakujo/ https://mdba.info/ransomware/2020/10/02/%E3%80%8C-isos%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2/ https://mdba.info/ransomware/2022/03/20/%E3%80%8C-dike%E3%80%8D%E3%80%8C-zozl%E3%80%8D%E6%8B%A1%E5%BC%B5%E5%AD%90%E3%81%AB%E6%9A%97%E5%8F%B7%E5%8C%96%E3%81%99%E3%82%8Bphobos%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2-202/




PHOENIX LOCKER	https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://iototsecnews.jp/2022/06/02/evil-corp-switches-to-lockbit-ransomware-to-evade-sanctions/

PLAY	https://www.trendmicro.com/ja_jp/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://www.group-ib.com/blog/shadowsyndicate-raas/




POLYVICE	https://securityaffairs.co/139924/cyber-crime/vice-society-ransomware-custom-locker.html https://cyware.com/news/vice-society-adds-custom-branded-payload-polyvice-to-its-arsenal-a335bbe1

PROLOCK	https://www.bleepingcomputer.com/news/security/prolock-ransomware-teams-up-with-qakbot-trojan-for-network-access/ https://www.intrinsec.com/egregor-prolock/ https://www.cisa.gov/sites/default/files/2023-02/202010221030_qakbot_tlpwhite.pdf https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/qakbot https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html




PROMETHEUS	https://medium.com/s2wblog/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.cybereason.co.jp/blog/ransomware/6559/


PUTIN TEAM	https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/
PWNDLOCKER	https://www.bleepingcomputer.com/news/security/new-pwndlocker-ransomware-targeting-us-cities-enterprises/ https://www.bleepingcomputer.com/news/security/pwndlocker-fixes-crypto-bug-rebrands-as-prolock-ransomware/ https://malpedia.caad.fkie.fraunhofer.de/details/win.pwndlocker https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html



PYSA / MESPINOZA	https://www.cybereason.co.jp/blog/ransomware/7069/ https://www.emsisoft.com/en/blog/38840/ransomware-profile-mespinoza-pysa/ https://www.cybersecurity-insiders.com/details-of-new-pysa-n-everest-ransomware/


QILIN (AGENDA)	https://securityaffairs.co/wordpress/139811/cyber-crime/agenda-ransomware-rust.html https://www.trendmicro.com/ja_jp/research/22/i/new-golang-ransomware-agenda-customizes-attacks.html https://www.guidepointsecurity.com/blog/grit-ransomware-report-october-2022/ https://twitter.com/alvierid/status/1737763750940151998?s=61&t=cbDfoCunjPFFOy6AuZb1rw



QLOCKER	https://iototsecnews.jp/2022/01/16/a-new-wave-of-qlocker-ransomware-attacks-targets-qnap-nas-devices/ https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/

QUANTUM	https://asec.ahnlab.com/ko/41577/ https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/ https://www.group-ib.com/blog/shadowsyndicate-raas/





QUILONG	https://cybersecuritynews.com/new-qiulong-ransomware-emerges/
RA GROUP	https://riskybiznews.substack.com/p/risky-biz-news-chinas-great-firewall
RABBIT HOLE	https://cybersecuritynews.com/rabbit-hole-ransomware/
RAGNAR LOCKER	https://automaton-media.com/articles/newsjp/20201110-142870/ https://blog.cyble.com/2022/01/20/deep-dive-into-ragnar-locker-ransomware-gang/ https://www.cybereason.com/blog/threat-analysis-report-ragnar-locker-ransomware-targeting-the-energy-sector https://www.europol.europa.eu/media-press/newsroom/news/ragnar-locker-ransomware-gang-taken-down-international-police-swoop https://therecord.media/ragnar-locker-ransomware-site-taken-down-fbi-europol https://www.malwarebytes.com/blog/news/2023/10/ragnar-locker-taken-down





RAGNAROK	https://www.fortinet.com/jp/blog/threat-research/ranion-ransomware-quiet-and-persistent-raas https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/ https://therecord.media/ragnarok-ransomware-operation-shuts-down-and-releases-free-decrypter/ https://resources.infosecinstitute.com/topic/malware-analysis-ragnarok-ransomware/



RAMP	https://www.advintel.io/post/groove-vs-babuk-groove-ransom-manifesto-ramp-underground-platform-secret-inner-workings https://securityaffairs.co/121985/cyber-crime/groove-gang-fortinet-leaks.html

RANION	https://www.fortinet.com/jp/blog/threat-research/ranion-ransomware-quiet-and-persistent-raas https://www.digitalshadows.com/blog-and-research/ransomware-franchising-how-do-groups-get-started/

