Ransomware News 2020 November -  Úvod  2020  2019  2018  0  1  2  3 


2020 -  January February March April May June July August September October November December


H  Ransomware  Jak útočí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

DATE

NAME

INFO

CATEGORY

SUBCATE

28.11.20

MasterChef, Big Brother producer hit by DoppelPaymer ransomware

French multinational production and distribution firm Banijay Group SAS was hit earlier this month by a DoppelPaymer ransomware attack and had sensitive information stolen by the ransomware operators during the incident.

RANSOM RANSOM

28.11.20

Canon publicly confirms August ransomware attack, data theft

Canon has finally confirmed publicly that the cyberattack suffered in early August was caused by ransomware and that the hackers stole data from company servers.

RANSOM RANSOM

28.11.20

Truck routing provider Rand McNally hit by cyberattack

Chicago-based transportation technology firm Rand McNally is working on restoring network functionality following a cyberattack that hit its systems earlier this week.

RANSOM RANSOM

28.11.20

Ransomware hits largest US fertility network, patient data stolen

US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware attack that affected the company two months ago, in September 2020.

RANSOM RANSOM

28.11.20

New Vash Sorena variant

GrujaRS found a new Vash Sorena variant that appends the .encrypt extension.

RANSOM RANSOM

28.11.20

Belden networking giant's company data stolen in cyberattack

Network device manufacturer Belden was hit with a cyberattack that allowed threat actors to steal files containing information about employees and business partners.

RANSOM RANSOM

28.11.20

Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone

Egregor ransomware is an offshoot of the Sekhmet malware family that has been active since mid-September 2020. The ransomware operates by compromising organizations, stealing sensitive user data, encrypting said data, and demanding a ransom to exchange encrypted documents. Egregor is ransomware associated with the cyberattacks against GEFCO and Barnes & Noble, Ubisoft, and numerous others.

RANSOM RANSOM

28.11.20

Baltimore County Public Schools hit by ransomware attack

Baltimore County Public Schools has been hit today by a ransomware attack that led to a systemic shutdown of its network due to the number of systems impacted in the attack.

RANSOM RANSOM

28.11.20

Danish news agency Ritzau refuses to pay after ransomware attack

Ritzau, the largest independent news agency in Denmark founded in 1866 by Erik Ritzau, said in a statement that it will not pay the ransom demanded by a ransomware gang that hit its network on Tuesday morning.

RANSOM RANSOM

28.11.20

Sopra Steria expects €50 million loss after Ryuk ransomware attack

French IT services giant Sopra Steria said today in an official statement that the October Ryuk ransomware attack will lead to a loss of between €40 million and €50 million.

RANSOM RANSOM

28.11.20

New LolKek ransomware variant

Emmanuel_ADC-Soft found a new LolKek ransomware variant that appends the .xls extension to encrypted files.

RANSOM RANSOM

28.11.20

PYSA/Mespinoza Ransomware

Over the course of 8 hours the PYSA/Mespinoza threat actors used Empire and Koadic as well as RDP to move laterally throughout the environment, grabbing credentials from as many systems as possible on the way to their objective. The threat actors took their time, looking for files and reviewing the backup server before executing ransomware on all systems. Hours after being ransomed, our files were opened from multiple Tor exit nodes, which confirms our suspicion that files had been exfiltrated.

RANSOM RANSOM

28.11.20

New STOP Ransomware variant

Michael Gillespie found a new STOP Djvu Ransomware variant the appends the .lisp extension to encrypted files.

RANSOM RANSOM

28.11.20

Ransomware forces E-Land South Korean retail giant to close stores

South Korean conglomerate and retail giant E-Land has suffered a ransomware attack causing 23 of its retail stores to suspend operations while they deal with the attack.

