{"id":67831,"date":"2021-04-22T09:00:00","date_gmt":"2021-04-22T01:00:00","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=67831"},"modified":"2021-04-20T12:16:07","modified_gmt":"2021-04-20T04:16:07","slug":"%e8%b6%a8%e5%8b%a2%e7%a7%91%e6%8a%80%e5%8d%94%e5%8a%a9%e9%80%ae%e6%8d%95-egregor-%e5%8b%92%e7%b4%a2%e7%97%85%e6%af%92%e7%8a%af%e7%bd%aa%e9%9b%86%e5%9c%98","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=67831","title":{"rendered":"\u8da8\u52e2\u79d1\u6280\u5354\u52a9\u902e\u6355 Egregor \u52d2\u7d22\u75c5\u6bd2\u72af\u7f6a\u96c6\u5718"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\"><\/h1>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u4e09\u540d\u64da\u7a31\u662f Egregor \u00a0<a href=\"http:\/\/blog.trendmicro.com.tw\/?p=12412\">\u52d2\u7d22\u75c5\u6bd2 Ransomware<\/a> (\u52d2\u7d22\u8edf\u9ad4\/\u7d81\u67b6\u75c5\u6bd2)\u72af\u7f6a\u96c6\u5718\u6210\u54e1\u7684\u5acc\u72af\uff0c\u4e8c\u6708\u5728\u6cd5\u570b\u8207\u70cf\u514b\u862d\u653f\u5e9c\u806f\u5408\u57f7\u884c\u7684\u4e00\u9805\u884c\u52d5\u7576\u4e2d\u906d\u5230<a rel=\"noreferrer noopener\" href=\"https:\/\/www.computerweekly.com\/news\/252496480\/Egregor-ransomware-arrests-confirmed\" target=\"_blank\">\u902e\u6355<\/a>\u3002\u9019\u9805\u902e\u6355\u884c\u52d5\u662f\u516c\u79c1\u90e8\u9580<a rel=\"noreferrer noopener\" href=\"https:\/\/therecord.media\/frances-lead-cybercrime-investigator-on-the-egregor-arrests-cybercrime\/\" target=\"_blank\">\u5408\u4f5c<\/a>\u7684\u5171\u540c\u6210\u679c\uff0c\u8da8\u52e2\u79d1\u6280\u6709\u5e78\u53c3\u8207\u5176\u4e2d\u3002<\/p><\/blockquote>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Egregor\u5c07\u52d2\u7d22\u75c5\u6bd2\u92b7\u552e\u6216\u51fa\u79df\u7d66\u72af\u7f6a\u96c6\u5718<\/h2>\n\n\n\n<p><br><a href=\"https:\/\/blog.trendmicro.com.tw\/?p=66669\">Egregor \u52d2\u7d22\u75c5\u6bd2<\/a>\u5f9e 2020 \u5e74 9 \u6708\u9996\u6b21\u73fe\u8eab\u4ee5\u4f86\u5df2\u767c\u52d5\u904e\u591a\u8d77\u91dd\u5c0d<a rel=\"noreferrer noopener\" href=\"https:\/\/threatpost.com\/kmart-egregor-ransomware\/161881\/\" target=\"_blank\">\u96f6\u552e\u696d<\/a>\u3001<a rel=\"noreferrer noopener\" href=\"https:\/\/www.securityweek.com\/hr-giant-randstad-hit-egregor-ransomware\" target=\"_blank\">\u4eba\u529b\u8cc7\u6e90\u670d\u52d9<\/a>\u53ca\u5176\u4ed6\u4f01\u696d\u6a5f\u69cb\u7684\u91cd\u5927\u653b\u64ca\u3002\u8a72\u96c6\u5718\u63a1\u7528\u6240\u8b02<a rel=\"noreferrer noopener\" href=\"https:\/\/insights.sei.cmu.edu\/blog\/ransomware-as-a-service-raas-threats\/#:~:text=What%20is%20Ransomware%20as%20a,them%20to%20perform%20an%20attack.