Ransomware News 2020 September -  Úvod  2020  2019  2018  0  1  2  3 


2020 -  January February March April May June July August September October November December


H  Ransomware  Jak útočí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

DATE

NAME

INFO

CATEGORY

SUBCATE

26.9.20

New Matrix ransomware variant

Michael Gillespie found a new Matrix variant that appends the .DEUS extension and drops a ransom note named DEUS_INFO.rtf.

RANSOM RANSOM

26.9.20

New Stop ransomware variant

Michael Gillespie found a new Stop variant that appends the .copa extension to encrypted files.

RANSOM RANSOM

26.9.20

The Fresh Smell of ransomed coffee

We turned a coffee maker into a dangerous machine asking for ransom by modifying the maker’s firmware. While we could, could someone else do it too? As you might expect, the answer is: Yes. Follow us on a journey where we show you that firmware is the new software.

RANSOM RANSOM

26.9.20

New Exorcist 2.0 ransomware

JAMESWT found a sample of the new Exorcist 2.0 ransomware.

RANSOM RANSOM

26.9.20

New Dusk Ransomware

S!ri found the new Dusk v1.0 Ransomware that drops a ransom note named !#!READ-ME!#!.txt ransom note.

RANSOM RANSOM

26.9.20

Polish police shut down hacker super-group involved in bomb threats, ransomware, SIM swapping

Polish authorities have shut down today a hacker super-group that has had its fingers in a multitude of cybercrime operations, such as ransomware attacks, malware distribution, SIM swapping, banking fraud, running fake online stores, and even making bomb threats at the behest of paying customers.

RANSOM RANSOM

26.9.20

Mount Locker ransomware joins the multi-million dollar ransom game

​A new ransomware operation named Mount Locker is underway stealing victims' files before encrypting and then demanding multi-million dollar ransoms.

RANSOM RANSOM

26.9.20

Ransomware impersonates REvil

Joakim Kennedy found a new ransomware written in Golang that is pretending to be REvil. Strange one, as there would be no way for a victim to recover a files as there is no contact info that would work for them. May be a wiper?

RANSOM RANSOM

26.9.20

Cyber attack narrowly avoided

METHUEN — An attempt over the summer by Eastern European hackers to gain entry into the city's computer system — with its information about taxpayers, employees and much more — was nearly successful, according to city officials, but quick action helped keep the information secure.

RANSOM RANSOM

26.9.20

New ransomware actor OldGremlin uses custom malware to hit top orgs

A new ransomware group has been targeting large corporate networks using self-made backdoors and file-encrypting malware for the initial and final stages of the attack.

RANSOM RANSOM

26.9.20

AgeLocker ransomware targets QNAP NAS devices, steals data

QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the device's data, and in some cases, steal files from the victim.

RANSOM RANSOM

26.9.20

Government software provider Tyler Technologies hit by ransomware

Leading government technology services provider Tyler Technologies has suffered a ransomware attack that has disrupted its operations.

RANSOM RANSOM

26.9.20

Ransomware being sold for $2,000

3xp0rt found a ransomware actor selling a complete ransomware kit for $2,000.

RANSOM RANSOM

26.9.20

New CRPTD ransomware

GrujaRS found a new ransomware that appends the .CRPTD extension to encrypted files.

RANSOM RANSOM

26.9.20

New Matrix variant

Xiaopao found new Matrix ransomware variant that appends the .AW46 extension and drops a ransom note named !AW46_INFO!.rtf.

RANSOM RANSOM

26.9.20

New Matrix ransomware variant

Michael Gillespie found a new Matrix variant that appends the .FG69 extension and drops a ransom note named FG69_README.rtf.

RANSOM RANSOM

26.9.20

Cyber insurer's security scans reduced ransomware claims by 65%

A cyber insurer's security scans during the underwriting phase and post-issuance have led to a 65% reduction in ransomware claims.

RANSOM RANSOM

26.9.20

Ray-Ban owner Luxottica confirms ransomware attack, work disrupted

Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a cyberattack that has led to the shutdown of operations in Italy and China.

RANSOM RANSOM

26.9.20

New Nefilim variant

Xiaopao found new Nefilim variant that appends the .TRAPGET extension and drops a ransom note named TRAPGET-INSTRUCTION.txt.

