Ransomware News 2020 January -  Úvod  2020  2019  2018  0  1  2  3 


2020 -  January February March April May June July August September October November December


H  Ransomware  Jak útočí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

DATE

NAME

INFO

CATEGORY

SUBCATE

26.1.20

City of Potsdam Servers Offline Following Cyberattack

The City of Potsdam severed the administration servers' Internet connection following a cyberattack that took place earlier this week. Emergency services including the city's fire department fully operational and payments are not affected.

RANSOM RANSOM

26.1.20

Citrix Releases Final Patch as Ransomware Attacks Ramp Up

Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.

RANSOM RANSOM

26.1.20

New Ryuk Info Stealer Targets Government and Military Secrets

A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.

RANSOM RANSOM

26.1.20

New Devil Phobos Ransomware variant

MalwareDev found a new variant of the Phobos Ransomware that appends the .devil extension.

RANSOM RANSOM

26.1.20

New OnyxLocker variant discovered

S!Ri found a new variant of the OnyxLocker Ransomware that appends the .кристина extension.

RANSOM RANSOM

26.1.20

New Topi STOP DJvu variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .topi extension to encrypted files.

RANSOM RANSOM

26.1.20

Ransomware Costs Double in Q4 as Ryuk, Sodinokibi Proliferate

The total cost of a ransomware attack is a function of the severity and duration of the attack. Financial costs include the the ransom payment if one is made, and the costs to remediation of a network and its hardware. Costs also include lost revenue and potential brand damage if business interruption is severe enough. In Q4, ransomware actors also began exfiltrating data from victims and threatening its release if the ransom was not paid. In addition to remediation and containment costs, this new complication brings forth the potential costs of 3rd party claims as a result of the data breach.

RANSOM RANSOM

26.1.20

ChernoLocker Decryptor updated

Emsisoft updated their ChernoLocker Decryptor to support more variants including . chernolocker & (.filelocker@protonmail.ch).

RANSOM RANSOM

26.1.20

New Reha STOP DJvu variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .reha extension to encrypted files.

RANSOM RANSOM

26.1.20

Sodinokibi Ransomware Threatens to Publish Data of Automotive Group

The attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they failed to get in touch and pay the ransom to have the data decrypted.

RANSOM RANSOM

26.1.20

Maze Ransomware Not Getting Paid, Leaks Data Left and Right

Maze ransomware operators have infected computers from Medical Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of data stolen from infected machines.

RANSOM RANSOM

26.1.20

New Mespinoza Ransomware variant

GrujaRS found a new variant of the Mespinoza Ransomware that appends the .pysa extension.

RANSOM RANSOM

26.1.20

New News Dharma Ransomware variant

Raby found a new variant of the Dharma Ransomware that appends the .NEWS extension to encrypted files.

RANSOM RANSOM

26.1.20


600 Computers Taken Down After Florida Library Cyberattack

600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9.

RANSOM RANSOM

26.1.20

BitPyLock Ransomware Now Threatens to Publish Stolen Data

A new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices.

RANSOM RANSOM

26.1.20

Windows EFS Feature May Help Ransomware Attackers

Security researchers have created concept ransomware that takes advantage of a feature in Windows that encrypts files and folders to protect them from unauthorized physical access to the computer.

RANSOM RANSOM

26.1.20

FTCode Ransomware Now Steals Saved Login Credentials

FTCode ransomware victims now have one more thing to worry about with the malware having been upgraded to also steal saved user credentials from email clients and web browsers.

RANSOM RANSOM

26.1.20

RIG Exploit kit was pushing Paradise Ransomware

mol69 noticed that the RIG exploit kit was pushing a Paradise Ransomware variant that appends the .777 extension.

RANSOM RANSOM

26.1.20

New Nosu STOP DJvu variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nosu extension to encrypted files.

RANSOM RANSOM

26.1.20

New Jersey Synagogue Suffers Sodinokibi Ransomware Attack

Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network.

RANSOM RANSOM

26.1.20

Nemty Ransomware changes its web site

dnwls0719 discovered that Nemty has updated their RaaS payment site to a new layout.

RANSOM RANSOM

19.1.20

Sodinokibi Ransomware Publishes Stolen Data for the First Time

For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time.

RANSOM RANSOM

19.1.20

New Creeper Ransomware variant

Amigo-A found a new variant of the Creeper Ransomware that appends the .rag2hdst extension and drops a ransom note named DECRIPT_FILES.txt.

RANSOM RANSOM

19.1.20

New Satan Ransomware variant

onion found a new variant of the Satan Ransomware that appends the .5ss5c extension and continues to utilize Mimikatz and EternalBlue.

RANSOM RANSOM

19.1.20

Nemty Ransomware to Start Leaking Non-Paying Victim's Data

The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom.

RANSOM RANSOM

19.1.20

New RedRum Ransomware

Michael Gillespie found a new ransomware named RedRum that appends the .grinch extension and uses a filemarker of "happyny3.1".

RANSOM RANSOM

19.1.20

Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices

The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.

