Ransomware News 2020 May-  Úvod  2020  2019  2018  0  1  2  3 


2020 -  January February March April May June July August September October November December


H  Ransomware  Jak útočí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

DATE

NAME

INFO

CATEGORY

SUBCATE

23.5.20

Ransomware encrypts from virtual machines to evade antivirus

Ragnar Locker is deploying Windows XP virtual machines to encrypt victim's files while evading detecting from security software installed on the host.

RANSOM RANSOM

23.5.20

New Covm STOP Ransomware variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .covm ransomware.

RANSOM RANSOM

23.5.20

Decryptor for JavaLocker released

Emsisoft has released a decryptor for the JavaLocker Ransomware that appends the .javalocker extension.

RANSOM RANSOM

23.5.20

Hackers tried to use Sophos Firewall zero-day to deploy Ransomware

Hackers tried to exploit a zero-day in the Sophos XG firewall to distribute ransomware to Windows machines but were blocked by a hotfix issued by Sophos.

RANSOM RANSOM

23.5.20

New Bang Dharma ransomware variant

Jakub Kroustek found anew variant of the Dharma Ransomware that appends the .bang extension to encrypted files.

RANSOM RANSOM

23.5.20

Warning: Infected Cookie Consent logo delivers Ransomware

An immediate warning: It seems that cyber criminals has obtained an old (orphaned) Amazon AWS S3 bucked used some times ago to host a Cookie Consent solution. Now the Cookie Consent logo delivered from the Amazon CDN contains a malware/ransomware script. It seems, that thousands of website, using old code, are shipping now this malicious content. Probably it’s a ransomware attack. Here is what I’ve found out so far.

RANSOM RANSOM

23.5.20

Snake ransomware leaks patient data from Fresenius Medical Care

Medical data and personally identifiable information belonging to patients at a Fresenius Medical Care unit are currently available online on a paste website.

RANSOM RANSOM

23.5.20

Vigilante hackers target 'scammers' with ransomware, DDoS attacks

A hacker has been taking justice into their own hands by targeting "scam" companies with ransomware and denial of service attacks.

RANSOM RANSOM

23.5.20

NetWalker adjusts ransomware operation to only target enterprise

NetWalker ransomware group is moving away from phishing for malware distribution and has adopted a network-intrusion model focusing on huge businesses only.

RANSOM RANSOM

23.5.20

Jigsaw Ransomware decryptor updated

Emsisoft has updated their Jigsaw Ransomware decryptor to support the DragonCyber (.dc) variant.

RANSOM RANSOM

23.5.20

REvil Ransomware found buyer for Trump data, now targeting Madonna

The REvil ransomware group claims to have buyers ready for documents containing damaging information about US‌ President Donald Trump and is preparing to auction data on international celebrity Madonna.

RANSOM RANSOM

23.5.20

Ransomware attack impacts Texas Department of Transportation

A new ransomware attack is affecting the Texas government. This time, hackers got into the network of the state’s Department of Transportation (TxDOT).

RANSOM RANSOM

23.5.20

FBI warns of ProLock ransomware decryptor not working properly

Multiple actors in the ransomware business saw the new coronavirus pandemic as the perfect opportunity to focus on an already overburdened healthcare sector. ProLock is yet another threat to the list.

RANSOM RANSOM

23.5.20

New Koti STOP Ransomware variant

@Amigo_A found a new variant of the STOP Ransomware that appends the .koti extension to encrypted files.

RANSOM RANSOM

23.5.20

New Scarab Ransomware variants discovered

M. Shahpasandi found new Scarab Ransomware variants that append the .rbs or .cov19 extensions to encrypted files.

RANSOM RANSOM

23.5.20

New DragonCyberRansomware Jigsaw variant

GrujaRS found a new variant of the Jigsaw Ransomware that calls itself DragonCyber and appends the .dc extension to encrypted files.

RANSOM RANSOM

17.5.20

Ransomware recruits affiliates with huge payouts, automated leaks

The Netwalker ransomware operation is recruiting potential affiliates with the possibility of million-dollar payouts and an auto-publishing data leak blog to help drive successful ransom payments.

RANSOM RANSOM

17.5.20

Law firm hackers double ransom demand, threaten Donald Trump

The ransom demand for the secret files of a cyber-attacked lawyer to A-list stars has doubled to $42 million — as the hackers now threaten to reveal “dirty laundry” on President Donald Trump in just a week if they are not paid in full.

