Ransomware News 2020 April -  Úvod  2020  2019  2018  0  1  2  3 


2020 -  January February March April May June July August September October November December


H  Ransomware  Jak útočí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

DATE

NAME

INFO

CATEGORY

SUBCATE

26.4.20

LockBit ransomware borrows tricks to keep up with REvil and Maze

Ransomware operators are always on the lookout for a way to take their ransomware to the next level. That’s particularly true of the gang behind LockBit. Following the lead of the Maze and REvil ransomware crime rings, LockBit’s operators are now threatening to leak the data of their victims in order to extort payment. And the ransomware itself also includes a number of technical improvements that show LockBit’s developers are climbing the ransomware learning curve—and have developed an interesting technique to circumvent Windows’ User Account Control (UAC).

RANSOM RANSOM

26.4.20

SeaChange video platform allegedly hit by Sodinokibi ransomware

A leading supplier of video delivery software solutions is reportedly the latest victim of the Sodinokibi Ransomware, who has posted images of data they claim to have stolen from the company during a cyberattack.

RANSOM RANSOM

26.4.20

New ISO Phobos ransomware variant

GrujaRS found a new Phobos Ransomware variant that appends the .iso extension to encrypted files.

RANSOM RANSOM

26.4.20

Threat Spotlight: MedusaLocker

MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of the functionality remains consistent. The most notable differences are changes to the file extension used for encrypted files and the look and feel of the ransom note that is left on systems following the encryption process.

RANSOM RANSOM

26.4.20

New Coronavirus screenlocker malware is extremely annoying

A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.

RANSOM RANSOM

26.4.20

DoppelPaymer Ransomware hits Los Angeles County city, leaks files

The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted.

RANSOM RANSOM

26.4.20

New Lezp STOP Ransomware variant

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .lezp extension to encrypted files.

RANSOM RANSOM

26.4.20

The State of Ransomware in the US: Report and Statistics for Q1 2020

In 2019, 966 government agencies, educational establishments and healthcare providers in the US were impacted by ransomware. While the early indicators were that the 2020 numbers would be similar to 2019’s or perhaps even worse, that has proved not to be the case. A total of 89 organizations were impacted by ransomware in Q1, however, as the COVID-19 crisis worsened, the number of successful attacks reduced considerably and is now at a level not seen in several years.

RANSOM RANSOM

26.4.20

Fake SMBGhost exploit installs ransomware

MalwareHunterTeam found a fake SMBGhost exploit that is actually ransomware that appends the .sepsys extension to encrypted files.

RANSOM RANSOM

26.4.20

IT services giant Cognizant suffers Maze Ransomware cyber attack

Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze Ransomware, BleepingComputer has learned.

RANSOM RANSOM

26.4.20

US govt: Hacker used stolen AD credentials to ransom hospitals

Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using stolen Active Directory credentials months after exploiting a known remote code execution (RCE) vulnerability in their Pulse Secure VPN servers.

RANSOM RANSOM

19.4.20

New Fidesz ransomware

MalwareHunterTeam found a new in-development ransomware from Hungary called Fidesz ransomware.

RANSOM RANSOM

19.4.20

Leading accounting firm MNP hit with cyberattack

A leading accounting firm in Canada forced a company-wide shutdown of their systems after getting hit with a cyberattack last weekend, BleepingComputer has learned.

RANSOM RANSOM

19.4.20

New Balaclava Ransomware variant

GrujaRS found a new variant of the Balaclava Ransomware that appends the .KEY0004 extension and drops a ransom note named HOW_TO_RECOVERY_FILES.txt.

RANSOM RANSOM

19.4.20

New DEC Dharma Ransomware variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .dec extension to encrypted files.

RANSOM RANSOM

19.4.20

New Nemty variant has messages for researchers

MalwareHunterTeam found a new Nemty 3.1 ransomware variant that has messages for Michael Gillespie, MalwareHunterTeam, and Amigo_A.