RANSOMHUB	https://www.cyberdaily.au/security/10272-the-rise-of-ransomhub-uncovering-a-new-ransomware-as-a-service-operation https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware https://thehackernews.com/2024/06/rebranded-knight-ransomware-targeting.html


RANSOM CARTEL	https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/
RANSOM CORP	https://twitter.com/signorina37H/status/1724314318856941729 https://twitter.com/AlvieriD/status/1724269503633056240 https://twitter.com/EquationCorp/status/1724592227978985836 https://twitter.com/FalconFeedsio/status/1697879943911518363



RANSOMED.VC	https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild https://www.zerofox.com/blog/ransomed-vc-sunsets-operations-auctions-off-infrastructure/ https://twitter.com/signorina37H/status/1724314318856941729 https://twitter.com/AlvieriD/status/1724269503633056240 https://twitter.com/EquationCorp/status/1724592227978985836 https://twitter.com/FalconFeedsio/status/1697879943911518363 https://twitter.com/karol_paciorek/status/1734590357260673170





RANSOMEXX	https://therecord.media/ibm-ransomexx-becomes-latest-ransomware-group-to-create-rust-variant/ https://www.cybereason.co.jp/blog/ransomware/5795/ https://www.cybereason.com/blog/cybereason-vs.-ransomexx-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/



RANSOMHOUSE	https://www.the420.in/ransomware-attack-on-pharma-company-aarti-drugs/ https://www.malwarebytes.com/blog/news/2022/05/threat-profile-ransomhouse-makes-extortion-work-without-ransomware https://www.scmagazine.com/brief/risk-management/novel-ransomhouse-cybercrime-operation-detailed https://www.bleepingcomputer.com/news/security/keralty-ransomware-attack-impacts-colombias-health-care-system/ https://cyberint.com/blog/research/ransomhouse/ https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html https://blog.scilabs.mx/en/threat-profile-ransomhouse/ https://www.shadowstackre.com/analysis/ransomhouse






RANZY	https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker
RANSOMWARE BLOG	https://www.kelacyber.com/wp-content/uploads/2022/11/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022-JA.pdf
REDRANSOMEWARE GROUP (RED CRYPTOAPP)	https://www.hackread.com/red-ransomware-group-red-cryptoapp-wall-of-shame/?web_view=true#google_vignette https://netenrich.com/blog/red-cryptoapp-ransomware-new-threat-group

REDALERT (N13V)	https://socradar.io/redalert-ransomware-targets-windows-and-linux-mware-esxi-servers/ https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/

RELIC	https://angle.ankura.com/post/102i1mb/relic-project-a-new-threat-group-or-rebranded-ransomware
REVIL (SODINOKIBI)	https://blogs.mcafee.jp/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars https://krebsonsecurity.com/2019/07/is-revil-the-new-gandcrab-ransomware/ https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.bleepingcomputer.com/news/security/ransom-cartel-linked-to-notorious-revil-ransomware-operation/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.digitalshadows.com/blog-and-research/the-never-ending-ransomware-story/ https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://www.flashpoint.io/blog/darkside-ransomware-links-to-revil-difficult-to-dismiss/ https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/qakbot https://www.trendmicro.com/ja_jp/research/21/k/QAKBOT-new-attack-technique.html












RHYSIDA	https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/ https://socradar.io/threat-profile-rhysida-ransomware/ https://thehackernews.com/2023/08/new-report-exposes-vice-societys.html


ROBBINHOOD	https://www.sompocybersecurity.com/column/column/a72
ROOK	https://www.prsol.cc/ja/post-2773/ https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit/NightSky_Ransomware%E2%80%93just_a_Rook_RW_fork_in_VMProtect_suit.md https://twitter.com/Arkbird_SOLG/status/1503435955306434562 https://twitter.com/vinopaljiri/status/1480059715392622597 https://www.forescout.com/blog/night-sky-a-short-lived-threat-from-a-long-lived-threat-actor/ https://www.avertium.com/resources/threat-reports/in-depth-pandora-ransomware





ROYAL	https://heimdalsecurity.com/blog/royal-ransomware-operation-amplifying-in-multi-million-dollar-attacks/ https://www.cybereason.com/blog/royal-ransomware-analysis https://www.scmagazine.com/brief/ransomware/royal-ransomware-tied-to-conti-gang https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks/ https://blog.cyble.com/2023/05/12/blacksuit-ransomware-strikes-windows-and-linux-users/ https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html https://www.axios.com/2023/05/09/royal-ransomware-us-cities-cybersecurity-hacking https://www.trellix.com/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html https://www.trendmicro.com/ja_jp/research/23/h/investigating-blacksuit-ransomwares-similarities-to-royal.html https://www.group-ib.com/blog/shadowsyndicate-raas/ https://www.bleepingcomputer.com/news/security/researchers-link-3am-ransomware-to-conti-royal-cybercrime-gangs/ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a https://socradar.io/dark-web-profile-blacksuit-ransomware/