\" target=\"_blank\">\u52d2\u7d22\u75c5\u6bd2\u670d\u52d9<\/a> (Ransomware-as-a-service\uff0c\u7c21\u7a31 RaaS) \u7684\u7d93\u71df\u6a21\u5f0f\uff0c\u5c07\u52d2\u7d22\u75c5\u6bd2\u92b7\u552e\u6216\u51fa\u79df\u7d66\u5176\u4ed6\u72af\u7f6a\u96c6\u5718\u4f7f\u7528\uff0c\u5982\u6b64\u4e00\u4f86\uff0c\u5373\u4f7f\u662f\u7d93\u9a57\u8f03\u70ba\u4e0d\u8db3\u7684\u72af\u7f6a\u96c6\u5718\u4e5f\u80fd\u767c\u52d5\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\u3002Egregor \u8ddf\u8a31\u591a\u77e5\u540d\u7684\u52d2\u7d22\u75c5\u6bd2\u4e00\u6a23\u63a1\u53d6\u300c\u96d9\u91cd\u52d2\u7d22\u300d\u7684\u624b\u6cd5\uff0c\u4e00\u65b9\u9762\u5c07\u53d7\u5bb3\u8005\u7684\u8cc7\u6599\u52a0\u5bc6\uff0c\u53e6\u4e00\u65b9\u9762\u5a01\u8105\u53d7\u5bb3\u8005\u82e5\u4e0d\u652f\u4ed8\u8d16\u91d1\u5c31\u5c07\u5176\u8cc7\u6599\u5916\u6d41\u3002<\/p>\n\n\n\n<p>\u6b64\u52d2\u7d22\u75c5\u6bd2<a href=\"https:\/\/digital.nhs.uk\/cyber-alerts\/2020\/cc-3681\" target=\"_blank\" rel=\"noreferrer noopener\">\u901a\u5e38\u7d93\u7531<\/a>\u4e00\u4e9b\u9060\u7aef\u5b58\u53d6\u6728\u99ac\u7a0b\u5f0f (\u5982 <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/qakbot\">QAKBOT<\/a>) \u4f86\u6563\u5e03\u3002\u6b64\u5916\uff0c<a href=\"https:\/\/threatpost.com\/fbi-egregor-attacks-businesses-worldwide\/162885\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u4e5f\u6703\u7d93\u7531<\/a>\u542b\u6709\u60e1\u610f\u9644\u4ef6\u7684\u7db2\u8def\u91e3\u9b5a\u90f5\u4ef6\uff0c\u6216\u7d93\u7531\u9060\u7aef\u684c\u9762\u5354\u5b9a (RDP) \u6216\u865b\u64ec\u79c1\u4eba\u7db2\u8def (VPN) \u7684\u653b\u64ca\u6f0f\u6d1e\u4f86\u6563\u5e03\u3002<\/p>\n\n\n\n<!--more-->\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">\u53d7\u5bb3\u4f01\u696d\u5206\u5e03\u65bc<a href=\"https:\/\/threatpost.com\/egregor-ransomware-mass-media-corporate-data\/159816\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u7269\u6d41<\/a>\u3001<a href=\"https:\/\/www.infosecurity-magazine.com\/news\/police-arrest-egregor-ransomware\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u65b0\u805e\u51fa\u7248<\/a>\u8207&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/ubisoft-crytek-data-posted-on-ransomware-gangs-site\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u96fb\u73a9\u904a\u6232\u958b\u767c<\/a>\u7b49\u7522\u696d<\/h2>\n\n\n\n<p><br>\u9019\u8d77\u91dd\u5c0d Egregor \u96c6\u5718\u7684\u67e5\u7ddd\u884c\u52d5\uff0c\u662f\u7531\u6cd5\u570b\u57f7\u6cd5\u55ae\u4f4d\u5728\u8a72\u96c6\u5718\u653b\u64ca\u4e86\u6578\u5bb6\u6cd5\u570b\u4f01\u696d\u4e4b\u5f8c\u555f\u52d5\uff0c\u53d7\u5bb3\u4f01\u696d\u5206\u5e03\u65bc<a rel=\"noreferrer noopener\" href=\"https:\/\/threatpost.com\/egregor-ransomware-mass-media-corporate-data\/159816\/\" target=\"_blank\">\u7269\u6d41<\/a>\u3001<a rel=\"noreferrer