Ransomware 2019  2026()  2025()  2024()  2023(2) 2020()  2019()  2018()  OTHER() |    
Ransomware  Jak útoèí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  Prevence  Video  Vývoj

Datum

Název

Popis

CATEGORY

SUBCATE

22.12.19

Emsisoft releases decryptor for ChernoLocker Emsisoft released a decryptor for the ChernoLocker ransomware. RANSOM RANSOM
22.12.19 New CHERNOLOCKER Ransomware S!ri found a new ransomware called CHERNOLOCKER that appends the .CHERNOLOCKER) extension to encrypted files. RANSOM RANSOM
22.12.19 Decryptor released for Mapo variant of GarrantyDecrypt CERT Polska released a decryptor for the Mapo variant of the GarrantyDecrypt ransomware. RANSOM RANSOM
22.12.19 New SaveTheQueen Ransomware MalwareHunterTeam found a new variant of the SaveTheQueen Ransomware that appends the .SaveTheQueen extension to encrypted files. More analysis of this ransomware was done by F0wl and Vitali Kremez. RANSOM RANSOM
22.12.19 ScreenConnect MSP Software Used to Install Zeppelin Ransomware Threat actors are utilizing the ScreenConnect (now called ConnectWise Control) MSP remote management software to compromise a network, steal data, and install the Zeppelin Ransomware on compromised computers. RANSOM RANSOM
22.12.19 Canadian Insurance Firm Hit By Maze Ransomware, Denies Data Theft An insurance and financial services company based out of Manitoba, Canada is the latest victim of the Maze Ransomware with allegedly 245 computers encrypted during a cyberattack in October. RANSOM RANSOM
22.12.19 New Recoil Ransomware RaaS scam David Montenegro found a new RaaS called Recoil. Users report, though, that this is a scam. RANSOM RANSOM

22.12.19

New RDP Paradise Ransomware variant S!ri found a new variant of the Paradise Ransomware that appends the .rdp extension. RANSOM RANSOM
22.12.19 Ransomware Hit Over 1,000 U.S. Schools in 2019 Since January, 1,039 schools across the U.S. have been potentially hit by a ransomware attack after 72 school districts and/or educational institutions have publicly reported being a ransomware victim according to a report from security solutions provider Armor. RANSOM RANSOM
22.12.19 Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors. RANSOM RANSOM
22.12.19 New Mkos STOP Ransomware variant Michael Gillespie found a new variant of the STOP Ransomware that appends the .mkos extension. RANSOM RANSOM
22.12.19 Hackers hit Norsk Hydro with ransomware. The company responded with transparency “We may be under attack,” said his IT colleague at Norsk Hydro, one of the world’s largest aluminum companies. Production lines had stopped at some of its 170 plants. Other facilities were switching from computer to manual operations. RANSOM RANSOM
22.12.19 New Nbes STOP Ransomware variant Amigo-A found a new variant of the STOP Ransomware that appends the .nbes extension to encrypted files. RANSOM RANSOM
22.12.19 Ryuk Ransomware Likely Behind New Orleans Cyberattack Based on files uploaded to the VirusTotal scanning service, the ransomware attack on the City of New Orleans was likely done by the Ryuk Ransomware threat actors. RANSOM RANSOM
22.12.19 NJ’s largest hospital system forced to pay ransom in cyber attack New Jersey’s largest hospital system said Friday that a ransomware attack last week disrupted its computer network and that it paid a ransom to stop it. RANSOM RANSOM
15.12.19 New Ransomware appends .chch @GrujaRS found a new ransomware that appends the .chch extension to encrypted files and drops a ransom note named READ_ME.TXT. Uses a contact email of squadhack@email.tg. RANSOM RANSOM
15.12.19 New Orleans Suffers Ransomware Attack, Emergency Services Intact The City of New Orleans, Louisiana has suffered a ransomware attack that has led to the shut down of the city's servers and computer, but the city states emergency services remain intact. RANSOM RANSOM
15.12.19 New DMR Ransomware discovered MalwareHunterTeam found the DMR Ransomware that appends the .DMR64 extension and drops a ransom note named !!! READ THIS !!!.hta. RANSOM RANSOM

15.12.19

The State of Ransomware in the US: Report and Statistics 2019 In 2019, the U.S. was hit by an unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion. RANSOM RANSOM
15.12.19 Maze Ransomware Demands $6 Million Ransom From Southwire Maze Ransomware operators claim responsibility for another cyber attack, this time against leading wire and cable manufacturer Southwire Company, LLC (Southwire) from Carrollton, Georgia. RANSOM RANSOM
15.12.19 Another Ransomware Will Now Publish Victims' Data If Not Paid The operators of the REvil Ransomware, otherwise known as Sodinokibi, have announced that they will use stolen files and data as leverage to get victims to pay ransoms. RANSOM RANSOM
15.12.19 Zeppelin Ransomware Targets Healthcare and IT Companies A new variant of the VegaLocker/Buran Ransomware called Zeppelin has been spotted infecting U.S. and European companies via targeted installs. RANSOM RANSOM

15.12.19

Maze Ransomware Behind Pensacola Cyberattack, $1M Ransom Demand The operators behind the Maze Ransomware have claimed responsibility for the cyberattack affecting the City of Pensacola, Florida, but state that they are not affiliated with the recent shooting at NAS Pensacola. RANSOM RANSOM
15.12.19 Ransomware Hits Florida PRIDE On Saturday, Systems Still Down Prison Rehabilitative Industries and Diversified Enterprises Inc (PRIDE) was hit by a ransomware attack on Saturday, December 7. The nonprofit organization's website and affected systems are still down. RANSOM RANSOM
15.12.19 New ASD Dharma Ransomware variant Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .asd extension to encrypted files. RANSOM RANSOM
15.12.19 New MERL STOP Djvu Ransomware variant Michael Gillespie found a new variant of the STOP Djvu Ransomware variant that appends the .merl extension. RANSOM RANSOM