RANSOM RANSOM

19.1.20

Satan ransomware rebrands as 5ss5c ransomware

The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named "5ss5c".

RANSOM RANSOM

19.1.20

New Sivo Ransomware

S!Ri found a new ransomware called Sivo that appends the .sivo extension and drops a ransom note named Sivo-README.txt.

RANSOM RANSOM

19.1.20

Paradise Ransomware decryption tool

Bitdefender Labs has a released a decryptor for the Paradise Ransomware.

RANSOM RANSOM

19.1.20

Emsisoft updates their Paradise Ransomware decryptor

Emsisoft updated their Paradise Ransomware decryptor to support the .stub, .corp and .vacv2 extensions.

RANSOM RANSOM

19.1.20

New Rams1 ransomware

S!Ri found a new ransomware that appears to be in-development and appends the .rams1 extension to encrypted files.

RANSOM RANSOM

19.1.20

Cryakl Releases a new version

Albert Zsigovits noticed that Crakl released a new version (1.8.0.0) of the ransomware.

RANSOM RANSOM

19.1.20

New Kodc STOP Djvu variant

Michael Gillespie found a new variant of the STOP Djvu rasomware that appends the .kodc extension to encrypted files.

RANSOM RANSOM

12.1.20

New Lion Ransomware

GrujaRS found the Lion Ransomware which is based off of BlackHeart.

RANSOM RANSOM

12.1.20

New Inchin Scarab Ransomware variant

Amigo-A found a new variant of the Scarab Ransomware that appends the .inchin extension to encrypted files and drops a ransom note named RECOVER.TXT.

RANSOM RANSOM

12.1.20

Maze Ransomware Publishes 14GB of Stolen Southwire Files

The Maze Ransomware operators have released an additional 14GB of files that they claim were stolen from one of their victims for not paying a ransomware demand.

RANSOM RANSOM

12.1.20

Sodinikibi Ransomware Hits New York Airport Systems

Albany International Airport's staff announced that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas.

RANSOM RANSOM

12.1.20

Ako Ransomware: Another Day, Another Infection Attacking Businesses

Like moths to a flame, new ransomware targeting businesses keep appearing every day as they are enticed by the prospects of million-dollar ransom payments. An example of this is a new ransomware called Ako that is targeting the entire network rather than just individual workstations.

RANSOM RANSOM

12.1.20

New BitPyLock Ransomware

MalwareHunterTeam found a new ransomware called BitPyLock that appends the .bitpy extension and drops a ransom note named # HELP_TO_DECRYPT_YOUR_FILES #.html. Korben Dallas found the Afrodita ransomware that appends the

RANSOM RANSOM

12.1.20

New Kangaroo Ransomware variant

S!Ri found a new Kangaroo Ransomware variant that appends the .missing extension to encrypted files.

RANSOM RANSOM

12.1.20

New Quimera Ransomware

S!Ri found a new ransomware called Quimera.

RANSOM RANSOM

12.1.20

Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another

The attackers behind the Sodinokibi Ransomware are applying pressure on Travelex to pay a multi-million dollar ransom by stating they will release or sell stolen data that allegedly contains customer's personal information.

RANSOM RANSOM

12.1.20

New M461c14n R4n50m3w473

MalwareHunterTeam found a new ransomware dubbed M461c14n R4n50m3w473.

RANSOM RANSOM

12.1.20

Roll Safe Ransomware

S!Ri found a new ransomware that appends the .encrypted extension.

RANSOM RANSOM

12.1.20

New DarkCrypt WannaCryFake variant

S!ri found a new variant of the WannaCryFake Ransomware that calls itself DarkCrypt that drops a ransom note named README.txt.

RANSOM RANSOM

12.1.20

SNAKE Ransomware Is the Next Threat Targeting Business Networks

Since network administrators didn't already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it.

RANSOM RANSOM

12.1.20

New Deniz_kizi Ransomware

Parthi found a new ransomware that appends .Deniz_kizi to encrypted files and drops a ransom note named Please Read Me!!!.hta.

RANSOM RANSOM

12.1.20

New Somik1 Ransomware

S!Ri found a new ransomware called Somik1 that appears to be in development.

RANSOM RANSOM

12.1.20

New SatanCryptor Ransomware

S!Ri found a new ransomware called SatanCryptor that drops a ransom note named # SATAN CRYPTOR #.hta and appends the .Satan extension to encrypted files.

RANSOM RANSOM

12.1.20

Aurora Decryptor updated

Emsisoft updated their Aurora Decryptor to support the .crypton extension.

RANSOM RANSOM

12.1.20

Sodinokibi Ransomware Hits Travelex, Demands $3 Million

It's been more than six days since a cyber attack took down the services of the international foreign currency exchange company Travelex and BleepingComputer was able to confirm that the company systems were infected with Sodinokibi ransomware.