RANSOM RANSOM

17.5.20

New Turkish Ransomware

dnwls0719 found a new ransomware targets people in Turkey that appends the .zeronine extension.

RANSOM RANSOM

17.5.20

ProLock Ransomware teams up with QakBot trojan for network access

ProLock is a relatively new malware on the ransomware scene but has quickly attracted attention by targeting businesses and local governments and demanding huge ransoms for file decryption.

RANSOM RANSOM

17.5.20

New Blackmoon Ransomware

S!Ri found a new ransomware called Blackmoon that appends the .cxk extension to encrypted files.

RANSOM RANSOM

17.5.20

Ransomware now demands extra payment to delete stolen files

A ransomware family has begun a new tactic of not only demanding a ransom for a decryptor but also demanding a second ransom not to publish files stolen in an attack.

RANSOM RANSOM

17.5.20

New Mzlq STOP Ransomware variant

dnwls0719 found a new STOP Ransomware variant that appends the .mzlq extension to encrypted files.

RANSOM RANSOM

17.5.20

New ransomware uses COVID-19 lure

MalwareHunterTeam found a new ransomware that is being spread with a COVID-19 lure. When encrypting files it appends the .dodged extension.

RANSOM RANSOM

17.5.20

Healthcare giant Magellan Health hit by ransomware attack

Fortune 500 company Magellan Health Inc announced today that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.

RANSOM RANSOM

17.5.20

Texas Courts hit by ransomware, network disabled to limit spread

The Texas court system was hit by ransomware on Friday night, May 8th, which led to the branch network including websites and servers being disabled to block the malware from spreading to other systems.

RANSOM RANSOM

17.5.20

Maze ransomware fails to encrypt Pitney Bowes, steals files

Global business services company Pitney Bowes recently stopped an attack from Maze ransomware operators before the encryption routine could be deployed but the actor still managed to steal some data.

RANSOM RANSOM

17.5.20

Sodinokibi ransomware can now encrypt open and locked files

The Sodinokibi (REvil) ransomware has added a new feature that allows it to encrypt more of a victim's files, even those that are opened and locked by another process.

RANSOM RANSOM

17.5.20

New Kupidon ransomware

MalwareHunterTeam found a new ransomware called Kupidon that appends the .kupidon extension to encrypted files and drops a ransom note named !KUPIDON_DECRYPT.txt.

RANSOM RANSOM

17.5.20

GuLoader distributing HakBit Ransomware

Benkøw discovered that the GuLoader Trojan is distributing the HakBit ransomware.

RANSOM RANSOM

17.5.20

CryLock (ex-Cryakl) 1.9.0.0 decryptor released

Alex Svirid released a decryptor for the CryLock (ex-Cryakl) 1.9.0.0 ransomware.

RANSOM RANSOM

9.5.20

New NET Dharma Ransomware variant

dnwls0719 found a new Dharma Ransomware variant that appends the .net extension to encrypted files.

RANSOM RANSOM

9.5.20

REvil ransomware threatens to leak A-list celebrities' legal docs

The Sodinokibi ransomware group threatens to release hundreds of gigabytes of legal documents from a prominent entertainment and law firm that counts dozens of international stars as their clients.

RANSOM RANSOM

9.5.20

Sodinokibi / REvil ransomware TTPs

We secured forensics evidence data in the form of disk images of VPS servers used by cybercriminals behind Sodinokibi / REvil ransomware (we also found Maze ransomware there):

RANSOM RANSOM

9.5.20

New PHP Dharma variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .PHP extension to encrypted files.

RANSOM RANSOM

9.5.20

New SQPC Stop Ransomware variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .sqpc extension to encrypted files.

RANSOM RANSOM

9.5.20

Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents

Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications for OT networks, and other aspects of post-compromise ransomware deployment. Since November 2019, we’ve seen the MAZE ransomware being used in attacks that combine targeted ransomware use, public exposure of victim data, and an affiliate model.

RANSOM RANSOM

9.5.20

New Nemty spam campaign targeting South Korea

Anti-malware vigilante found a new spam campaign targeting people in South Korea and bundling the Vidar password-stealing along with it.

RANSOM RANSOM

9.5.20

Targeted Ransomware Attack Hits Taiwanese Organizations

A new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially destructive as the ransomware appears to target databases and email servers for encryption.

