Ransomware News 2020 July -  Úvod  2020  2019  2018  0  1  2  3 


2020 -  January February March April May June July August September October November December


H  Ransomware  Jak útoèí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

DATE

NAME

INFO

CATEGORY

SUBCATE

26.7.20

New FlyingShip Ransomware

Karsten Hahn found a new CryptoWire variant called FlyingShip.

RANSOM RANSOM

26.7.20

New Silvertor ransomware

Karsten Hahn found a new ransomware that threatens "fry" files and append the .silvertor extension to encrypted files.

RANSOM RANSOM

26.7.20

New ERIF STOP Ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .erif extension to encrypted files.

RANSOM RANSOM

26.7.20

WastedLocker Ransomware Insights

Arete Threat Intelligence continues to work with law enforcement contacts to conduct analysis into WastedLocker. The cyber criminals behind this variant have been quick to identify and infect victims’ systems with ransomware resulting in a devastating blow to the victims IT infrastructure and interrupting profitable business operations

RANSOM RANSOM

26.7.20

New Bootlocker gives link to RickRoll

JAMESWT found a new bootlocker that shows a link to a RickRoll YouTube Video.

RANSOM RANSOM

26.7.20

UK govt warns of ransomware, BEC attacks against sports sector

The UK National Cyber Security Centre (NCSC) today highlighted the increasing risks posed by ransomware attacks, phishing campaigns, and Business Email Compromise (BEC) fraud schemes targeting sports organizations and teams, including Premier League football clubs.

RANSOM RANSOM

26.7.20

Garmin outage caused by confirmed WastedLocker ransomware attack

Wearable device maker Garmin shut down some of its connected services and call centers on Thursday following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack.

RANSOM RANSOM

26.7.20

New in-dev Davinci ransomware

Leo found a new in-development ransomware that calls itself Davinci and only encrypts files on the desktop. Amigo-A states that this is a variant of the CobraLocker ransomware family.

RANSOM RANSOM

26.7.20

Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)

Affiliate involved in Maze ransomware operations profiled from the actor perspective while also detailing their involvement in other groups.

RANSOM RANSOM

26.7.20

Lazarus hackers deploy ransomware, steal data using MATA malware

A recently discovered malware framework known as MATA and linked to the North Korean-backed hacking group known as Lazarus was used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data theft.

RANSOM RANSOM

26.7.20

Brief analysis of Exorcist posted

Vitali Kremez posted a brief analysis of the Exorcist ransomware and how it avoids CIS countries.

RANSOM RANSOM

26.7.20

New Exorcist Ransomware

MalwareHunterTeam found a new ransomware called Exorcist that is targeting enterprise networks and is promoted on hacker forums.

RANSOM RANSOM

26.7.20

New Matrix Ransomware variant

Michael Gillespie found a new Matrix ransomware variant that appends the .RE78P and drops the RE78P_README.rtf ransom note.

RANSOM RANSOM

26.7.20

ID Ransomware can now detect 900 ransomware families

Michael Gillespie announced that ID Ransomware can now detect 900 ransomware families.

RANSOM RANSOM

26.7.20

New ransomware/wiper discovered

Michael Gillespie found a new ransomware/wiper that appends the .mechu4Po and .Ieph0uxo extensions or drops a ransom note named !!!ПРОЧИТАТЬ!!!.txt / README.txt.

RANSOM RANSOM

26.7.20

Ransomware gang demands $7.5 million from Argentinian ISP

A ransomware gang has infected the internal network of Telecom Argentina, one of the country's largest internet service providers, and is now asking for a $7.5 million ransom demand to unlock encrypted files.

RANSOM RANSOM

26.7.20

Lorien Health Services discloses ransomware attack affecting nearly 50,000

Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident.

RANSOM RANSOM

26.7.20

Sodinokibi\REvil Ransomware attacks against the Education Sector

Since January 2020, the Arete IR practice has responded to forty-one (41) Sodinokibi engagements. The industry has seen two big changes with Sodinokibi/REvil from their shift to exfiltrating data as of January 2020, and more, recently with their move to only accepting payments in Monero cryptocurrency (XMR).

RANSOM RANSOM

19.7.20

New REPL STOP Ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .kuus extension to encrypted files.

RANSOM RANSOM

19.7.20

New Maoloa Ransomware variant

Michael Gillespie found a new Maoloa Ransomware variant that appends the .Globeimposter-Alpha865qqz extension to encrypted files.