RANSOM RANSOM

28.11.20

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative

Ranzy ransomware emerged in September/October this year, and appears to be an evolution of ThunderX and, to a lesser extent, Ako ransomware. Ranzy shares many features and under-the-hood elements with its predecessors. However there have been a few key updates, including tweaks to encryption, methods of exfiltration, and the (now commonplace) use of a public “leak blog” to post victim data for those who do not comply with the ransom demand.

RANSOM RANSOM

22.11.20

New Dharma Ransomware variants

Jakub Kroustek found a bunch of Dharma Ransomware variants that append the .cvc extension.

RANSOM RANSOM

22.11.20

Hospital hit with custom ransomware

Michael Gillespie found that a hospital was hit with a custom ransomware.

RANSOM RANSOM

22.11.20

Ransomware with hidden message

MalwareHunterTeam found a ransomware with an interesting hidden message.

RANSOM RANSOM

22.11.20

Sportfondsen Nederland swimming pool operator hit with ransomware

During the lock down of the past two weeks, we were hit by an IT failure caused by a computer virus (ransomware). As a result, we are difficult to reach and we have to deal with systems that do not work.

RANSOM RANSOM

22.11.20

The malware that usually installs ransomware and you need to remove right away

This article focuses on the known malware strains that have been used over the past two years to install ransomware.

RANSOM RANSOM

22.11.20

New SWP Dharma ransomware variant

xiaopao found a new Dharma Ransomware variant that appends the .SWP extension.

RANSOM RANSOM

22.11.20

New Ransomware hunt

Michael Gillespie spotted a new unidentified ransomware that appends the .esexz and drops a ransom note named readme.txt.

RANSOM RANSOM

22.11.20

FBI warns of increasing Ragnar Locker ransomware activity

The U.S. Federal Bureau of Investigation (FBI) Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020.

RANSOM RANSOM

22.11.20

LightBot: TrickBot’s new reconnaissance malware for high-value targets

The notorious TrickBot has gang has released a new lightweight reconnaissance tool used to scope out an infected victim's network for high-value targets.

RANSOM RANSOM

22.11.20

QBot partners with Egregor ransomware in bot-fueled attacks

The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September.

RANSOM RANSOM

22.11.20

New REDROMAN Ransomware

MalwareHunterTeam found a new ransomware that appends the .REDROMAN and drops ransom notes names RR_README.html, OPENTHIS.html, and README.html.

RANSOM RANSOM

22.11.20

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .sglh extension.

RANSOM RANSOM

22.11.20

Mount Locker ransomware now targets your TurboTax tax returns

The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption.

RANSOM RANSOM

22.11.20

New Lola Ransomware

MalwareHunterTeam found a new ransomware pretending to be a Blockchain Generator that appends the .lola extension and drops a ransom note named Please_Read.txt.

RANSOM RANSOM

22.11.20

Egregor ransomware bombards victims' printers with ransom notes

The Egregor ransomware uses a novel approach to get a victim's attention after an attack - shoot ransom notes from all available printers.

RANSOM RANSOM

22.11.20

REvil ransomware hits Managed.com hosting provider, 500K ransom

Managed web hosting provider Managed.com has taken their servers and web hosting systems offline as they struggle to recover from a weekend REvil ransomware attack.

RANSOM RANSOM

22.11.20

New Pulpit Ransomware

Siri found a new ransomware that appends .pulpit extension.

RANSOM RANSOM

22.11.20

New ZIN Dharma ransomware variant

xiaopao found a new Dharma Ransomware variant that appends the .ZIN extension.

RANSOM RANSOM

22.11.20

New HiddenTear ransomware variant

xiaopao found a new HiddenTear ransomware variant that appends the .r2block extension.

RANSOM RANSOM

22.11.20

New Matrix ransomware variant

xiaopao found a new Matrix Ransomware variant that appends the .TG33 extension.

RANSOM RANSOM

22.11.20

Nibiru ransomware variant decryptor

The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string "Nibiru" to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant.