15.12.19

Clop tries to bypass Kaspersky Vitali Kremez analyzed a new variant of the Clop Cryptomix Ransomware that attempts to bypass the Kaspersky Product Suite. RANSOM RANSOM
15.12.19 Ryuk Ransomware Decryptor Is Broken, Could Lead to Data Loss Due to recent changes in the Ryuk Ransomware encryption process, a bug in the decryptor could lead to data loss in large files. RANSOM RANSOM
15.12.19 Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools Researchers discovered a new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions and immediately starts encrypting files once the system loads. RANSOM RANSOM
15.12.19 Pensacola, Florida Hit by Cyber Attack, City Services Impacted The city of Pensacola is struggling to recover from a cyber attack that hit its computer network over the weekend. Some services are still affected but no critical ones. RANSOM RANSOM
15.12.19 New GESD STOP Djvu Ransomware variant Michael Gillespie found a new variant of the STOP Djvu Ransomware variant that appends the .gesd extension. RANSOM RANSOM
8.12.19New Zeppelin Ransomware Michael Gillespie noticed that the new Zeppelin ransomware pays homage to Led Zeppelin in its musical file marker. Also appends the .[3 hex]-[3 hex]-[3 hex] extension to encrypted files and drops a ransom note named readme.txt. RANSOM RANSOM
8.12.19New b1 Paradise Ransomware variant Michael Gillespie found a new Paradise Ransomware variant that appends the .b1 extension. This variant is not decryptable. RANSOM RANSOM
8.12.19Ransomware Writes Drama at Shakespeare Theatre A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area. RANSOM RANSOM
8.12.19U.S. Data Center Provider Hit by Ransomware Attack CyrusOne, a large data center provider in the U.S., announced on Thursday that some of its systems were affected by a ransomware attack. RANSOM RANSOM
8.12.19New BlackHeart ransomware variant S!Ri found a new variant of the BlackHeart Ransomware. RANSOM RANSOM
8.12.19New Righ Stop Ransomware variant Michael Gillespie found a new STOP ransomware variant that appends the .righ extension. RANSOM RANSOM
8.12.19New RedRum Ransomware Michael Gillespie found a new ransomware that appends the .redrum extension and drops a ransom note named decryption.txt. They obviously like Stephen King. RANSOM RANSOM
8.12.19Analysis of LooCipher, a New Ransomware Family Observed This Year The McAfee ATR team has now analyzed a new ransomware family with some special features we would like to showcase. LooCipher represents how a new actor in an early stage of development used the same techniques of distribution as other players in the ransomware landscape. The design of the ransomware note reminded us of the old times of Cerber ransomware, a very well impacted design to force the user to pay the rescue. RANSOM RANSOM
8.12.19Ryuk Ransomware Is Making Victims Left and Right While doing some open-source intelligence (OSINT), a security researcher discovered that a provider of end-to-end solutions for emergency care facilities in the U.S. fell victim to Ryuk ransomware. RANSOM RANSOM
8.12.19The history of Ransomware: A supervillain 30 years in the making Unlike other supervillains, Ransomware had no defining life event which set him on a path of evil and criminality. On the contrary, Ransomware was a bad actor from the very moment he was conceived… RANSOM RANSOM
8.12.19Clop Ransomware asks you not to use Gmail MalwareHunterTeam noticed that the CryptoMix Clop Ransomware is now telling users not to use Gmail as it goes into the spam folder. RANSOM RANSOM
8.12.19New Bitx and IMI Dharma Ransomware variant Jakub Kroustek found new Dharma Ransomware variants that append the .bitx or .IMI extensions to encrypted files. RANSOM RANSOM
8.12.19Dutch Govt Warns of 3 Ransomware Infecting 1,800 Businesses A confidential report from the National Cyber Security Centre (NCSC) in the Netherlands informs that at least 1,800 companies are affected by ransomware across the world. RANSOM RANSOM
8.12.19Ransomware Locks Medical Records at Great Plains Health Great Plains Health medical center is recovering from a ransomware incident that hit its computer network at the beginning of the week and forced switching to pen and paper to maintain activity. RANSOM RANSOM
8.12.19Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform. RANSOM RANSOM
8.12.19New Roger Dharma Ransomware variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .ROGER extension to encrypted files. RANSOM RANSOM
8.12.19New DeathRansom Ransomware Begins to Make a Name for Itself A new ransomware called DeathRansom began with a rocky start, but has now resolved it's issues and has begun to infect victims and encrypt their data. RANSOM RANSOM
8.12.19New Crypto Scarab Ransomware variant Amigo-A found a new variant of the Scarab Ransomware that appends the .crypto extension and drops a ransom note named !!! RETURN YOUR FILES !!!.TXT. RANSOM RANSOM
8.12.19New Rote STOP Ransomware variant Amigo-A found a new variant of the STOP ransomware that appends the .rote extension. RANSOM RANSOM
8.12.19Livingston School District in New Jersey Hit With Ransomware Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from. RANSOM RANSOM

24.11.19

Emsisoft Decryptor for TurkStatik Now that was fast! Emsisoft released a decryptor for the TurkStatik Ransomware: The TurkStatik ransomware targets Turkish victims and encrypts their files using Rijndael 256. It appends the ".ciphered" extension to the encrypted files. RANSOM RANSOM

24.11.19

New TurkStatik Ransomware discovered Jack found a new ransomware called TurkStatik that appends the .ciphered extension to encrypted files and drops a Turkish language ransom note named README_DONT_DELETE.txt. RANSOM RANSOM

24.11.19

New HiddenTear Ransomware found MalwareHunterTeam found a new HiddenTear Ransomware variant. RANSOM RANSOM

24.11.19

FBI Warns of Cyber Attacks Targeting US Automotive Industry The U.S. Federal Bureau of Investigation (FBI) Cyber Division warned private industry partners of incoming cyberattacks against the US automotive industry targeting sensitive corporate and enterprise data. RANSOM RANSOM

24.11.19

Clop Ransomware Tries to Disable Windows Defender, Malwarebytes In order to successfully encrypt a victim's data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes' standalone Anti-Ransomware programs. RANSOM RANSOM

24.11.19

Emsisoft releases a new decryptor for Hakbit ransomware We just released a new free decryption tool for the Hakbit ransomware strain. Hakbit has multiple confirmed victims, including home users and businesses in the United States and Europe. RANSOM RANSOM

24.11.19

VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth McAfee's John Fokker and Alexandre Mundo Alguacil publish their in-depth analysis of the GandCrab Ransomware as a Service. RANSOM RANSOM

24.11.19

Emsisoft releases a new decryptor for Hakbit ransomware We just released a new free decryption tool for the Hakbit ransomware strain. Hakbit has multiple confirmed victims, including home users and businesses in the United States and Europe. RANSOM RANSOM

24.11.19

VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth McAfee's John Fokker and Alexandre Mundo Alguacil publish their in-depth analysis of the GandCrab Ransomware as a Service. RANSOM RANSOM