RANSOM RANSOM

26.9.20

New Matrix Ransomware variant

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .JB88 extension and drops a ransom note JB88_README.rtf.

RANSOM RANSOM

26.9.20

Ransomware hunt

Michael Gillespie found a new ransomware that appends the .encrypted extension and drops a ransom note named SOLVE ENCRYPTED FILES.txt.

RANSOM RANSOM

26.9.20

‘Dark Overlord’ hacker pleads guilty, sentenced to 5 years for extortion threats

Years after he threatened to publicly release information from hacking victims unless they agreed to his digital extortion demands, Nathan Wyatt is headed to a U.S. prison.

RANSOM RANSOM

26.9.20

ThunderX ransomware: analysis and a free decryptor!

In this blog post we describe our findings on the new ransomware family ThunderX that was recently discovered. We also announce a free decryptor that we are making available to help victims at no charge.

RANSOM RANSOM

26.9.20

New STOP Ransomware variant

Michael Gillespie found a new variant of the STOP ransomware that appends the .kolz extension to encrypted files.

RANSOM RANSOM

26.9.20

New Zhen Ransomware

GrujaRS found a new ransomware that appends the .zhen extension to encrypted files.

RANSOM RANSOM

26.9.20

New LeakThemAll variant

Michael Gillespie found a new variant of the LeakThemAll ransomware that appends .montana and drops a ransom note of !HELP!.txt.

RANSOM RANSOM

26.9.20

New Egregor ransomware

Michael Gillespie and PolarToffee found a new ransomware called Egregor that appears to be a Sekhmet spinoff. It uses a random extension and drops a ransom note named RECOVER-FILES.txt.

RANSOM RANSOM

20.9.20

Leading U.S. laser developer IPG Photonics hit with ransomware

IPG Photonics, a leading U.S. developer of fiber lasers for cutting, welding, medical use, and laser weaponry has suffered a ransomware attack that is disrupting their operations.

RANSOM RANSOM

20.9.20

U.K. warns of surge in ransomware threats against education sector

The U.K. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware incidents targeting educational institutions, urging them to follow the recently updated recommendations for mitigating malware attacks.

RANSOM RANSOM

20.9.20

New ransomware targeting Vietnam

MalwareHunterTeam found a new ransomware that targets Vietnam.

RANSOM RANSOM

20.9.20

New LINA Dharma variant

Xiaopao found a new Dharma ransomware variant that appends the .lina extension to encrypted files.

RANSOM RANSOM

20.9.20

New BlackHeart ransomware found

Xiaopao found new BlackHeart variant that .Alix1011RVA extension and drops a ransom note named ReadME-Alix1011RVA.

RANSOM RANSOM

20.9.20

New Xorist variant

Xiaopao found new Xorist variant that append the .TAKA extension.

RANSOM RANSOM

20.9.20

Ransomware attack at German hospital leads to death of patient

A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.

RANSOM RANSOM

20.9.20

Maze ransomware now encrypts via virtual machines to evade detection

The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine.

RANSOM RANSOM

20.9.20

New DogeCrypt DesuCrypt variant

dnwls0719 found a new DesuCrypt variant that calls itself DogeCrypt and appends the .DogeCrypt extension.

RANSOM RANSOM

20.9.20

New Xorist ransomware variant

Michael Gillespie found a new Xorist Ransomware variant that appends the .YOURPCISHACK16024752552658 extension to encrypted files.

RANSOM RANSOM

20.9.20

New TEREN Dharma variant

Jakub Kroustek found a new variant of the Dharma ransomware that appends the .TEREN extension.

RANSOM RANSOM

20.9.20

LockBit ransomware launches data leak site to double-extort victims

The LockBit ransomware gang has launched a new data leak site to be used as part of their double extortion strategy to scare victims into paying a ransom.

RANSOM RANSOM

20.9.20

University Hospital New Jersey hit by SunCrypt ransomware, data leaked

University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data.

RANSOM RANSOM

20.9.20

New PewPew ransomware destroys files

GrujaRS found a new PewPew Ransomware that appends the .abkir extension and wipes files.

RANSOM RANSOM

20.9.20

New Demonware ransomware

JAMESWT found the new Demonware python ransomware.