RANSOM RANSOM

22.11.20

New Dharma Ransomware variants

Jakub Kroustek found a bunch of Dharma Ransomware variants that append the .dex, .sss, .zimba, and .help extensions.

RANSOM RANSOM

22.11.20

New Joker Ransomware

@0x4143 found the new Joker's Ransomware that appends the .joker extension and drops a ransom note named POWER-JOKER-PASSWORD.txt.

RANSOM RANSOM

22.11.20

New Phobos Ransomware variant

xXToffeeXx spotted a new Phobos ransomware variant that appends the .ELDAOLSA extension.

RANSOM RANSOM

22.11.20

New MXX Ransomware hunt

Michael Gillespie spotted a new unidentified ransomware that appends the .MXX extension and drops a ransom note named How To Recover Your Files!!!!.txt.

RANSOM RANSOM

22.11.20

New Flamingo Ransomware variant

Michael Gillespie spotted a new Flamingo Ransomware variant that appends the .LIZARD extension and drops a ransom note named #READ ME.TXT.

RANSOM RANSOM

22.11.20

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .epor extension.

RANSOM RANSOM

22.11.20

Cold storage giant Americold hit by cyberattack, services impacted

Cold storage giant Americold is currently dealing with a cyberattack impacting their operations, including phone systems, email, inventory management, and order fulfillment.

RANSOM RANSOM

22.11.20

Dozens of ransomware gangs partner with hackers to extort victims

Ransomware-as-a-service (RaaS) crews are actively looking for affiliates to split profits obtained in outsourced ransomware attacks targeting high profile public and private organizations.

RANSOM RANSOM

22.11.20

Capcom confirms data breach after gamers' data stolen in cyberattack

Japanese game giant Capcom has announced a data breach after confirming that attackers stole sensitive customer and employee information during a recent ransomware attack.

RANSOM RANSOM

22.11.20

New VoidCrypt variant

xiaopao found a new variant of the VoidCrypt Ransomware that appends the .honor extension.

RANSOM RANSOM

22.11.20

DarkSide ransomware's Iranian hosting raises U.S. sanction concerns

Ransomware negotiation firm Coveware has placed the DarkSide operation on an internal restricted list after the threat actors announced plans to host infrastructure in Iran.

RANSOM RANSOM

22.11.20

New HiddenTear variant

dnwls0719 found a new HiddenTear variant that appends the .ZqVIkE extension and drops a ransom note named @READ_ME@.txt.

RANSOM RANSOM

22.11.20

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .vvoa extension.

RANSOM RANSOM

22.11.20

Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted

Chilean-based multinational retail company Cencosud has suffered a cyberattack by the Egregor ransomware operation that impacts services at stores.

RANSOM RANSOM

15.11.20

LV Ransomware group appears to be using Revil software

Michael Gillespie found a ransomware group known as "LV" utilizing REvil software. 

RANSOM RANSOM

15.11.20

New STOP ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .vvoa extension to encrypted files.

RANSOM RANSOM

15.11.20

CRAT wants to plunder your endpoints

Cisco Talos has recently discovered a new version of the CRAT malware family. This version consists of multiple RAT capabilities, additional plugins and a variety of detection-evasion techniques. In the past, CRAT has been attributed to the Lazarus Group, the malicious threat actors behind multiple cyber campaigns, including attacks against the entertainment sector.

RANSOM RANSOM

15.11.20

DarkSide ransomware is creating a secure data leak service in Iran

The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum.

RANSOM RANSOM

15.11.20

Steelcase furniture giant down for 2 weeks after ransomware attack

Office furniture giant Steelcase says that no information was stolen during a Ryuk ransomware attack that forced them to shut down global operations for roughly two weeks.

RANSOM RANSOM

15.11.20

Ransomware gang hacks Facebook account to run extortion ads

​A ransomware group has now started to run Facebook advertisements to pressure victims to pay a ransom.