24.11.19

New RIPlace Bypass Evades Windows 10, AV Ransomware Protection A new ransomware bypass technique called RIPlace requires only a few lines of code to bypass ransomware protection features built into many security products and Windows 10.​​​ RANSOM RANSOM

24.11.19

Allied Universal Breached by Maze Ransomware, Stolen Data Leaked After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made. RANSOM RANSOM

24.11.19

New French Jigsaw Ransomware discovered Michael Gillespie found a new Jigsaw Ransomware targeting French users and appending the .fun extension. RANSOM RANSOM

24.11.19

Ransomware Gangs Adopt APT Tactics in Targeted Attacks Ransomware operators are moving away from mass volume attacks and partnering with specialists who use APT techniques to provide stealthy infiltration and network-wide encryption capabilities. RANSOM RANSOM

24.11.19

Microsoft Warns Customers of DoppelPaymer Ransomware Threat The Microsoft Security Response Center (MSRC) warned customers of the threat behind ongoing DoppelPaymer ransomware attacks and reminded them about misleading info on how it spreads. RANSOM RANSOM

24.11.19

Emsisoft releases new decryptor for Jigsaw ransomware Emsisoft released a new decryptor for the Jigsaw Ransomware. RANSOM RANSOM

24.11.19

New DeathRansom Ransomware GrujaRS found the new DeathRansom ransomware that appends the .wctc extension and drops a ransom note named read_me.txt email. RANSOM RANSOM

24.11.19

New Kharma Dharma Ransomware variant Raby found a new variant of the Dharma Ransomware that appends the .kharma extension to encrypted files. RANSOM RANSOM

24.11.19

Shade Ransomware Is the Most Actively Distributed Malware via Email During the first half of 2019, the Shade Ransomware (also known as Troldesh) was the most actively distributed malware via malicious email phishing campaigns according to Singapore-based Group-IB security outfit. RANSOM RANSOM

24.11.19

Critical Windows Update Spam Fails at Delivering Ransomware A new spam campaign pretending to be a 'Critical Microsoft Windows Update' has been discovered that attempts to deliver the Cyborg Ransomware, but turns out to be an utter failure. RANSOM RANSOM

24.11.19

Jigsaw variant found in 1.4K hard-coded SMTP creds Germany's DFN-CERT found a Jigsaw Ransomware variant with 1.4K hardcoded SMTP credentials. RANSOM RANSOM

24.11.19

New SpartCript Ransomware S!Ri found the new SpartCript ransomware that appends the .spartcrypt extension to encrypted files. They should decide on a spelling. RANSOM RANSOM

24.11.19

New MBED and KODG Stop Djvu variants Michael Gillespie found new Stop Djvu ransomware variants that append the .mbed or .kodg extensions to encrypted files. RANSOM RANSOM

24.11.19

Buran Ransomware Infects PCs via Microsoft Excel Web Queries A new spam campaign has been spotted distributing the Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victim's computer. RANSOM RANSOM

24.11.19

Louisiana Government Suffers Outage Due to Ransomware Attack The state government of Louisiana was hit by a ransomware attack today that impacted numerous state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development. RANSOM RANSOM

17.11.19

New SySS Dharma Ransomware variant Jakub Kroustek found a new variant of the Dharma ransomware that appends the .SySS extension to encrypted files. RANSOM RANSOM

17.11.19

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers A new ransomware has been found in the wild that is currently undetected by antivirus engines on public scanning platforms. Its name is NextCry due to the extension appended to encrypted files and that it targets clients of the NextCloud file sync and share service. RANSOM RANSOM

17.11.19

How the most damaging ransomware evades IT security Ransomware has been around for decades, yet it remains a common and lucrative cyberthreat. We decided to take a closer look at the behaviour of ransomware once it is inside a victim system, and how the various tools and techniques observed are used by the most prevalent ransomware families, from WannaCry, Matrix and GandCrab to Ryuk, SamSam, MegaCortex, and more. This article is a summary of a report we’re releasing today, How Ransomware Attacks: What defenders should know about the most prevalent and persistent ransomware families. RANSOM RANSOM

17.11.19

New Clop Ransomware variant has a message for the CEO MalwareHunterTeam noticed that a new Clop CryptoMix ransomware variant has added a line to the ransom note saying that they will only decrypt entire networks and that this message should be sent to the CEO. RANSOM RANSOM

17.11.19

What Happened? Details about the RPS 205 Ransomware and Tech Outage I looked at our server files and saw they had been encrypted. We knew immediately it was ransomware. In every place a file was encrypted, a ransom note was dropped in. We had millions of encrypted files – and the threat actors started encrypting our backups. In hindsight, my military background helped me prepare for this. My telecommunications work started in the U.S. Army. I served two tours of Iraq and spent time in Korea. I'm trained to keep a level head and problem solve one issue at a time. Of course it's a different type of battleground, but I knew this would be reconnaissance. RANSOM RANSOM

17.11.19

New Grod STOP Djvu Ransomware variant Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .grod extension. RANSOM RANSOM

17.11.19

PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS Cybercriminals have developed ransomware that can be ported to all major operating systems and is currently used in targeted attacks against production servers. RANSOM RANSOM

17.11.19

Strange AnteFrigus Ransomware Only Targets Specific Drives A new and strange ransomware called AnteFrigus is now being distributed through malvertising that redirects users to the the RIG exploit kit. Unlike other ransomware, AnteFrigus does not target the C: drive, but only other drives commonly associated with removable devices and mapped network drives. RANSOM RANSOM

17.11.19

New JesusCrypt Ransomware MalwareHunterTeam found a ransomware called JesusCrypt that appends the .jc extension. RANSOM RANSOM

17.11.19

New Peet STOP Djvu Ransomware variant Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .peet extension. RANSOM RANSOM

17.11.19

OMGLOL Ransomware discovered S!Ri found a new ransomware called OMGLOL. Most likely trollware. RANSOM RANSOM

17.11.19

New Ninja Dharma Ransomware variant Jakub Kroustek found a new variant of the Dharma ransomware that appends the .ninja extension to encrypted files. RANSOM RANSOM

17.11.19

Mexico's Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded Mexico's state-owned oil company, Pemex, has suffered a DoppelPaymer ransomware attack that demanded $4.9 million USD in order to decrypt their files. RANSOM RANSOM