RANSOM RANSOM

19.7.20

New SPARE Dharma Ransomware variant

Michael Gillespie found a new Dharma Ransomware variant that appends the .spare extension to encrypted files.

RANSOM RANSOM

19.7.20

Cloud provider stopped ransomware attack but had to pay ransom demand anyway

Blackbaud, a provider of software and cloud hosting solutions, said it stopped a ransomware attack from encrypting files earlier this year but still had to pay a ransom demand anyway after hackers stole data from the company's network and threatened to publish it online.

RANSOM RANSOM

19.7.20

New Matrix Ransomware variant

Michael Gillespie found a new Makop Ransomware variant that appends the .BNFD extension to encrypted files.

RANSOM RANSOM

19.7.20

Orange confirms ransomware attack exposing business customers' data

Orange has confirmed to BleepingComputer that they suffered a ransomware attack exposing the data of twenty of their enterprise customers.

RANSOM RANSOM

19.7.20

FlowEncryption file encryption

Recently, 360 Security Center has detected that a file encryption virus in the form of a hoax has appeared on the network. In view of the encrypted file suffix of the virus is named “.flowEncryption”, we named it “flowEncryption file encryption virus”.

RANSOM RANSOM

19.7.20

New FastWind Ransomware hunt

Michael Gillespie is looking for a new ransomware that appends the .FastWind extension and drops a ransom note named ransomware.txt.

RANSOM RANSOM

19.7.20

New ZBW Makop Ransomware variant

Michael Gillespie found a new Makop Ransomware variant that appends the .zbw extension and drops a ransom note named readme-warning.txt.

RANSOM RANSOM

19.7.20

The chance of data being stolen in a ransomware attack is greater than one in ten

The data theft and name-and-shame tactics initiated by Maze in November 2019 and subsequently adopted by multiple other groups have blurred the line between ransomware attack and data breach.

RANSOM RANSOM

19.7.20

New DATA and SMPL Dharma Ransomware variants

Jakub Kroustek found two new variants of the Dharma Ransomware that append either the .data or .smpl extension to encrypted files.

RANSOM RANSOM

19.7.20

New REPL STOP Ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .repl extension to encrypted files.

RANSOM RANSOM

19.7.20

New AgeLocker Ransomware uses Googler's utility to encrypt files

A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files.

RANSOM RANSOM

19.7.20

New FonixCrypter variant

dnwls0719 found a new FonixCrypter variant that appends the .XINOF extension.

RANSOM RANSOM

19.7.20

New Matrix Ransomware variant

xiaopao found a new Matrix Ransomware variant that appends the .AL8P extension and drops a ransom note named Readme_AL8P.rtf.

RANSOM RANSOM

10.7.20

Thanos Ransomware attack asking for $20k

JAMESWT found a new variant of the Thanos Ransomware that is asking for 20k ransom.

RANSOM RANSOM

10.7.20

New SMPL Dharma Ransomware variant

Michael Gillespie found a new Dharma variant that appends .smpl extension to encrypted files.

RANSOM RANSOM

10.7.20

New Dharma Ransomware variants

Jakub Kroustek found new variants of the Dharma Ransomware that append the .null, .felix, or the .gns extensions.

RANSOM RANSOM

10.7.20

Conti ransomware shows signs of being Ryuk's successor

The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Conti's distribution is increasing.

RANSOM RANSOM

10.7.20

New TEAMV Dharma Ransomware variant

Michael Gillespie found a new Dharma variant that appends .teamV extension to encrypted files.

RANSOM RANSOM

10.7.20

New Panther Ransomware targets users in China

Michael Gillespie found the new Panther Ransomware that targets users in China. This ransomware appends the .panther extension and drops a ransom note named LOCKED_README.txt.

RANSOM RANSOM

10.7.20

New CoronaCrypt variant

xiaopao found a CoronaCrypt Ransomware variant that appends the .Encrypted extension.

RANSOM RANSOM

10.7.20

New FonixCrypter Ransomware variant

Michael Gillespie found a new FonixCrypter variant that appends the .repter extension.

RANSOM RANSOM

10.7.20

Mac ThiefQuest malware may not be ransomware after all

The ThiefQuest malware, which was discovered last week, may not actually be ransomware according to new findings. The behaviors that have been documented thus far are still all accurate, but we no longer believe that the ransom is the actual goal of this malware.