RANSOM RANSOM

9.5.20

Large scale Snake Ransomware campaign targets healthcare, more

The operators of the Snake Ransomware have launched a worldwide campaign of cyberattacks that have infected numerous businesses and at least one health care organization over the last few days.

RANSOM RANSOM

9.5.20

New 0day0 Dharma variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .0day0 extension to encrypted files.

RANSOM RANSOM

9.5.20

Toll Group hit by ransomware a second time, deliveries affected

The Toll Group has suffered its second ransomware cyberattack in three months, with the latest one conducted by the operators of the Nefilim Ransomware.

RANSOM RANSOM

9.5.20

Changes in REvil ransomware version 2.2

The REvil ransomware-as-a-service (RaaS) operation continues to impact businesses worldwide. The threat actors responsible for developing and maintaining the malware have released an updated ransomware, namely version 2.2. In this short blog post, we will cover the significant changes from the previous version, which we covered in detail in an earlier blog post.

RANSOM RANSOM

9.5.20

New VCrypt Ransomware locks files in password-protected 7ZIPs

A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.

RANSOM RANSOM

9.5.20

LockBit ransomware self-spreads to quickly encrypt 225 systems

A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours.

RANSOM RANSOM

9.5.20

Shade / Troldesh Ransomware decryption tool

BitDefender has released a decryptor for the Shade/Troldesh Ransomware after the ransomware operators released all of the decryption keys.

RANSOM RANSOM

9.5.20

Sodinokibi, Ryuk ransomware drive up average ransom to $111,000

The first quarter of the year recorded an increase in the average amount ransomware operators demand from their victims. Compared to the previous quarter, a 33% swell was noted, driven by the Sodinokibi and Ryuk ransomware operators.

RANSOM RANSOM

2.5.20

New Mpal STOP Ransomware variant

Michael Gillespie found a new variant of the STOP ransomware that appends the .mpal extension to encrypted files.

RANSOM RANSOM

2.5.20

Emsisoft releases updated Jigsaw Ransomware decryptor

Emsisoft released an updated decryptor to support the .zemblax extension described in the previous article.

RANSOM RANSOM

2.5.20

New phishing campaign packs an info-stealer, ransomware punch

A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.

RANSOM RANSOM

2.5.20

Tales From the Trenches; a Lockbit Ransomware Story

We believe there is real opportunity to learn from incident response cases and previous attacks, hence why this blog is dubbed ‘tales from the trenches’. In collaboration with Northwave, this article describes a real-life case of a targeted ransomware attack. During one of their recent incident responses, Northwave encountered a relatively new family of ransomware called LockBit performing a targeted attack.

RANSOM RANSOM

2.5.20

Shade Ransomware Decryptor can now decrypt over 750K victims

Kaspersky has released an updated decryptor for the Shade Ransomware (Troldesh) that allows all victims who have their files encrypted to recover them for free.

RANSOM RANSOM

2.5.20

Clop ransomware leaks ExecuPharm's files after failed ransom

Clop ransomware leaked files stolen from U.S pharmaceutical company ExecuPharm after ransom negotiations allegedly failed.

RANSOM RANSOM

2.5.20

Coveware Q1 ransomware report

The Coveware ransomware marketplace report aggregates observed trends from enterprise ransomware incidents in Q1 of 2020. During the first quarter of 2020 ransomware threat actors took advantage of the economic and workplace disruption caused by the COVID-19 outbreak. Spam attacks related to the outbreak surged and seldom used ‘work-from-home’ network configurations led to increased ransomware attacks across the board. Some threat actor groups continued attacking healthcare organizations, while others refused to target them. Our report shows victim demographics and resolution metrics based on actual ransomware cases handled by the Coveware Incident Response team.

RANSOM RANSOM

2.5.20

Shade Ransomware shuts down, releases 750K decryption keys

The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims.

RANSOM RANSOM

2.5.20

New Qewe STOP Ransomware variant

dnwls0719 found a new variant of the STOP ransomware that appends the the .qewe extension to encrypted files.

RANSOM RANSOM

2.5.20

New COVID-19 themed Android Ransomware

MalwareHunterTeam found a COVID-19 themed Android ransomware infection that appends the .encrypted extension to encrypted files.

RANSOM RANSOM