RANSOM RANSOM

20.9.20

New Zeoticus 2.0 ransomware

Michael Gillespie found a new ransomware called Zeoticus 2.0 that appends the extension "..immunityyoung@aol.com.young" and drops a ransom note named README.html.

RANSOM RANSOM

20.9.20

New STOP ransomware variant

Michael Gillespie found a new STOP variant that appends the .npph extension to encrypted files.

RANSOM RANSOM

20.9.20

New Nefilim ransomware variant

Michael Gillespie found a new Nefilim variant that appends the .MEFILIN extension and drops a ransom note named MEFILIN-README.txt.

RANSOM RANSOM

20.9.20

Emsisoft releases a Cyborg ransomware decryptor

Emsisoft has released a decryptor for the Cyborg ransomware that supports the .petra, .EncryptedFilePayToGetBack, .Cyborg1, and .LockIt extensions.

RANSOM RANSOM

20.9.20

New AHP Dharma ransomware variant

Marcelo Rivero found a new Dharma Ransomware variant that appends the .AHP extension to encrypted files.

RANSOM RANSOM

20.9.20

Emsisoft releases a Crypt32 decryptor

Emsisoft has released a decryptor for the Crypt32 ransomware.

RANSOM RANSOM

20.9.20

New Chuk Dharma variant

Xiaopao found new Dharma Ransomware variant that append the .chuk extension.

RANSOM RANSOM

20.9.20

New Xorist variant

Xiaopao found new Xorist Ransomware variant that append the .BD extension.

RANSOM RANSOM

20.9.20

Critical Infrastructure Ransomware Attacks

In September 2019, we started a dataset of Critical Infrastructures Ransomware Attacks (CIRWAs). These are based on publicly disclosed incidents in the media or security reports. This dataset (version 10.2) now has 687 records assembled from publicly disclosed incidents between November 2013 and August 2020, and has been mapped to the MITRE ATT&CK Framework (39% mapping on software/strain). This is a FREE resource that you can request.

RANSOM RANSOM

20.9.20

Fairfax County schools hit by Maze ransomware, student data leaked

Fairfax County Public Schools (FCPS), the 10th largest school division in the US, was recently hit by ransomware according to an official statement published on Friday evening.

RANSOM RANSOM

13.9.20

New BLM Dharma variant

Onyx Mods found a new Dharma Ransomware variant that appends the .blm extension.

RANSOM RANSOM

13.9.20

New Consciousness Ransomware

MalwareHunterTeam found the new Consciousness Ransomware that appends the .Consciousness extension and drops a ransom note named Consciousness Ransomware Text Message.txt. Michael Gillespie said this is basically a wiper as it does not save the keys properly for encrypted files.

RANSOM RANSOM

13.9.20

Karachi police office computer system hacked, ransom demanded

Hackers hacked the computer system data of Karachi Police Office (KPO) Media Cell and demanded a ransom of 9 980. The data of Med or Cell is 700.GB Cybercrime officers arrived at the scene, seized the data system and launched an investigation.

RANSOM RANSOM

13.9.20

Development Bank of Seychelles hit by ransomware attack

The Development Bank of Seychelles (DBS) was hit by ransomware according to a press statement published earlier today by the Central Bank of Seychelles (CBS).

RANSOM RANSOM

13.9.20

Ransomware accounted for 41% of all cyber insurance claims in H1 2020

Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by Coalition, one of the largest providers of cyber insurance services in North America.

RANSOM RANSOM

13.9.20

SoftServe hit by ransomware, Windows customization tool exploited

Ukrainian software developer and IT services provider SoftServe suffered a ransomware attack on September 1st that may have led to the theft of customers' source code.

RANSOM RANSOM

13.9.20

Equinix data center giant hit by Netwalker Ransomware, $4.5M ransom

Data center and colocation giant Equinix has been hit with a Netwalker ransomware attack where threat actors are demanding $4.5 million for a decryptor and to prevent the release of stolen data.

RANSOM RANSOM

13.9.20

ProLock ransomware increases payment demand and victim count

Using standard tactics, the operators of ProLock ransomware were able to deploy a large number of attacks over the past six months, averaging close to one target every day.

RANSOM RANSOM

13.9.20

New Dharma Ransomware variant

Xiaopao found new Dharma Ransomware variants that append the .blm and .eur extensions.