17.11.19

If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware A data recovery company is dubiously claiming it has cracked decryption of Dharma ransomware – despite there being no known method of unscrambling its files. RANSOM RANSOM

17.11.19

New KR Dharma Ransomware variant Jakub Kroustek found a new variant of the Dharma ransomware that appends the .kr extension to encrypted files. RANSOM RANSOM

17.11.19

Sodinokibi Ransomware Targeting Asia via the RIG Exploit Kit A new malvertising campaign being used on low quality web games and blogs is redirecting Asian victims to the RIG exploit kit, which is then quietly installing the Sodinokibi Ransomware. RANSOM RANSOM

17.11.19

New Ransomware uses 7Zip GrujaRS found a new ransomware that uses 7zip to password-protection files and append the .crypted extension. RANSOM RANSOM

17.11.19

Major ASP.NET hosting provider infected by ransomware SmarterASP.NET, an ASP.NET hosting provider with more than 440,000 customers, was hit yesterday by ransomware. RANSOM RANSOM

17.11.19

New Nvram Dharma variant GrujaRS found a new Dharma variant that appends the .nvram extension to encrypted files. RANSOM RANSOM

17.11.19

New German based ransomware MalwareHunterTeam found a new German ransomware based on Stupid that appends the .verschlüsselt extension and has an unlock code of "deinemutter". RANSOM RANSOM

10.11.19

New WannaCash variant Alex Svirid found a new variant of the WannaCash ransomware that changes the file name to Файл зашифрован [original_name].wannacash.zip. RANSOM RANSOM

10.11.19

QuikSilver and Billabong Affected by Ransomware Attack Action sports giant Boardriders was hit by a ransomware attack that affected some of its subsidiaries, including QuikSilver and Billabong, and forced the company to shut down computing systems all over the world. RANSOM RANSOM

10.11.19

New Major Ransomware variant GujaRS found a new Major Ransomware variant that appends the .AIR extension and drops a ransom note named TRY_TO_READ.html. RANSOM RANSOM

10.11.19

New Rooster Maoloa variant Raby found a new variant of the Maoloa ​​​​​​​Ransomware that appends the .Rooster865qq extension and drops a ransom note named HOW TO BACK YOUR FILES.exe. RANSOM RANSOM

10.11.19

New Octopus Phobos Ransomware variant Amigo-A found a new variant of the Phobos Ransomware that appendages (get it?) the .octopus extension to encrypted files and drops a ransom note named info.txt. RANSOM RANSOM

10.11.19

New LOKF STOP Djvu Ransomware variant Michael Gillespie found a new STOP Ransomware variant that appends the .lokf extension to encrypted files. RANSOM RANSOM

10.11.19

Seasonal ransomware highlights the need for better reporting and information sharing It appears, however, that we may have been mistaken about the reason for the decrease. Data collected by the EPSRC EMPHASIS Ransomware project and shared with us by Professor David Wall of the University of Leeds shows mid-year spikes in previous years too. RANSOM RANSOM

10.11.19

Inside the FBI's quiet 'ransomware summit' To help stem the tide of file-locking attacks, the FBI quietly convened the country’s top ransomware experts in an unprecedented, closed-door conference in September. The briefings, which occurred over two days, were a recognition by law enforcement officials that their ability to better investigate and prosecute ransomware cases hinges on the private sector sharing more data with them. RANSOM RANSOM

10.11.19

New MOSK STOP Djvu Ransomware variant Michael Gillespie found a new STOP Ransomware variant that appends the .mosk extension to encrypted files. RANSOM RANSOM

10.11.19

New RSA Dharma Ransomware variant Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .rsa extension (lowercase variant) to encrypted files. RANSOM RANSOM

10.11.19

Ransomware Payments Rise as Public Sector is Targeted, New Variants Enter the Market The total cost of a ransomware attack is a function of direct and indirect costs. Direct costs include the immediate remediation of the event, including the ransom if it must be paid. The indirect costs are the costs of business interruption associated with the attack. Business interruption costs are often 5-10x higher than direct costs. Lost revenue and long term brand damage are factors that weigh heavily on victims of ransomware who are not able to recover quickly. RANSOM RANSOM

10.11.19

Buran Ransomware; the Evolution of VegaLocker McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware families like GandCrab, and they are willing to negotiate that rate with anyone who can guarantee an impressive level of infection with Buran. They announced in their ads that all the affiliates will have a personal arrangement with them. RANSOM RANSOM

10.11.19

New GodLock Ransomware GrujaRS found a new FreeMe Ransomware variant that appends the .GodLock extension and drops a ransom note named .GodLock.README.TXT. RANSOM RANSOM

10.11.19

New Paradise Ransomware variant GrujaRS found a new Paradise Ransomware variant that appends the .for extension and drops a ransom note named ---==%$$$OPEN_ME_UP$$$==---.txt. RANSOM RANSOM

10.11.19

Government of Nunavut returns to paper records and phone calls following ransomware attack This past weekend’s ransomware attack on the Government of Nunavut has had far-reaching consequences, having frozen the government’s communications and operating systems and revived the use of telephone calls, paper record-taking and faxes for communication among the territory’s departments. RANSOM RANSOM

10.11.19

Tesorian added to the No More Ransom Project Tesorion has been added a contributing partner to the No More Ransom Project for their Nemty Ransomware decryptor. RANSOM RANSOM

10.11.19

Brooklyn Hospital Loses Patient Data In Ransomware Attack A ransomware attack hitting several computer systems at the Brooklyn Hospital Center in New York caused permanent loss of some patient's data. RANSOM RANSOM

10.11.19

New Megacortex Ransomware Changes Windows Passwords, Threatens to Publish Data A new version of the MegaCortex Ransomware has been discovered that not only encrypts your files, but now changes the logged in user's password and threatens to publish the victim's files if they do not pay the ransom. RANSOM RANSOM

10.11.19

New Meka STOP Djvu Ransomware variant Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends .meka. RANSOM RANSOM

10.11.19

New HakBit variant GrujaRS found a new Hakbit Ransomware variant that uses the .crypted extension. RANSOM RANSOM

10.11.19

New Cyborg Ransomware GrujaRS found the new Cyborg Ransomware that appends the .petra extension and drops a ransom note named Cyborg_DECRYPT.txt. RANSOM RANSOM

10.11.19

New Toec STOP Ransomware variant Amigo-A found a new STOP DJvu Ransomware variant that appends the .toec extension to encrypted files. RANSOM RANSOM