RTM	https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html


RYUK	https://www.cybereason.co.jp/blog/ransomware/5607/ https://www.trendmicro.com/ja_jp/what-is/ransomware/ryuk-ransomware.html https://www.group-ib.com/blog/shadowsyndicate-raas/


54BB47H (SABBATH)	https://www.mandiant.com/resources/sabbath-ransomware-affiliate https://securityaffairs.co/wordpress/125154/cyber-crime/sabbath-ransomware.html https://www.anvilogic.com/threat-reports/unc2190-arcane-and-sabbath


SAMSAM	https://cyble.com/blog/cerber2021-ransomware-back-in-action/ https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public:

SCARECROW	https://blog.cyble.com/2022/12/22/new-ransomware-strains-emerging-from-leaked-contis-source-code/
SCHOOLBOYS	https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/
SEKHMET	https://news.sophos.com/ja-jp/2020/12/15/egregor-ransomware-mazes-heir-apparent-jp/ https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/

ShadowSyndicate	https://www.group-ib.com/blog/shadowsyndicate-raas/
SHAOLEAKS	https://www.guidepointsecurity.com/blog/grit-ransomware-report-october-2022/
SIEGEDSEC	https://twitter.com/karol_paciorek/status/1734590357260673170 https://www.sompocybersecurity.com/column/column/hacker-group-launches-ghostlocker-raas https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/


SILENT RANSOM GROUP	https://www.bleepingcomputer.com/news/security/ransomware-gangs-move-to-callback-social-engineering-attacks/ https://cyware.com/news/ransomware-gangs-use-callback-phishing-method-to-target-corporate-networks-ce1b0069

SLUG	https://twitter.com/Threatlabz/status/1747729463855751179
SNAPMC	https://www.nccgroup.com/jp/snapmc-the-non-ransomware-blackmail-attack/ https://www.bleepingcomputer.com/news/security/bianlian-ransomware-gang-shifts-focus-to-pure-data-extortion/ https://www.bleepingcomputer.com/news/security/snapmc-hackers-skip-file-encryption-and-just-steal-your-files/


SNATCH	https://www.picussecurity.com/resource/snatch-ransomware-gang https://thedfirreport.com/2020/06/21/snatch-ransomware/

SOLIDBIT	https://medium.com/s2wblog/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16
SPARTA	https://ke-la.com/wp-content/uploads/2022/11/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022-JA.pdf
SPARTACUS	https://cyble.com/blog/cerber2021-ransomware-back-in-action/ https://www.malwarebytes.com/blog/news/2018/04/spartacus-introduction-unsophisticated-ransomware

SPOOK	https://medium.com/s2wblog/prometheus-x-spook-prometheus-ransomware-rebranded-spook-ransomware-6f93bd8ab5dd https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/

STEEL	https://www.enigmasoftware.jp/steelransomware-sakujo/
STORMOUS	https://socradar.io/who-is-stormous-ransomware-group/ https://securelist.com/new-ransomware-trends-in-2022/106457/ https://cdn.www.gob.pe/uploads/document/file/3290929/Alerta%20integrada%20de%20seguridad%20digital%20N%C2%B0%20168-2022-CNSD.pdf.pdf https://www.sompocybersecurity.com/column/column/hacker-group-launches-ghostlocker-raas https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/ https://socradar.io/on-the-horizon-ransomed-vc-ransomware-group-spotted-in-the-wild/ https://thehackernews.com/2024/03/alert-ghostsec-and-stormous-launch.html






SUGAR	https://defpr.com/sugar-ransomware/
SUNCRYPT	https://analyst1.com/ransomware-diaries-volume-1/ https://www.bleepingcomputer.com/news/security/suncrypt-ransomware-is-still-alive-and-kicking-in-2022/ https://minerva-labs.com/blog/suncrypt-ransomware-gains-new-abilities-in-2022/


SYNACK	https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/
SZ40	https://www.cybereason.com/blog/research/cybereason-vs.-lorenz-ransomware
THANOS	https://www.secureworld.io/industry-news/venezuelan-doctor-jigsaw-thanos-ransomware http://maruyama-mitsuhiko.cocolog-nifty.com/security/2022/05/post-ea8ab8.html