RANSOM RANSOM

13.9.20

New Flamingo Ransomware

Michael Gillespie found a new ransomware that appends the .FLAMINGO extension and drops a ransom note named #READ ME.TXT.

RANSOM RANSOM

13.9.20

Leading US video delivery provider confirms ransomware attack

SeaChange International, a US-based leading supplier of video delivery software solutions, has confirmed a ransomware attack that disrupted its operations during the first quarter of 2020.

RANSOM RANSOM

13.9.20

Thailand hostpital hit with ransomware

Saraburi Hospital was attacked by ransomware, unable to access data on the system. Affect the service of patients Anyone who has advice and can provide assistance, please tell the doctor in this link.

RANSOM RANSOM

13.9.20

New OGDO STOP variant

Michael Gillespie found a new STOP Ransomware variant that appends the .ogdo extension.

RANSOM RANSOM

13.9.20

New MedusaLocker variant

Michael Gillespie found a new MedusaLocker Ransmomware variant that appends the .networkmaze.

RANSOM RANSOM

13.9.20

New Matrix ransomware variant

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .S996 extension and drops a ransom note named S996_INFO.rtf.

RANSOM RANSOM

13.9.20

New Xorist variant

Michael Gillespie found a new Xorist Ransmomware variant that appends the .hnx911.

RANSOM RANSOM

13.9.20

New Matrix ransomware variant

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .J91D extension and drops a ransom note named J91D_README.rtf.

RANSOM RANSOM

13.9.20

Netwalker ransomware hits Pakistan's largest private power utility

K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services.

RANSOM RANSOM

13.9.20

Ransomware delays first day of school for Hartford, Connecticut

The Hartford School District in Connecticut has postponed their first day of school as they struggle with getting classroom and transportation systems restored and running after a Labor Day holiday weekend ransomware attack.

RANSOM RANSOM

13.9.20

New golang BlackRose ransomware

Joakim Kennedy found a new in-development ransomware called BlackRose.

RANSOM RANSOM

13.9.20

New ThunderX Ransomware

S!Ri found a new ransomware called ThunderX that appends the .tx_locked extension.

RANSOM RANSOM

13.9.20

DoppelPaymer ransomware hits Newcastle University, leaks data

UK research university Newcastle University says that it will take several weeks to get IT services back online after DoppelPaymer ransomware operators breached its network and took systems offline on the morning of August 30th.

RANSOM RANSOM

13.9.20

Netwalker ransomware hits Argentinian government, demands $4 million

Argentina's official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country.

RANSOM RANSOM

5.9.20

SunCrypt Ransomware shuts down North Carolina school district

A school district in North Carolina has suffered a data breach after having unencrypted files stolen during an attack by the SunCrypt Ransomware operators, BleepingComputer has discovered.

RANSOM RANSOM

5.9.20

FBI issues second alert about ProLock ransomware stealing data

The FBI issued a second warning this week to alert US companies of ProLock ransomware operators stealing data from compromised networks before encrypting their victims' systems.

RANSOM RANSOM

5.9.20

Thanos Ransomware adds Windows MBR locker that fails every time

A new Thanos ransomware strain is trying and failing to deliver the ransom note onto compromised systems by overwriting the computers' Windows master boot record (MBR).

RANSOM RANSOM

5.9.20

New AIDS_NT Ransomware

GrujaRS found a new ransomware named AIDS_NT that drops a ransom note named AIDS_NT_Instructions.txt.

RANSOM RANSOM

5.9.20

New GOLD Dharma variant

Xiaopao found a new Dharma Ransomware variant that appends the .gold extension.

RANSOM RANSOM

5.9.20

New Fappy Ransomware

S!Ri found a new HiddenTear ransomware variant that appends the .Fappy extension to encrypted files.

RANSOM RANSOM

5.9.20

New z3enc Ransomware

S!Ri found a new ransomware that appends the .z3enc extension to encrypted files.

RANSOM RANSOM

5.9.20

New AESMewLocker Ransomware

Amigo-A found a new ransomware dubbed AESMewLocker that appends the .locked extension and drops a ransom note named READ_IT.txt.

RANSOM RANSOM

5.9.20

New HiddenTear variant

Onyx Mods LLC found a new HiddenTear variant that appends the .klavins extension to encrypted files.