10.11.19

Norsk Hydro Breach: Update on Insurance Coverage So far, Norweigan aluminum company Norsk Hydro has received just $3.6 million from its cyber insurer to cover expenses related to the LockerGoga ransomware attack it suffered in March that led to losses of $50 million to $71 million, the company revealed in its third quarter report. RANSOM RANSOM

10.11.19

Nemty Ransomware Now Spreads via Trik Botnet The operators of Nemty ransomware have found a new distributor for their file-encrypting malware, which now spreads via Trik, a botnet that pushes all sorts of threats. RANSOM RANSOM

10.11.19

Ransomware Attacks Hit Everis and Spain's Largest Radio Network Everis​, an NTT DATA company and one of Spain's largest managed service providers (MSP), had its computer systems encrypted today in a ransomware attack, just as it happened to Spain's largest radio station Cadena SER (Sociedad Española de Radiodifusión). RANSOM RANSOM

10.11.19

New Java-based Ransomware dnwls0719 found a new ransomware coded in JAVA that appends the .encrypted extension and drops a ransom note named HOWTODECRYPT.txt. RANSOM RANSOM

10.11.19

New VIRUS Dharma Ransomware variant Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .VIRUS extension to encrypted files. RANSOM RANSOM

10.11.19

New Jamper Ransomware variant Amigo-A found a new of the Jamper Ransomware that appends the .SONIC extension and drops a ransom note named ---README---.TXT ID: XXXXXXXXXX {10 char.}. RANSOM RANSOM

3.11.19

New HiddenTear variant MalwareHunterTeam found a new HiddenTear variant from Poland that appends the .locked extension. RANSOM RANSOM

3.11.19

GandCrab RaaS Was a Training Ground for Malware Distributors GandCrab operators changed the ransomware business from the ground up, establishing a model that is embraced and continued by other cybercriminals. RANSOM RANSOM

3.11.19

New Sifreli Ransomware Michael Gillespie found a new ransomware that appends the .SIFRELI or .SIFRELI_DOSYA extension and drops a ransom note named fidye-uyari.txt. This could be related to a previous found by Karsten Hahn in January 2017. RANSOM RANSOM

3.11.19

New MedusaLocker Ransomware variant dnwls0719 found a new variant of the MedusaLocker ransomware that appends the .decrypme and drops a ransom note named HOW_TO_OPEN_FILES.html. RANSOM RANSOM

3.11.19

New Noblis Ransomware variant MalwareHunterTeam found a new variant of the Noblis ransomware that appends the .sorryforthis extension. RANSOM RANSOM

3.11.19

The count of managed service providers getting hit with ransomware mounts Threat researchers at the global cloud security provider Armor have been tracking publicly-reported incidents in which MSP and cloud service providers have been hit with ransomware. Thus far, they have documented 13 such incidents this year—with 6 of them reported in the past few months. RANSOM RANSOM

3.11.19

New ASUS and START Dharma Ransomware variant Jakub Kroustek discovered new variants of the Dharma Ransomware that append the .asus or .start extensions to encrypted files. RANSOM RANSOM

3.11.19

Paradise Ransomware Decryptor Gets Your Files Back for Free A decryptor for the Paradise Ransomware has been released by Emsisoft that allows victims to decrypt their files for free. RANSOM RANSOM

3.11.19

Maze Ransomware Attacks Italy in New Email Campaign The Maze Ransomware is conducting a new spam campaign that targets Italian users by pretending to be the country's Tax and Revenue Agency. RANSOM RANSOM

3.11.19

New NAKW STOP Djvu Ransomware variant Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .nakw extension. RANSOM RANSOM

3.11.19

Ransomware Attack Causes School 'District-Wide Shutdown' A ransomware attack hitting Las Cruces Public Schools forced the district to shut down the entire computer system to contain the infection. RANSOM RANSOM

3.11.19

Ransomware Actor Starting Young Makes Big Money, Gets Arrested A 21-year old arrested in Indonesia is suspected to have sent phishing emails that spread ransomware. He is believed to be a lone wolf that started as a teenager and reportedly made at least 300 bitcoins from cybercriminal activities. RANSOM RANSOM

3.11.19

New SamSam variant pays homage to JayTHL GrujaRS found a new SamSam variant that appends the .JayTHL extension to encrypted files. This variant is obviously paying homage to JayTHL. RANSOM RANSOM

3.11.19

New WORM Paradise Ransomware variant Michael Gillespie found a new variant of the Paradise Ransomware that appends the .worm extension. RANSOM RANSOM

3.11.19

Ouroboros Ransomware decryptor released BitDefender released a decryptor for the Ouroboros Ransomware. RANSOM RANSOM

3.11.19

The Ransomware Superhero of Normal, Illinois Thanks to Michael Gillespie, an obscure programmer at a Nerds on Call repair store, hundreds of thousands of ransomware victims have recovered their files for free. RANSOM RANSOM

3.11.19

New XDA Dharma Ransomware variant Jakub Kroustek discovered a new variant of the Dharma Ransomware that appends the .xda extension to encrypted files. RANSOM RANSOM

3.11.19

New Nemty Revenge 2.0 version Michael Gillespie noticed that the Nemty Ransomware is back, but has renamed itself "Nemty Revenge 2.0" version. Michael thinks they may have fixed their crypto flaw. RANSOM RANSOM

3.11.19

TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines TrialWorks, one of the top-rated providers of legal case management software for law firms and attorneys, became the victim of a ransomware attack earlier this month. RANSOM RANSOM

3.11.19

New SEV and LM Paradise Ransomware variant dnwls0719 found new variants of the Paradise Ransomwar that append the .sev or .lm extensions and drops a ransom note named —==%$$$open_me_up$$$==—.txt. RANSOM RANSOM

27.10.19

New Mespinoza Ransomware Amigo-A found a new ransomware named Mespinoza that appends the .locked extension and drops a ransom note named Readme.README. RANSOM RANSOM

27.10.19

DaveSmith Ransomware Amigo-A found the DaveSmith Ransomware that appends the .[daves.smith@aol.com] extension and drops a ransom note named RECOVERY FILE.txt. RANSOM RANSOM

27.10.19

Ransomware Attack Shuts Down City of Johannesburg's Systems The City of Johannesburg municipality shut down the website, its e-services platform, and the billing system (SAP ISU and CRM) following a ransomware attack that also led to unauthorized information access according to a ransom note. RANSOM RANSOM

