Ransomware News 2020 June -  Úvod  2020  2019  2018  0  1  2  3 


2020 -  January February March April May June July August September October November December


H  Ransomware  Jak útočí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

DATE

NAME

INFO

CATEGORY

SUBCATE

26.6.20

New Credo Dharma Ransomware variant

dnwls0719 found a new Dharma Ransomware variant that appends .credo extension and drops a ransom note named FILES ENCRYPTED.txt.

RANSOM RANSOM

26.6.20

New Credo Dharma Ransomware variant

dnwls0719 found a new Dharma Ransomware variant that appends .credo extension and drops a ransom note named FILES ENCRYPTED.txt.

RANSOM RANSOM

26.6.20

New ransomware hunt

Michael Gillespie is looking for a new ransomware that appends extensions in the format ._HE and ._HE._LP and drops a ransom note named READ_ME_.txt.

RANSOM RANSOM

26.6.20

New ransomware hunt

Michael Gillespie is looking for a new ransomware that appends extensions in the format ..id=.[]..jwjs and drops a ransom note named ReadMe.txt.

RANSOM RANSOM

26.6.20

FBI warns K12 schools of ransomware attacks via RDP

The US Federal Bureau of Investigation sent out on Tuesday a security alert to K12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.

RANSOM RANSOM

26.6.20

LG Electronics allegedly hit by Maze ransomware attack

Maze ransomware operators have claimed on their website that they breached and locked the network of the South Korean multinational LG Electronics.

RANSOM RANSOM

26.6.20

Sizing Up: How Mandiant Evaluates Ransomware Defense

Organizations across various regions, industries, and sectors have identified ransomware as a significant risk and wonder if they are positioned to successfully detect and prevent a ransomware attack. At FireEye Mandiant, we use a methodology that determines our client’s susceptibility to ransomware and evaluates their ability to detect and respond to a ransomware attack.

RANSOM RANSOM

26.6.20

Maze Ransomware still loves Vitali Kremez

Maze Ransomware had a shout out to Advanced Intel's Vitali Kremez by naming their a malware executable found by Arkbird as kremez._dl_.

RANSOM RANSOM

26.6.20

New Team Dharma Ransomware variant

Michael Gillespie found a new Dharma Ransomware variant that appends the .team extension to encrypted files.

RANSOM RANSOM

26.6.20

New ransomware posing as COVID-19 tracing app targets Canada; ESET offers decryptor

ESET researchers dissect an Android app that masquerades as an official COVID-19 contact-tracing app and encrypts files on the victim's device

RANSOM RANSOM

26.6.20

New CryDroid Ransomware

Re-ind found a fake COVID-19 tracer app for Canada that was later identified by NtRaiseException() as the CryDroid ransomware. More info about CryDroid in the next article from ESET.

RANSOM RANSOM

26.6.20

New STOP Ransomware variants

Michael Gillespie found two new variants of the STOP Ransomware that append either the .moba or .pykw extensions to encrypted files.

RANSOM RANSOM

26.6.20

Ryuk ransomware deployed two weeks after Trickbot infection

Activity logs on a server used by the TrickBot trojan in post-compromise stages of an attack show that the actor takes an average of two weeks pivoting to valuable hosts on the network before deploying Ryuk ransomware.

RANSOM RANSOM

26.6.20

REvil ransomware scans victim's network for Point of Sale system

REvil ransomware operators have been observed while scanning one of their victim's network for Point of Sale (PoS) servers by researchers with Symantec's Threat Intelligence team.

RANSOM RANSOM

26.6.20

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the Evil Corp group in 2020. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017.

RANSOM RANSOM

26.6.20

New WastedLocker Ransomware distributed via fake program updates

The Russian cybercrime group known as Evil Corp has added a new ransomware to its arsenal called WastedLocker. This ransomware is used in targeted attacks against the enterprise.

RANSOM RANSOM

26.6.20

European victims refuse to bow to Thanos ransomware

A Thanos ransomware campaign targeting mid-level employees of multiple organizations from Austria, Switzerland, and Germany was met by the victims' refusal to pay the ransoms demanded to have their data decrypted.

RANSOM RANSOM

26.6.20

New Gomer Ransomware

dnwls0719 found the Gomer Ransomware that appends the .gomer and drops a ransom note named GOMER-README.txt.

RANSOM RANSOM

26.6.20

Ransomware operators lurk on your network after their attack

When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won't get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control.

RANSOM RANSOM

26.6.20

Avaddon Ransomware gives broken decryptors

Watch out if you get affected by Avaddon Ransomware as the decryptors they provide are not working and they don't offer a way to contact them.

RANSOM RANSOM

12.6.20

Lion warns of beer shortages following ransomware attack

Australian beverage giant Lion on Friday added further detail to the cyber incident it disclosed earlier this week, confirming it fell victim to a ransomware attack.

RANSOM RANSOM

12.6.20

New Makop Ransomware variant

dnwls0719 found a new Makop Ransomware variant that appends the .origami extension to encrypted files.

RANSOM RANSOM

12.6.20

New Dharma Ransomware variant

Jakub Kroustek found new Dharma ransomware variants that append the .php or .hack extensions to encrypted files.

RANSOM RANSOM

12.6.20

New SFile ransomware variant

Ravi found a new SFile ransomware variant that appends the .ESCAL-p9yqoly extension to encrypted files.

RANSOM RANSOM

12.6.20

New DCRTR Ransomware variant

Michael Gillespie found a new variant of the DCRTR Ransomware that appends the .coka extension.

RANSOM RANSOM

12.6.20

New NYPD STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .nypd extension to encrypted files.

RANSOM RANSOM

12.6.20

Power company Enel Group suffers Snake Ransomware attack

European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network.