RANSOM RANSOM

10.7.20

New SpartCrypt decryptor

Emsisoft released a decryptor for the SpartCrypt ransomware.

RANSOM RANSOM

10.7.20

ThiefQuest info-stealing Mac wiper gets free decryptor

Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows the recovery of encrypted files, which would remain lost in lack of a backup.

RANSOM RANSOM

10.7.20

New MAAS STOP Ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .maas extension.

RANSOM RANSOM

10.7.20

New Dharma Ransomware variants

Jakub Kroustek found new variants of the Dharma Ransomware that append the .bmtf or the .prnds extension.

RANSOM RANSOM

10.7.20

EDP energy giant confirms Ragnar Locker ransomware attack

EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation's systems, the Portuguese multinational energy giant Energias de Portugal (EDP).

RANSOM RANSOM

10.7.20

Ransomware attack on insurance MSP Xchanging affects clients

Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary.

RANSOM RANSOM

10.7.20

IT Ransomware discovered

dnwls0719 found the IT Ransomware that appends the .IT extension to encrypted files.

RANSOM RANSOM

10.7.20

Companies start reporting ransomware attacks as data breaches

Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data.

RANSOM RANSOM

3.7.20

Try2Cry: Ransomware tries to worm

A big portion of my work as malware analyst at G Data is writing detection signatures for our product. One of those signatures checks for a USB worm component that I have seen in certain variants of .NET based RATs like njRAT and BlackNet RAT. When this worm signature hit on an unidentified sample[1], I got curios. It was a .NET ransomware that seemed oddly familiar to me. I couldn’t put a finger on it yet.

RANSOM RANSOM

3.7.20

New Pojie Ransomware

S!Ri found the new Pojie ransomware that appends the .52pojie extension to encrypted files.

RANSOM RANSOM

3.7.20

New Dharma Ransomware variants

Jakub Kroustek has found two new Dharma Ransomware variants that append either the .NHLP or the .gyga extensions to encrypted files.

RANSOM RANSOM

3.7.20

Surge of MongoDB ransom attacks use GDPR as extortion leverage

A flood of attacks is targeting unsecured MongoDB servers and wiping their databases. Left behind are notes demanding a ransom payment, or the data will be leaked, and the owners reported for GDPR violations.

RANSOM RANSOM

3.7.20

Dozens of US news sites hacked in WastedLocker ransomware attacks

The Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework.

RANSOM RANSOM

3.7.20

Rabbit Ransomware hops onto the scene

dnwls0719 found the Rabbit Ransomware that appends the .RABBIT extension to encrypted files.

RANSOM RANSOM

3.7.20

VinDizelPux MedusaLocker variant

Ravi found a variant of the MedusaLocker Ransomware that appends the .VinDizelPux extension.

RANSOM RANSOM

3.7.20

ThiefQuest ransomware is a file-stealing Mac wiper in disguise

A new data wiper and info-stealer called ThiefQuest is using ransomware as a decoy to steal files from macOS users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers.

RANSOM RANSOM

3.7.20

Business giant Xerox allegedly suffers Maze Ransomware attack

Maze ransomware operators have updated their list of victims adding Xerox Corporation to the roster. It appears that the encryption routine had completed on June 25.

RANSOM RANSOM

3.7.20

New Lolkek Ransomware discovered

xiaopao found the Lolkek ransomware that appends the .lolkek extension to encrypted files. According to Amigo_A_, it may still be in development.

RANSOM RANSOM

3.7.20

New Zida STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .zida extension.

RANSOM RANSOM

3.7.20

A hacker gang is wiping Lenovo NAS devices and asking for ransoms

A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.

RANSOM RANSOM

3.7.20

How hackers extorted $1.14m from University of California, San Francisco

A leading medical-research institution working on a cure for Covid-19 has admitted it paid hackers a $1.14m (£910,000) ransom after a covert negotiation witnessed by BBC News.

RANSOM RANSOM

3.7.20

UC San Francisco pays $1.14 million for ransomware decryptor

The University of California San Francisco (UCSF) says that it paid $1.14 million to the Netwalker ransomware operators who successfully breached the UCSF School of Medicine’s IT network, stealing data and encrypting systems.

RANSOM RANSOM

3.7.20

New Dharma Ransomware variants

Jakub Kroustek has found two new Dharma Ransomware variants that append either the .lxhlp or the .HOW extensions to encrypted files.

RANSOM RANSOM