27.10.19

New HDMR Ransomware GrujaRS found the HDMR Ransomware that appends the .hdmr extension and drops a ransom note named ReadMeAndContact.txt. RANSOM RANSOM

27.10.19

Ransomware and data breaches linked to uptick in fatal heart attacks New research finds that at hospitals that experienced a data breach, the death rate among heart attack patients increased in the months and years afterward. This increased mortality doesn’t appear to be due to the perpetrators themselves — the hackers are not controlling the allocation of medications or doctors. Rather the issue may lie with how health care systems adjust their cybersecurity after an attack, according to a study published in October’s issue of Health Services Research. RANSOM RANSOM

27.10.19

New Coot and Derp STOP Djvu variants Michael Gillespie found new variants of the STOP Djvu ransomware that append the .coot and .derp extensions to encrypted files. RANSOM RANSOM

27.10.19

New Paradise Ransomware variant dnwls0719 found a new Paradise Ransomware variant that appends the _Support_{ID}.FC RansomNote string to encrypted files and drops a ransom note named ---==%$$$OPEN_ME_UP$$$==---.txt. RANSOM RANSOM

27.10.19

FTCode Decryptor released for those with keys Certego released a FTCode Decryptor for those who were able to capture the keys while being encrypted. RANSOM RANSOM

27.10.19

New Rapid Ransomware variant Michael Gillespie found a new variant of the Rapid Ransomware that renames files to [random].droprapid and drops a ransom note named !DECRYPT_DROPRAPID.txt. RANSOM RANSOM

27.10.19

Ransomware hunt for Mockba Michael Gillespie is looking for a new ransomware sample that appends the .mockba extension and drops a ransom note named # HOW TO RECOVER YOUR DATA #.txt. RANSOM RANSOM

27.10.19

Ransomware Attack: Cybercriminals Hit California School District - MSSP Alert California’s San Bernardino City Unified School District (SBCUSD) has discovered that cybercriminals recently used ransomware to lock access to district files. The ransomware attack was launched against SBCUSD’s computer servers, and these servers are currently inaccessible. RANSOM RANSOM

27.10.19

Ransomware Attack Affects Municipal Computer Systems in Johnson City, Tennessee On Oct. 21, a Johnson City employee showed a ransom note left by the ransomware attackers to city IT Director Lisa Sagona. The message asked city officials to contact an email in exchange for payment instructions. Toward that end, the note claimed that the ransomware had encrypted the city government’s backups to dissuade the municipality from attempting to recover its data by any means other than paying for a decryption key. RANSOM RANSOM

27.10.19

New One Dharma Ransomware variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .one extension to encrypted files. RANSOM RANSOM

27.10.19

New InfoDot Ransomware Michael Gillespie found a new ransomware called InfoDot that appends the .info@mymail9[dot]com extension and uses OpenSSL AES-256 + RSA-2048. RANSOM RANSOM

27.10.19

New Foxy Ransomware GrujaRS found the Foxy Ransomware that appears to be in development as it does not encrypt (and probably never will). It uses a ransom note named READ_ME_IMPORTANT.txt. RANSOM RANSOM

27.10.19

New PBD Dharma Ransomware variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .pbd extension to encrypted files. RANSOM RANSOM

27.10.19

MedusaLocker Ransomware Wants Its Share of Your Money A new ransomware called MedusaLocker is being actively distributed and victims have been seen from all over the world. It is not known at this time, how the attacker is distributing the ransomware. RANSOM RANSOM

27.10.19

Billing Provider Billtrust Suffers Outage After Malware Attack U.S. financial services provider Billtrust experienced an outage affecting all of its services after some of the company's computing systems were impacted by a malware attack on October 17. RANSOM RANSOM

27.10.19

Aurora Ransomware decryptor updated Emsisoft released an updated Aurora decryptor that now supports the .masked extension. RANSOM RANSOM

27.10.19

New STOP Djvu variants Michael Gillespie found new variants of the STOP Djvu ransomware that append the .werd or .nols extensions to encrypted files. RANSOM RANSOM

27.10.19

Tools and Tactics of the Sodinokibi Ransomware Distributors Using a network of honeypots, researchers from McAfee examined the tools and tactics used by the Sodinokibi Ransomware (REvil) affiliates to infect their victims with ransomware and compromise other machines on the network. RANSOM RANSOM

27.10.19

New Wiki Dharma Ransomware variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .wiki extension to encrypted files. RANSOM RANSOM

27.10.19

Jokeroo Phishing site launched David Montenegro found a Tor site pretending to be the Jokeroo RaaS, which pulled an exit scam in May 2019. This is most likely another site trying to pull another exit scam. RANSOM RANSOM

27.10.19

New Lbkut Scarab Ransomware variant GrujaRS found a Scarab Ransomware variant that appends the .lbkut extension. RANSOM RANSOM

27.10.19

New Deadmin Locker Ransomware Raby found a ransomware called Deadmin Locker that appends the .DEADMIN extension. Michael Gillespie thinks it may be Everbe 3. RANSOM RANSOM

27.10.19

Maze Ransomware Now Delivered by Spelevo Exploit Kit The Spelevo exploit kit has been spotted by security researchers while infecting victims with Maze Ransomware payloads via a new malicious campaign that exploits a Flash Player use after free vulnerability. RANSOM RANSOM

27.10.19

STOP Ransomware Decryptor Released for 148 Variants A decryptor for the STOP Ransomware has been released by Emsisoft and Michael Gillespie that allows you to decrypt files encrypted by 148 variants of the infection for free. RANSOM RANSOM

27.10.19

REvil Ransomware Affiliates Partner with Corporate Intruders One access-as-a-service provider works with multiple ransomware collectives, including REvil/Sodinokibi, offering them access to large targets. RANSOM RANSOM

27.10.19

Maze Ransomware leaves messages for researchers MalwareHunterTeam has found that the Maze Ransomware is leaving messages for various ransomware researchers in their executables. RANSOM RANSOM

27.10.19

New Uta Dharma Ransomware variant Raby found a new Dharma Ransomware variant that appends the .uta extension to encrypted files. RANSOM RANSOM

27.10.19

New Bot Dharma Ransomware variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .bot extension to encrypted files. RANSOM RANSOM

27.10.19

New Ransomware appends .sun extension Michael Gillespie found a new ransomware that appends the .sun extension and drops a ransom note named DECRYPT_INFORMATION.html. RANSOM RANSOM