RANSOM RANSOM

15.11.20

New Devos Ransomware

xiaopao found a new ransomware that appends the .devos extension. This is different than Phobos, which also utilized this extension.

RANSOM RANSOM

15.11.20

Recent ransomware wave targeting Israel linked to Iranian threat actors

Two recent ransomware waves that targeted Israeli companies have been traced back to Iranian threat actors.

RANSOM RANSOM

15.11.20

New AgeLocker ransomware variant

JAMESWT found a new AgeLocker ELF ransomware (targets QNAP devices) that adds the .kmd suffix to encrypted files.

RANSOM RANSOM

15.11.20

New HowAreYou Ransomware

S!ri found a new ransomware that appends the .howareyou extension to encrypted files.

RANSOM RANSOM

15.11.20

Laptop maker Compal hit by ransomware, $17 million demanded

Taiwanese laptop maker Compal Electronics suffered a DoppelPaymer ransomware attack over the weekend, with the attackers demanding an almost $17 million ransom.

RANSOM RANSOM

15.11.20

New Dusk 2 ransomware variant

Lukáš Zobal found the new Dusk 2 ransomware variant that appends the .DUSK extension to encrypted files and drops a ransom note named README.txt.

RANSOM RANSOM

15.11.20

New STOP ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .agho extension to encrypted files.

RANSOM RANSOM

15.11.20

Fake Microsoft Teams updates lead to Cobalt Strike deployment

Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network.

RANSOM RANSOM

15.11.20

When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777

While researching these malware families, we found that there were several consistencies between Vatet, PyXie and Defray777 that strongly suggest that all three malware families were created, and are currently maintained by, the same financially motivated threat group.

RANSOM RANSOM

15.11.20

How Ryuk Ransomware operators made $34 million from one victim

One hacker group that is targeting high-revenue companies with Ryuk ransomware received $34 million from one victim in exchange for the decryption key that unlocked their computers.

RANSOM RANSOM

7.11.20

New Fusion Nefilim varian

Michael Gillespie found a new Nefilim ransomware variant that appends the .FUSION extension and drops a ransom note named FUSION-README.txt.

RANSOM RANSOM

7.11.20

New RexCrypt ransomware

Michael Gillespie found a new ransomware called RexCrypt that appends the .RexCrypt extension and drops a ransom note named How-To-Decrypt-My-Files.hta.

RANSOM RANSOM

7.11.20

New ZIMBA Dharma ransomware variant

Michael Gillespie found a new Dharma ransomware variant that appends the .zimba extension to encrypted files.

RANSOM RANSOM

7.11.20

RansomExx ransomware also encrypts Linux systems

With companies commonly using a mixed environment of Windows and Linux servers, ransomware operations have increasingly started to create Linux versions of their malware to ensure they encrypt all critical data.

RANSOM RANSOM

7.11.20

New Pay2Key ransomware encrypts networks within one hour

A new ransomware called Pay2Key has been targeting organizations from Israel and Brazil, encrypting their networks within an hour in targeted attacks still under investigation.

RANSOM RANSOM

7.11.20

New Beiguo MBRLocker found

xiaopao found a new MBRLocker that is "Powered by Beiguo."

RANSOM RANSOM

7.11.20

New Vaca ransomware variant

xiaopao found a new Vaca ransomware variant that appends the .locked3dllkierff extension.

RANSOM RANSOM

7.11.20

New LockDown ransomware

Marcelo Rivero found a new ransomware called LockDown that appends the .sext and drops a ransom note named HELP_DECRYPT_YOUR_FILES.txt.

RANSOM RANSOM

7.11.20

New Tripoli ransomware

Michael Gillespie found a new ransomware called Tripoli that appends the .crypted extension and drops a HOW_FIX_FILES.htm ransom note.