RANSOM RANSOM

5.9.20

New HiddenTear Ransomware variant

Xiaopao found a new HiddenTear variant that appends the .UGMH extension.

RANSOM RANSOM

5.9.20

DLL Fixer leads to Cyrat Ransomware

The malware disguises as DLL fixer 2.5 (see image below). Upon execution it will display a randomly created number of corrupted DLLs it pretends to have found on the system. After the system has been encrypted, a success message for fixing the DLLs is shown.

RANSOM RANSOM

5.9.20

New Crypter Ransomware

Xiaopao found a new ransomware that appends the .locked extension.

RANSOM RANSOM

5.9.20

New Matrix Ransomware variant

Xiaopao found a new Matrix Ransomware variant that appends the .FDFK22 extension and drops a ransom note named FDFK22_INFO.rtf.

RANSOM RANSOM

5.9.20

New BlackKnight screen locker

xiaopao found the BlackKnight screenlocker that requires you to enter a password to get access to the Windows desktop.

RANSOM RANSOM

5.9.20

New Geneve Ransomware

Amigo-A found a new ransomware named Geneve that appends a random extension and drops a ransom note named DECRYPT.html.

RANSOM RANSOM

5.9.20

New VashSorena v4 Ransomware variant

dnwls0719 found a new variant of the VashSorena v4 Ransomware that appends the .Id-xxxxxxxx.secure extension and drops ransom notes named HELP_DECRYPT_YOUR_FILES.html and HELP_DECRYPT_YOUR_FILES.txt.

RANSOM RANSOM

5.9.20

New Hexadecimal Ransomware

dnwls0719 found the new Hexadecimal Ransomware that prepends Lock. to the encrypted file names.

RANSOM RANSOM

5.9.20

Zorab ransomware impersonates a decryptor

MalwareHunterTeam found the Zorab Ransomware impersonating a STOP Djvu decryptor.

RANSOM RANSOM

5.9.20

New BlackHeart Ransomware variant

MalwareHunterTeam found a new variant of the BlackHeart Ransomware.

RANSOM RANSOM

5.9.20

Elon Musk confirmed Russian's plans to extort Tesla

The FBI thwarted the plans of 27-year-old Russian national Egor Igorevich Kriuchkov to recruit an insider within Tesla's Nevada Gigafactory, persuade him to plant malware on the company's network, and then ransom Tesla under threat that he would leak data stolen from their systems.

RANSOM RANSOM

5.9.20

New CoronaCrypt0r ransomware

MalwareHunterTeam found the CoronaCrypt0r ransomware that appends the .locked extension.

RANSOM RANSOM

5.9.20

SunCrypt Ransomware sheds light on the Maze ransomware cartel

A ransomware named SunCrypt has joined the 'Maze cartel,' and with their membership, we get insight into how these groups are working together.

RANSOM RANSOM

5.9.20

New Gladius Ransomware

Michael Gillespie found a new ransomware dubbed 'Gladius' that appends the string 'gladius' to encrypted file names and drops a ransom note named Your files are encrypted.txt.

RANSOM RANSOM

5.9.20

DarkSide Ransomware hits North American real estate developer

North American land developer and home builder Brookfield Residential is one of the first victims of the new DarkSide Ransomware.

RANSOM RANSOM

5.9.20

Ryuk successor Conti Ransomware releases data leak site

Conti ransomware, the successor of the notorious Ryuk, has released a data leak site as part of their extortion strategy to force victims into paying a ransom.

RANSOM RANSOM

5.9.20

New ViluciWare Ransomware

JAMESWT found a new ransomware called ViluciWare that appends the .locked extension.

RANSOM RANSOM

5.9.20

New BOOP STOP ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .boop extension.

RANSOM RANSOM

5.9.20

Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme

While ransomware groups each operate based on their own skillset, most of the ransomware incidents in H1 2020 can be attributed to a handful of intrusion vectors that gangs appear to have prioritized this year.

RANSOM RANSOM

5.9.20

Iranian hackers attack exposed RDP servers to deploy Dharma ransomware

Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity.

RANSOM RANSOM

5.9.20

New XMRLocker discovered

Amigo-A found the new XMRLocker Ransomware that appends the .[XMRLocker] and drops a ransom note named ReadMe(HowToDecrypt).txt.

RANSOM RANSOM