27.10.19

New Adair Phobos Ransomware variant M. Shahpasandi found a new variant of the Phobos Ransomware that appends the .Adair extension to encrypted files. RANSOM RANSOM

27.10.19

New Skynet MedusaLocker variant MalwareHunterTeam found a new MedusaLocker Ransomware variant that appends the .skynet extension and drops a ransom note named Readme.html. RANSOM RANSOM

27.10.19

Ransomware statistics for 2019: Q2 to Q3 report Ransomware attacks continued to become more focused and sophisticated in Q2 and Q3 2019. In contrast to the spray-and-pray campaigns of the past, threat actors are increasingly targeting larger and more profitable targets such as businesses, schools and government organizations. RANSOM RANSOM

27.10.19

New oo7 Dharma Ransomware variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .oo7 extension to encrypted files. RANSOM RANSOM

27.10.19

M6, one of France's biggest TV channels, hit by ransomware The M6 Group, France's largest privately-owned multimedia group, was the victim of ransomware over the weekend, but none of the company's TV and radio channels suffered any downtime. RANSOM RANSOM

27.10.19

New Leto STOP Djvu variant Michael Gillespie found a new variant of the STOP Djvu ransomware that appends the .leto extension to encrypted files. RANSOM RANSOM

27.10.19

'Definite uptick': Global wave of ransomware attacks hitting Canadian organizations When a Toronto dentist learned last week that his office's computer network had been attacked with ransomware, it felt like a "violation." RANSOM RANSOM

27.10.19

New Cobain Hermes837 variant dnwls0719 found a new variant of the Hermes837 Ransomware that appends the .cobain extension and drops a ransom note named !!!READ_ME!!!.txt. RANSOM RANSOM

27.10.19

New Kazkavkovkiz Ransomware Amigo-A found the Kazkavkovkiz Ransomware that appends an extension consisting of random numbers. RANSOM RANSOM

27.10.19

Sodinokibi Ransomware: Following the Affiliate Money Trail After a Sodinokibi ransomware affiliate posted partial transaction IDs for ransomware payments, researchers were able to use that information to follow the money trail for affiliates and in some cases, how they spend their illicit earnings. RANSOM RANSOM

27.10.19

New Dishwasher Ransomware Frost found a new ransomware that appends the .clean extension to encrypted files and sets the following image as the desktop wallpaper. RANSOM RANSOM

27.10.19

New Matrix Ransomware variant Underwood found a new Matrix Ransomware variant that appends the .tgmn extension. RANSOM RANSOM

27.10.19

New Crabs Scarab variant Michael Gillespie found a new Scarab Ransomware variant that appends the .crabs extension. RANSOM RANSOM

27.10.19

New Gold Scarab variant Alex Svirid found a new Scarab Ransomware variant that appends the .gold extension and drops a ransom note named Инструкция по расшифровке файлов.TXT. RANSOM RANSOM

27.10.19

Decrypting ransomware for good. Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. - See more at: https://thecyberwire.com/podcasts/cw-podcasts-rs-2019-10-12.html#.dpuf RANSOM RANSOM

13.10.19

HildaCrypt Ransomware Developer Releases Decryption Keys The developer behind the HildaCrypt Ransomware has decided to release the ransomware's private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free. RANSOM RANSOM

13.10.19

New HackdoorCrypt3r Ransomware MalwareHunterTeam found the HackdoorCrypt3r Ransomware that appends the .hackdoor extension and drops a ransom note named !how_to_unlock_your_file.txt. RANSOM RANSOM

13.10.19

New OnyxLocker Ransomware Alex Svirid found the OnyxLocker Ransomware that appends the .onx extension to encrypted files. RANSOM RANSOM

13.10.19

New Russian Aurora variant MalwareHunterTeam found a new Russian Aurora offline ransomware sample that appends the .veracrypt and drops ransom notes named @@_ATTENTION_@@.txt, @@_README_@@.txt, and @@_RECOVERY_@@.txt. RANSOM RANSOM

13.10.19

RobbinHood Ransomware Using Street Cred to Make Victims Pay The operators behind the RobbinHood ransomware have changed their language in the ransom note, at least in one variant of the malware, to take from victims all hope of decrypting the files for free and to make them pay for the recovery. RANSOM RANSOM

13.10.19

Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys A victim of the Muhstik Ransomware has hacked back against his attackers and released close to 3,000 decryption keys for victims along with a free decryptor to get their files back. RANSOM RANSOM

13.10.19

DCH Hospital Pays Ryuk Ransomware for Decryption Key DCH hospitals in Alabama have decided to the pay ransom for the Ryuk Ransomware in order to receive a decryptor and get their computer systems back up and running. RANSOM RANSOM

13.10.19

New Scarab and GlobeImposter 2 Ransomware variants Alex Svirid found a new Scarab and GlobeImposter2 Ransomware variant from the same actor that appends the .[sill@tuta.io] extension to encrypted files and drops a ransom note named help you.txt. RANSOM RANSOM

13.10.19

North Carolina State Bar Fights Off Spread of Ransomware Attack In a statement issued on Thursday, the organization says the attack late Monday infiltrated the network through a server and began encrypting the system, server by server. A rapid response team stopped the attack from spreading, but the system had to be restored and repaired using backup data. RANSOM RANSOM

13.10.19

Aurora decryptor updated to support .veracrypt Emsisoft has updated their Aurora decryptor to support the .veracrypt variant. RANSOM RANSOM

13.10.19

Muhstik Ransomware decryptor for Windows Emsisoft has released a Windows decryptor for the Muhstik Ransomware. RANSOM RANSOM

13.10.19

New DCRTR variant GrujaRS discovered a new variant of the DCRTR Ransomware that appends the .LOCK extension and drops a ransom note named HOW TO DECRYPT FILES.txt and HOW TO DECRYPT FILES.hta. RANSOM RANSOM

13.10.19

New Bora STOP Ransomware variant Michael Gillespie found a new variant of the STOP Ransomware that appends the .bora extension. RANSOM RANSOM

13.10.19

New Phobos Ransomware variant GrujaRS discovered a new Phobos Ransomware variant that appends the .deal extension to encrypted files. RANSOM RANSOM