RANSOM RANSOM

7.11.20

Babax stealer rebrands to Osno, installs rootkit

Babax not only changes its name but also adds a Ring 3 rootkit and lateral spreading capabilities. Furthermore it has a ransomware component called OsnoLocker. Is this combination as dangerous as it sounds?

RANSOM RANSOM

7.11.20

Brazil's court system under massive RansomExx ransomware attack

Brazil's Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference.

RANSOM RANSOM

7.11.20

Campari hit by Ragnar Locker Ransomware, $15 million demanded

Italian liquor company Campari Group was hit by a Ragnar Locker ransomware attack, where 2 TB of unencrypted files was allegedly stolen. To recover their files, Ragnar Locker is demanding $15 million.

RANSOM RANSOM

7.11.20

Capcom hit by Ragnar Locker ransomware, 1TB allegedly stolen

Japanese game developer Capcom has suffered a ransomware attack where threat actors claim to have stolen 1TB of sensitive data from their corporate networks in the US, Japan, and Canada.

RANSOM RANSOM

7.11.20

Strange Bulgarian ransomware

xiaopao found a new ransomware that appends the strange extension of .pethya zaplat zasifrovano.pethya zaplat zasifrovano.pethya zaplat zasifrovano.

RANSOM RANSOM

7.11.20

New GlobeImposter variant

M. Shahpasandi found a GlobeImposter 2 variant that appends the .CC4H extension.

RANSOM RANSOM

7.11.20

New DCRTR Ransomware variant

Michael Gillespie found a new variant of the DCRTR ransomware that appends the .termit extension to encrypted files.

RANSOM RANSOM

7.11.20

Lock2Bits rebrands as LuckyDay

Toffee discovered that Lock2Bits is rebranding as LuckyDay. The ransomware uses the .luckyday extension and a ransom note named File Recovery.txt.

RANSOM RANSOM

7.11.20

New STOP Ransomware variant

Michael Gillespie found a new variant of the STOP ransomware that appends the .vpsh extension to encrypted files.

RANSOM RANSOM

7.11.20

REvil ransomware gang 'acquires' KPOT malware

Ransomware gang who claims to have earned $100 million buys the source code of the KPOT information stealer trojan for $6,500.

RANSOM RANSOM

7.11.20

Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues

The Coveware Quarterly Ransomware Report describes ransomware incident response trends during Q3 of 2020. Ransomware groups continue to leverage data exfiltration as a tactic, though trust that stolen data will be deleted is eroding as defaults become more frequent when exfiltrated data is made public despite the victim paying. In Q3, Coveware saw the Maze group sunset their operations as the active affiliates migrated to Egregor (a fork of Maze). We also saw the return of the original Ryuk group, which has been dormant since the end of Q1.

RANSOM RANSOM

7.11.20

Scam PSA: Ransomware gangs don't always delete stolen data when paid

Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom.

RANSOM RANSOM

7.11.20

Blackbaud sued in 23 class action lawsuits after ransomware attack

Leading cloud software provider Blackbaud has been sued in 23 proposed consumer class action cases in the U.S. and Canada related to the ransomware attack that the company suffered in May 2020.

RANSOM RANSOM

7.11.20

New RegretLocker ransomware targets Windows virtual machines

A new ransomware called RegretLocker uses a variety of advanced features that allows it to encrypt virtual hard drives and close open files for encryption.

RANSOM RANSOM

7.11.20

Leading toy maker Mattel hit by ransomware

​Toy industry giant Mattel disclosed that they suffered a ransomware attack in July that impacted some of its business functions but did not lead to data theft.

RANSOM RANSOM

7.11.20

New Jigsaw Ransomware

MalwareHunterTeam found a new Jigsaw Ransomware variant that appends the .evil extension.

RANSOM RANSOM

7.11.20

Maze ransomware shuts down operations, denies creating cartel

​The infamous Maze ransomware gang announced today that they have officially closed down their ransomware operation and will no longer be leaking new companies' data on their site.

RANSOM RANSOM