RANSOM RANSOM

12.6.20

City of Knoxville shuts down network after ransomware attack

The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices.

RANSOM RANSOM

12.6.20

New Such_Crypt variant

GrujaRS found a new Such_Crypt Ransomware variant that appends the .mwahahah extension.

RANSOM RANSOM

12.6.20

Thanos ransomware auto-spreads to Windows devices, evades security

The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on.

RANSOM RANSOM

12.6.20

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.

RANSOM RANSOM

12.6.20

Zorab Ransomware decryptor released

Emsisoft released a decryptor for the Zorab Ransomware that appends the .ZRB extension.

RANSOM RANSOM

12.6.20

New Matrix Ransomware variant discovered

Michael Gillespie found a new Matrix Ransomware variant that appends the .AG88G extension and drops a ransom note named Readme_AG88G.rtf.

RANSOM RANSOM

12.6.20

New ZWER STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .zwer extension to encrypted files.

RANSOM RANSOM

12.6.20

Maze Ransomware adds Ragnar Locker to its extortion cartel

A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.

RANSOM RANSOM

12.6.20

New Avaddon Ransomware launches in massive smiley spam campaign

With a wink and a smile, the new Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide.

RANSOM RANSOM

12.6.20

Honda investigates possible ransomware attack, networks impacted

Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.

RANSOM RANSOM

12.6.20

Fake ransomware decryptor double-encrypts desperate victims' files

A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse.

RANSOM RANSOM

5.6.20

Fake STOP decryptor installs ransomware

Michael Gillespie found a fake STOP ransomware decryptor that is actually ransomware.

RANSOM RANSOM

5.6.20

US aerospace services provider breached by Maze Ransomware

The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace, as well as stole and leaked unencrypted files from the company's compromised devices in April 2020.

RANSOM RANSOM

5.6.20

Ongoing eCh0raix ransomware campaign targets QNAP NAS devices

After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices.

RANSOM RANSOM

5.6.20

Kupidon is the latest ransomware targeting your data

The latest ransomware that everyone needs to watch out for is called Kupidon, and it targets not only corporate networks but also home user's personal data.

RANSOM RANSOM

5.6.20

New RedRum Ransomware released

Emsisoft has released a decryptor for the RedRum/Tycoon ransomware.

RANSOM RANSOM

5.6.20

New NLAH STOP ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .kkll extension to encrypted files.

RANSOM RANSOM

5.6.20

New FRM, WCH, and CLUB Dharma Ransomware variants

Jakub Kroustek found new variants of the Dharma ransomware that append the .FRM, .WCH, or .CLUB extensions to encrypted files.

RANSOM RANSOM

5.6.20

Spike in ransomware predicted as remote workers return to office

COVID-19 set the scene for an explosion of ransomware incidents. As companies pivoted to remote working with little time to prepare, certain compromises had to be made in the interest of business continuity; for many businesses, this meant loosening security protocols to help employees remain productive.

RANSOM RANSOM

5.6.20

New Tycoon ransomware targets both Windows and Linux systems

A new human-operated ransomware strain is being deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019.

RANSOM RANSOM

5.6.20

Business services giant Conduent hit by Maze Ransomware

The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.

RANSOM RANSOM

5.6.20

New unknown ransomware

GrujaRS found a new ransomware that drops a ransom note named [extension]-HOW-TO-FIX.TXT and asks you contact them on licky.org.

RANSOM RANSOM

5.6.20

New Scarab Ransomware variant

Michael Gillespie found a new Scarab Ransomware variant that appends the .coronavirus extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

5.6.20

Ransomware gang says it breached one of NASA's IT contractors

The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA's IT contractors.

RANSOM RANSOM

5.6.20

Netwalker ransomware continues assault on US colleges, hits UCSF

The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stolen unencrypted data, and encrypted their computers.

RANSOM RANSOM

5.6.20

Ransomware gangs team up to form extortion cartel

Ransomware gangs are teaming up to extort victims through a shared data leak platform, and the exchange of tactics and intelligence.

RANSOM RANSOM

5.6.20

New Avaddon Ransomware

Shadow Intelligence found a new ransomware being marketed on hacker forums called Avaddon.

RANSOM RANSOM

5.6.20

New Android Ransomware

MalwareHunterTeam found a new Android ransomware that appends the .xdrop extension to encrypted files.

RANSOM RANSOM

5.6.20

REvil ransomware creates eBay-like auction site for stolen data

​The operators of the REvil ransomware have launched a new auction site used to sell victim's stolen data to the highest bidder.

RANSOM RANSOM

5.6.20

New Fonix Ransomware

Michael Gillespie is looking for a new ransomware called Fonix that appends the .FONIX extension and drops a ransom note named # How To Decrypt Files #.hta.

RANSOM RANSOM

5.6.20

New NLAH STOP ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .nlah extension to encrypted files.

RANSOM RANSOM

5.6.20

New Hex911 Xorist variant

Michael Gillespie found new Xorist Ransomware variants that append the .hex911 or .bot extensions to encrypted files.

RANSOM RANSOM

5.6.20

Jigsaw Ransomware decryptor updated

Emsisoft has updated their Jigsaw Ransomware decryptor to support the .ElvisPresley variant.

RANSOM RANSOM

5.6.20

Ransomware locks down the Nipissing First Nation

The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications.

RANSOM RANSOM

5.6.20

New BOMBO and ONE Dharma Ransomware variants

Jakub Kroustek found new variants of the Dharma ransomware that append the .BOMBO or .ONE extension to encrypted files.

RANSOM RANSOM

5.6.20

New Sapphire Ransomware

dnwls0719 found a new French ransomware called Sapphire that appends the .VIVELAG extension to encrypted files.

RANSOM RANSOM