RANSOM RANSOM

19.4.20

Nemty Ransomware shuts down public RaaS operation, goes private

The Nemty Ransomware is shutting down its public Ransomware-as-a-Service (RaaS) operation and switching to an exclusive private operation where affiliates are hand-selected for their expertise.

RANSOM RANSOM

19.4.20

Emsisoft releases KokoCrypt decryptor

Emsisoft has released a decryptor for the KokoCrypt ransomware.

RANSOM RANSOM

19.4.20

Emsisoft's Aurora decryptor updated

Emsisoft updated their Aurora decryptor to support the .bukyak and .serpom extensions.

RANSOM RANSOM

19.4.20

New Lalo STOP Ransomware variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .lalo extension to encrypted files.

RANSOM RANSOM

19.4.20

New Creepy Ransomware

S!Ri found a new Creepy Ransomware that appends the .creepy extension to encrypted files.

RANSOM RANSOM

19.4.20

RagnarLocker ransomware hits EDP energy giant, asks for €10M

Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).

RANSOM RANSOM

19.4.20

New DOP Dharma variant

dnwls0719 found a new variant of the Dharma Ransomware that appends the .dop extension to encrypted files.

RANSOM RANSOM

19.4.20

New ransomware hunt

Michael Gillespie found a new ransomware that appends the .SARS-CoV-2 extension and drops a ransom note named RECOVER MY ENCRYPTED FILES.TXT.

RANSOM RANSOM

19.4.20

New Golang Ransomware variant

Jirehlov and RedDrip found a new ransomware that that appends the .bug extension and drops a ransom note named Read_Bug.html.

RANSOM RANSOM

19.4.20

Ransomware writer issues an apology

The author of the KokoCrypt ransomware issued an apology after a ransomware he made got leaked into the wild.

RANSOM RANSOM

19.4.20

New Wiper Malware impersonates security researchers as prank

A malware distributor has decided to play a nasty prank by locking victim's computers before they can start Windows and then blaming the infection on two well-known and respected security researchers.

RANSOM RANSOM

19.4.20

Reports Say Epiq Has Laid Off Some 200 Employees In Wake Of Ransomware Attack

The international e-discovery and managed services company Epiq Global has laid off some 200 employees, with more layoffs yet to come, according to several sources familiar with the situation.

RANSOM RANSOM

19.4.20

Sodinokibi Ransomware to stop taking Bitcoin to hide money trail

The Sodinokibi Ransomware has started to accept the Monero cryptocurrency to make it harder for law enforcement to track ransom payments and plans to stop allowing bitcoin payments in the future.

RANSOM RANSOM

12.4.20

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay

Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online.

RANSOM RANSOM

12.4.20

NewAurora Ransomware variant

GrujaRS found a new Aurora Ransomware variant that appends the .bukyak extension.

RANSOM RANSOM

12.4.20

New BearCrypt Ransomware

GrujaRS found a new ransomware called BearCrypt that only targets .jpg and .png files. When encrypted it appends the .crypt extension and drops a ransom note named Readme.txt. Appears to be in-dev.

RANSOM RANSOM

12.4.20

Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations

Travelex reportedly paid a $2.3 million ransom payment to get their systems back online after being encrypted by a Sodinokibi ransomware attack.

RANSOM RANSOM

12.4.20

New Jope Mpaj Ransomware variant

Michael Gillespie found new STOP Ransomware variant that appends the .mpaj extension to encrypted files.

RANSOM RANSOM

12.4.20

Dharma Ransomware Variant Malspam Targeting COVID-19

One such spear-phishing campaign is being used by the Dharma ransomware variant (Crysis). First noted in 2016, Dharma ransomware has been around for almost five years now and keeps popping out with a new variant, periodically. The threat actors want to leverage every scenario to escape detection and deliver the payload.