RANSOM RANSOM

12.1.20

New Crypton Aurora Ransomware variant

dnwls0719 found a new Aurora Ransomware variant that appends the .crypton extension and drops ransom notes named @_FILES_WERE_ENCRYPTED_@.TXT, @_HOW_TO_PAY_THE_RANSOM_@.TXT, and @_HOW_TO_DECRYPT_FILES_@.TXT.

RANSOM RANSOM

12.1.20

New Erica Encoder Ransomware

dnwls0719 found a new ransomware named Erica Encoder that uses a random extension and drops a ransom note named HOW TO RESTORE ENCRYPTED FILES.TXT.

RANSOM RANSOM

5.1.20

New SlankCryptor Ransomware

MalwareHunterTeam found a new in-development ransomware called "SlankCryptor Profit Only" that appends .slank extension to encrypted files.

RANSOM RANSOM

5.1.20

Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools

The Clop Ransomware continues to evolve with a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications.

RANSOM RANSOM

5.1.20

FBI Warns of Maze Ransomware Focusing on U.S. Companies

Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first.

RANSOM RANSOM

5.1.20

New Zeoticus Ransomware

S!Ri found a new ransomware called Zeoticus that appends the .zeoticus extension to encrypted files.

RANSOM RANSOM

5.1.20

New WannaCryFake Ransomware

Michael Gillespie found a new WannCryFake variant called AWT Ransomware that appends the .AWT extension to encrypted files and drops a ransom note named ReadMe.txt.

RANSOM RANSOM

5.1.20

New RIDIK Dharma variant

Michael Gillespie found a new Dharma Ransomware variant that appends the .RIDIK extension to encrypted files.

RANSOM RANSOM

5.1.20

Nemty 2.2 and 2.3: analysis of their cryptography, and a decryptor for some file types

Tesorion has previously released decryptors for the Nemty ransomware up to version 1.6. Recently, new versions of Nemty have appeared in the wild. In this blog post we describe how a weird variant of AES-128 counter mode (CTR) encryption is used in Nemty 2.2 and 2.3 for its file encryption. We also announce the availability of a free decryptor for common office documents encrypted by Nemty 2.2 and 2.3.

RANSOM RANSOM

5.1.20

How the Ransomware Economy Has Grown

The breadth and magnitude of ransomware attacks occurring today suggest that the cyber extortion industry has evolved exponentially over the past 12 months. It is as difficult to keep up with the headlines as the security advice that follows. In the face of this media firehose, it is important to step back and understand how we got to the state. We feel there are three primary elements that have lead to the current state of cyber extortion, and ransomware in particular.

RANSOM RANSOM

5.1.20

Ransomware Attackers Offer Holiday Discounts and Greetings

To celebrate the holidays, ransomware operators are providing discounts or season's greetings to entice victims into paying a ransom demand.

RANSOM RANSOM

5.1.20

Maze Ransomware Sued for Publishing Victim's Stolen Data

The anonymous operators behind the Maze Ransomware are being sued by a victim for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid.

RANSOM RANSOM

5.1.20

New c0hen Locker Ransomware

Jack found a new ransomware called c0hen Locker that appends the .c0hen extension to encrypted files. The unlock key is 12309482354ab2308597u235fnq30045f.

RANSOM RANSOM

5.1.20

New Phobos Ransomware variant

M. Shahpasandi found a new Phobos Ransomware variant that appends the .Dever extension to encrypted files.

RANSOM RANSOM

5.1.20

Ransomware Hits Maastricht University, All Systems Taken Down

Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23.

RANSOM RANSOM

5.1.20

U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility

The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility.

RANSOM RANSOM

5.1.20

WannaCash uses .happy new year extension

Alex Svirid found a new variant of the WannaCash ransomware that appends the ".happy new year" extension to encrypted file names.

RANSOM RANSOM

5.1.20

Ryuk Ransomware Stops Encrypting Linux Folders

A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems.

RANSOM RANSOM

5.1.20

Maze Ransomware Releases Files Stolen from City of Pensacola

The actors behind the Maze Ransomware have released 2GB of files that were allegedly stolen from the City of Pensacola during their ransomware attack.

RANSOM RANSOM

5.1.20

New Matrix Ransomware variant

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .BDDY and drops a ransom note named #BDDY_README#.rtf.

RANSOM RANSOM

5.1.20

Sherwood telemarketing company temporarily shuts down, blames cyber attack ransom

A Sherwood telemarketing agency has unexpectedly closed its doors, leaving over 300 employees without jobs a few days before Christmas.

RANSOM RANSOM

5.1.20

Like Voldemort, Ransomware Is Too Scary to Be Named

Wary of alarming investors, companies victimized by ransomware attacks often tell the SEC that “malware” or a “security incident” disrupted their operations.

RANSOM RANSOM

5.1.20

FBI Issues Alert For LockerGoga and MegaCortex Ransomware

The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.

RANSOM RANSOM

5.1.20

New Piny and Redl STOP Djvu Ransomware variants

Michael Gillespie found new variants of the Stop Djvu Ransomware that append the .piny or .redl extensions to encrypted files.

RANSOM RANSOM