noopener\" href=\"https:\/\/www.infosecurity-magazine.com\/news\/police-arrest-egregor-ransomware\/\" target=\"_blank\">\u65b0\u805e\u51fa\u7248<\/a>\u8207\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/www.zdnet.com\/article\/ubisoft-crytek-data-posted-on-ransomware-gangs-site\/\" target=\"_blank\">\u96fb\u73a9\u904a\u6232\u958b\u767c<\/a>\u7b49\u7522\u696d\u3002\u5728\u70cf\u514b\u862d\u7684\u5354\u52a9\u4e0b\uff0c\u6cd5\u570b\u57f7\u6cd5\u55ae\u4f4d\u6210\u529f\u8ffd\u8e64\u5230\u9019\u4e09\u540d\u5acc\u72af\u4e26\u52a0\u4ee5\u902e\u6355\u3002<\/p>\n\n\n\n<p>\u6cd5\u570b\u53f8\u6cd5\u8b66\u5bdf\u96fb\u8166\u5b89\u5168\u4e8b\u4ef6\u61c9\u8b8a\u5c0f\u7d44 (CSIRT-PJ) \u4e3b\u4efb Fran\u00e7ois B. \u5728\u63a5\u53d7 &nbsp;<a href=\"https:\/\/therecord.media\/frances-lead-cybercrime-investigator-on-the-egregor-arrests-cybercrime\/\" target=\"_blank\" rel=\"noreferrer noopener\">The Record<\/a> \u95dc\u65bc\u6b64\u4e8b\u4ef6\u7684\u96fb\u5b50\u90f5\u4ef6\u8a2a\u554f\u4e2d\u6307\u51fa\uff0c\u8a72\u8d77\u884c\u52d5\u4e5f\u7372\u5f97\u4e86\u4e00\u4e9b\u7db2\u8def\u8cc7\u5b89\u8207\u4e8b\u4ef6\u61c9\u8b8a\u6a5f\u69cb\u7684\u5354\u52a9\uff0c\u5176\u4e2d\u5305\u62ec\u8da8\u52e2\u79d1\u6280\u3002\u4ed6\u8868\u793a\uff0c\u9019\u4e9b\u6a5f\u69cb\u7a4d\u6975\u53c3\u8207\u4e86\u8abf\u67e5\u4e26\u300c\u63d0\u4f9b\u6211\u5011\u6700\u6e96\u78ba\u7684\u6848\u4f8b\u3001\u5de5\u5177\u8207\u5a01\u8105\u60c5\u5831\u8cc7\u6599\u3002\u300d<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">\u5982\u4f55\u9632\u7bc4\u7cfb\u7d71\u906d\u5230\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca?<\/h2>\n\n\n\n<p><br>\u52d2\u7d22\u75c5\u6bd2\u662f\u4e00\u9805\u6301\u7e8c\u5b58\u5728\u7684\u8cc7\u5b89\u554f\u984c\uff0c\u6709\u6642\u751a\u81f3\u53ef\u80fd\u8fc5\u901f\u6f14\u8b8a\u6210\u66f4\u5177\u7834\u58de\u529b\u7684\u5a01\u8105\u3002\u8981\u9632\u7bc4\u7cfb\u7d71\u906d\u5230\u52d2\u7d22\u75c5\u6bd2\u653b\u64ca\uff0c\u4f7f\u7528\u8005\u6700\u597d\u990a\u6210\u4ee5\u4e0b\u826f\u597d\u8cc7\u5b89\u7fd2\u6163\uff1a<\/p>\n\n\n\n<ul><li><strong>\u5728\u672a\u78ba\u8a8d\u96fb\u5b50\u90f5\u4ef6\u4f86\u6e90\u4e4b\u524d\uff0c\u5207\u52ff\u4e0b\u8f09\u5176\u9644\u4ef6\u6a94\u6848\u6216\u9ede\u9078\u90f5\u4ef6\u4e2d\u7684\u9023\u7d50\u3002<\/strong><\/li><li><strong>\u5b9a\u671f\u4fee\u88dc\u53ca\u66f4\u65b0\u4f5c\u696d\u7cfb\u7d71\u3001\u7a0b\u5f0f\u8207\u8edf\u9ad4\u3002<\/strong><\/li><li><strong>\u5b9a\u671f\u5099\u4efd\u6a94\u6848\uff0c\u4e26\u9075\u5b88<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=52832\">3-2-1 \u5099\u4efd\u539f\u5247<\/a>:\u81f3\u5c11\u8907\u88fd 3 \u4efd\u3001\u5132\u5b58\u6210 2 \u7a2e\u4e0d\u540c\u5a92\u9ad4\u3001\u81f3\u5c11\u4fdd\u7559 1 \u4efd\u5728\u5099\u63f4\u5730\u9ede\u3002<\/strong><br><\/li><\/ul>\n\n\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/04\/3-2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/04\/3-2-1024x1024.png\" alt=\"\" class=\"wp-image-67832\" width=\"644\" height=\"644\" srcset=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/04\/3-2-1024x1024.png 