RANSOM RANSOM

12.4.20

New Gibberish variant spread through RIG-EK

FaLcon Intelligence found that a new variant of the Gibberish Ransomware is being spread through the RIG exploit kit.

RANSOM RANSOM

12.4.20

New Joke (?) Ransomware decrypts if you win a game

S!Ri found a new ransomware that states it will decrypt your files if you win a game.

RANSOM RANSOM

12.4.20

New Corona Virus IQ Ransomware

MalwareHunterTeam found a new "Corona Virus IQ" Ransomware from Iraqthat appends the .corona extension to encrypted files.

RANSOM RANSOM

12.4.20

New Revon Phobos variant

dnwls0719 found a new Phobos Ransomware variant that appends the .revon extension and drops ransom notes named info.txt and info.hta.

RANSOM RANSOM

12.4.20

New BlackOrchid Ransomware variant

GrujaRS found anew BlackOrchid Ransomware variant that appends the .shinya extension to encrypted files.

RANSOM RANSOM

12.4.20

Interpol: Ransomware attacks on hospitals are increasing

The INTERPOL (International Criminal Police Organisation) warns that cybercriminals are increasingly attempting to lockout hospitals out of critical systems by attempting to deploy ransomware on their networks despite the currently ongoing COVID-19 outbreak.

RANSOM RANSOM

12.4.20

New Jope STOP Ransomware variant

Michael Gillespie found new STOP Ransomware variant that appends the .jope extension to encrypted files.

RANSOM RANSOM

12.4.20

New MSPLT Dharma Ransomware variant

dnwls0719 found a new Dharma Ransomware variant that appends the .MSPLT extension to encrypted files.

RANSOM RANSOM

12.4.20

New MrDec Ransomware

S!Ri found the MrDec Ransomware that appends the .[ID]_RSA extension.

RANSOM RANSOM

12.4.20

New Boruta Ouroboros Ransomware variant

Michael Gillespie found a new Boruta Ouroboros Ransomware variant that appends the .Boruta extension.

RANSOM RANSOM

12.4.20

New Rogue Ransomware

GrujaRS found the new HiddenTear ransomware named Rogue Ransomware that appends the .rogue extension and impersonates

RANSOM RANSOM

12.4.20

New WannaCash variant utilizes a COVID-19 theme

Alex Svirid found a new variant of the WannaCash Ransomware that appends the COVID-19 themed extension of .WANNACASH NCOV v310320.

RANSOM RANSOM

12.4.20

Microsoft is Alerting Hospitals Vulnerable to Ransomware Attacks

Microsoft has started to send targeted notifications to dozens of hospitals about vulnerable public-facing VPN devices and gateways located on their network.

RANSOM RANSOM

12.4.20

REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation

REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725.

RANSOM RANSOM

12.4.20

Nephilim Ransomware fixes spelling mistake

dnwls0719 spotted the Nephilim ransomware, which was previously using a different and uncommon spelling of Nefilim in the past. This variant uses the .NEPHILIM extension and drops a ransom note named NEPHILIM-DECRYPT.txt.

RANSOM RANSOM

12.4.20

Aurora Ransomware decrypted updated

Emsisoft updated their Aurora decryptor to support the .CoronaLock extension.

RANSOM RANSOM

12.4.20

New BB Ransomware

dnwls0719 found the BB Ransomware that appends the .encryptedbyBB extension to encrypted files.

RANSOM RANSOM

12.4.20

ILELECTION2020 Ransomware discovered

MalwareHunterTeam found a new Stupid Ransomware variant called ILELECTION2020 that targets Israelis and appends the .likud extension to encrypted files.

RANSOM RANSOM

12.4.20

New Jigsaw Ransomware

JAMESWT found a new Jigsaw Ransomware variant targeted Italian users and appending the .math extension to encrypted files.

RANSOM RANSOM

12.4.20

New Mado STOP Ransomware variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .mado extension to encrypted files.

RANSOM RANSOM