THREEAM (3AM)	https://www.bleepingcomputer.com/news/security/researchers-link-3am-ransomware-to-conti-royal-cybercrime-gangs/
THUNDER X	https://blog.qualys.com/vulnerabilities-threat-research/2021/12/09/ransomware-ranzy-locker
TOMMYLEAKS	https://www.bleepingcomputer.com/news/security/tommyleaks-and-schoolboys-two-sides-of-the-same-ransomware-gang/
TREEAM	https://www.bleepingcomputer.com/news/security/hackers-use-new-3am-ransomware-to-save-failed-lockbit-attack/ https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit https://www.group-ib.com/blog/shadowsyndicate-raas/


TRIGONA	https://unit42.paloaltonetworks.jp/trigona-ransomware-update/ https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html https://therecord.media/trigona-ransomware-group-website-takedown-ukrainian-cyber-alliance


TRISEC	https://www.clipeusintelligence.com/post/trisec-a-new-ransomware-actor/
UNDERGROUND	https://www.fortiguard.com/threat-signal-report/5215/underground-team-ransomware https://securityscorecard.com/research/a-technical-analysis-of-the-underground-ransomware-deployed-by-storm-0978/ https://www.privacyaffairs.com/underground-ransomware-actor-breaches-11-targets/


VASA LOCKER (BABY)	https://cyberint.com/blog/research/babuk-locker/ https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html

VEGA	https://www.picussecurity.com/resource/zeppelin-ransomware-analysis-simulation-and-mitigation https://blogs.blackberry.com/en/2019/12/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe

VICE SOCIETY	https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/ https://securityaffairs.co/wordpress/139924/cyber-crime/vice-society-ransomware-custom-locker.html https://therecord.media/microsoft-ties-vice-society-hackers-to-additional-ransomware-strains/ https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/ https://socradar.io/threat-profile-rhysida-ransomware/




VSOP	https://blog.cyble.com/2022/08/10/onyx-ransomware-renames-its-leak-site-to-vsop/
WASTEDLOCKER	https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.csoonline.com/article/3574907/wastedlocker-explained-how-this-targeted-ransomware-extorts-millions-from-victims.html

WHITERABBIT	https://www.crn.com.au/news/amd-claims-potential-attack-from-ransomhouse-gang-582029 https://howtofix.guide/white-rabbit-ransomware/ https://twitter.com/malwrhunterteam/status/1560327142621208577 https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/ https://securityaffairs.com/146144/cyber-crime/babuk-ransomware-code-used-10-ransomware.html https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html






X001XS	https://www.insicurezzadigitale.com/en/nuovo-leak-site-nuovo-gruppo-ransomware-ex-rook/
WEREWOLVES	https://twitter.com/alvierid/status/1737763750940151998?s=61&t=cbDfoCunjPFFOy6AuZb1rw https://www.malwarebytes.com/blog/threat-intelligence/2024/01/ransomware-review-january-2024

XING TEAM	https://id-ransomware.blogspot.com/2020/08/cbtucyny-ransomware.html https://twitter.com/darktracer_int/status/1433694601076822016 https://twitter.com/LawrenceAbrams/status/1519495698680623104 https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware https://www.cybersecuritydive.com/news/ransomware-ryuk-conti-revil-2021/608845/ https://www.tetradefense.com/wp-content/uploads/2021/06/ThreatIntel_May_RoundUp_Compressed.pdf https://www.trendmicro.com/en_us/research/21/j/ransomware-operators-found-using-new-franchise-business-model.html






YANLUOWANG	https://www.trellix.com/en-gb/about/newsroom/stories/research/yanluowang-ransomware-leaks-analysis.html https://iototsecnews.jp/2022/09/01/infra-used-in-cisco-hack-also-targeted-workforce-management-solution/

YASHMA	https://medium.com/s2wblog/two-copycats-of-lockbit-ransomware-solidbit-and-crypton-7257fb069b16 https://blogs.blackberry.com/ja/jp/2022/06/yashma-ransomware-tracing-the-chaos-family-tree

ZEON	https://exchange.xforce.ibmcloud.com/malware-analysis/guid:c0a25a3d60116cf5142da3303876ce16 https://www.sentinelone.com/blog/from-the-front-lines-3-new-and-emerging-ransomware-threats-striking-businesses-in-2022/

ZEPPELIN	https://www.picussecurity.com/resource/zeppelin-ransomware-analysis-simulation-and-mitigation https://blogs.blackberry.com/en/2019/12/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/

MBSD Cyber Intelligence Group (CIG)
吉川孝志

Download

暴露型ランサムウェア攻撃統計
CIGマンスリーレポート
2024年10月号

最新情報

ランサムウェア／攻撃グループの変遷と繋がり (Rev.2)

Most Read

Download

キーワードで探す

テーマで探す

筆者で探す

シリーズで探す