1024w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/04\/3-2-300x300.png 300w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/04\/3-2-150x150.png 150w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/04\/3-2-768x768.png 768w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/04\/3-2-30x30.png 30w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/04\/3-2-60x60.png 60w, https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2021\/04\/3-2.png 1080w\" sizes=\"(max-width: 644px) 100vw, 644px\" \/><\/a><\/figure>\n\n\n\n<p><br>\u6b64\u5916\uff0c\u50cf <a href=\"https:\/\/www.trendmicro.com\/zh_tw\/what-is\/xdr.html\">\u8da8\u52e2\u79d1\u6280 XDR<\/a><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/detection-response\/xdr.html\"><sup>TM<\/sup><\/a> \u9019\u6a23\u7684\u89e3\u6c7a\u65b9\u6848\u4e5f\u53ef\u63d0\u4f9b\u591a\u5c64\u5f0f\u9632\u8b77\u4f86\u4fdd\u8b77\u5404\u9805\u7cfb\u7d71\uff0c\u5305\u62ec\uff1a\u96fb\u5b50\u90f5\u4ef6\u3001\u7aef\u9ede\u3001\u4f3a\u670d\u5668\u3001\u96f2\u7aef\u5de5\u4f5c\u8ca0\u8f09\u4ee5\u53ca\u7db2\u8def\u3002\u6b64\u7522\u54c1\u53ef\u5f9e\u4e0a\u8ff0\u6240\u6709\u9632\u8b77\u5c64\u7576\u4e2d\u8490\u96c6\u8cc7\u6599\u4e26\u9032\u884c\u4ea4\u53c9\u95dc\u806f\uff0c\u5982\u6b64\u4e00\u4f86\uff0c\u8cc7\u5b89\u8207 IT \u5718\u968a\u5c31\u80fd\u7372\u5f97\u66f4\u5b8c\u6574\u7684\u653b\u64ca\u80cc\u666f\u8cc7\u8a0a\uff0c\u800c\u9019\u4e9b\u8cc7\u8a0a\u55ae\u7368\u770b\u4f86\u6709\u6642\u6beb\u4e0d\u8d77\u773c\u3002\u638c\u63e1\u9019\u4e9b\u8cc7\u8a0a\u4e4b\u5f8c\uff0c\u4f01\u696d\u5c31\u80fd\u66f4\u5feb\u3001\u66f4\u6e96\u78ba\u767c\u6398\u5a01\u8105\u3002<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/c\/egregor-ransomware-cartel-members-arrested.html\">Alleged Members of Egregor Ransomware Cartel Arrested<\/a><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4e09\u540d\u64da\u7a31\u662f Egregor \u00a0\u52d2\u7d22\u75c5\u6bd2 Ransomware (\u52d2\u7d22\u8edf\u9ad4\/\u7d81\u67b6\u75c5\u6bd2)\u72af\u7f6a\u96c6\u5718\u6210\u54e1\u7684\u5acc\u72af\uff0c\u4e8c\u6708\u5728 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[2266,3199,186,179],"tags":[4721,4179],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/67831"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=67831"}],"version-history":[{"count":1,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/67831\/revisions"}],"predecessor-version":[{"id":67834,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/67831\/revisions\/67834"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=67831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=67831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=67831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}