13.10.19

CYBERCRIME IS BECOMING BOLDER WITH DATA AT THE CENTRE OF THE CRIME SCENE Ransomware remains the top cybercrime threat in 2019. Even though law enforcement has witnessed a decline in the overall volume of ransomware attacks, those that do take place are more targeted, more profitable and cause greater economic damage. As long as ransomware provides relatively easy income for cybercriminals and continues to cause significant damage and financial losses, it is likely to remain the top cybercrime threat. RANSOM RANSOM

13.10.19

Nemty Ransomware Decryptor Released, Recover Files for Free Victims of the Nemty Ransomware finally have something to be happy about as researchers have released a decryptor that allows them to recover files for free. RANSOM RANSOM

13.10.19

Apple Software Update Zero-Day Used by BitPaymer Ransomware Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows. RANSOM RANSOM

13.10.19

Nemty update: decryptors for Nemty 1.5 and 1.6 Last week, we published a blog post on our decryptor for the Nemty ransomware. Since we performed our analysis, two new versions of Nemty have appeared: version 1.5 and 1.6. We have analyzed both and have been working on decryptors for them. As 1.6 is the most recent version of the two, we have been focussing our efforts on this version first. We now have a working decryptor for version 1.6. Please contact Tesorion CSIRT to obtain our decryptor for free if you are a victim of Nemty 1.6. We are also finishing our decryptor for Nemty 1.5 and expect to release it soon as well. Finally, we are working with Europol to get our decryptors included in their NoMoreRansom project. RANSOM RANSOM

13.10.19

Don't trust the ransomware to tell you its real name Joe describes online redirect scams, URL encoding and the clever combination of the two. Dave shares delightful satire about Russian brides and Nigerian princes, together at last. The catch of the day involves a student getting the best of scammers, getting them to send him money. Our guest is Fabian Wosar from Emsisoft, well-known for decrypting ransomware. - See more at: https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-10-10.html#.dpuf RANSOM RANSOM

13.10.19

Muhstik Decryptor released in Python Michael Gillespie released a Muhstik Decryptor in Python for those who would find that more useful. RANSOM RANSOM

13.10.19

New Odveta Ouroboros variant can't be decrypted The makers of the of Ouroboros Ransomware released a new variant that appends the .odveta extension. This variant can no longer be decrypted for free unfortunately as they fixed a weakness in their encryption algorithm. RANSOM RANSOM

13.10.19

Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit The RIG exploit kit is now pushing a cocktail of malware that includes a new variant of the Nemty Ransomware. RANSOM RANSOM

13.10.19

New Krab Dharma Ransomware variant Jakub Kroustek discovered a new variant of the Dharma Ransomware that appends the .Krab extension to encrypted files. RANSOM RANSOM

6.10.19

New RobbinHood Sample

Joakim Kennedy found a new RobbinHood Ransomware variant that has an interesting ransom note.

RANSOM RANSOM

6.10.19

BGUU Ransomware discovered

MalwareHunterTeam found a new HiddenTear variant called BGUU that uses a great wallpaper :)

RANSOM RANSOM

6.10.19

New Sapphire Stupid Ransomware variant

MalwareHunterTeam found a new Stupid Ransomware variant called "Sapphire Ransomware" that appends the .sapphire extension and has a decryption key of "sapphire_is_a_good_color".
 

RANSOM RANSOM

6.10.19

New ABAT Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that appends the .ABAT extension and drops a ransom note named !ABAT_INFO!.rtf.

RANSOM RANSOM

6.10.19

New Mike HildaCrypt Ransomware variant

GrujaRS found a new HildaCrypt ransomware variant that appends the .mike extension to encrypted files.

RANSOM RANSOM

6.10.19

New Xoza STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .xoza extension to encrypted files.

RANSOM RANSOM

6.10.19

New Cash Dharma Ransomware variant

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .CASH extension to encrypted file names.

RANSOM RANSOM

6.10.19

Phobos now uses PowerSploit Injector

Kyle Hanslovan spotted a Phobos Ransomware variant with the .calix extension also using the PowerSploit Injector technique.

RANSOM RANSOM

6.10.19

New AepCrypt Ransomware

Amigo-A found a new ransomware name AepCrypt that appends .aep extension and drops a ransom note named #READ ME - YOUR FILES ARE LOCKED#.rtf

RANSOM RANSOM

6.10.19

Pay it or Lose it Ransomware

MalwareHunterTeam discovered a new ransomware titled "Pay it or Lose it".

RANSOM RANSOM

6.10.19

D00mEd Virus Ransomware

MalwareHunterTeam discovered a new ransomware named D00mEd Virus that appends the .D00mEd extension to encrypted files.

RANSOM RANSOM

6.10.19

Emsisoft releases free decryptor for GalactiCrypter ransomware

We just released a new free decryption tool for the GalactiCrypter ransomware strain.

RANSOM RANSOM

6.10.19

FTCode PowerShell Ransomware Resurfaces in Spam Campaign

An old PowerShell ransomware has resurfaced with a vengeance in a spam distribution aimed at Italian recipients. This ransomware is called FTCode and is completely PowerShell based, which means it can encrypt the computer without downloading any additional components.

RANSOM RANSOM

6.10.19

'Lost Files' Data Wiper Poses as a Windows Security Scanner

A Windows Security Scanner that states it encrypted your files is being distributed by spam, but whether by bug or design, it instead corrupts binary data in a victim's files. 

RANSOM RANSOM

6.10.19

Esemani  Ransomware variant

GrujaRS found a new ransomware called Esemani that does not add an extension and drops a ransom note named @_READ_TO_RECOVER_FILES_@.txt.

RANSOM RANSOM

6.10.19

New Noos STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .noos extension to encrypted files.

RANSOM RANSOM

6.10.19

Fake Browser Updates Infect Enterprises with Ransomware, Bankers

Attackers are utilizing hacked web sites that promote fake browser updates to infect targets with banking trojans. In some cases, post exploitation toolkits are later executed to encrypt the compromised network with ransomware.

RANSOM RANSOM

6.10.19

FBI Warns U.S. Organizations About High Impact Ransomware

The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued a public service announcement today regarding the increasing number of high-impact ransomware attacks against public and private U.S. organizations.

RANSOM RANSOM

6.10.19

Sodinokibi Ransomware Builds An All-Star Team of Affiliates

The Sodinokibi Ransomware (REvil) has been making news lately as they target the enterprise, MSPs, and government entities through their hand-picked team of all-star affiliates. These affiliates appear to have had a prior history with the GandCrab RaaS and use similar distribution methods.

RANSOM RANSOM

6.10.19

New Angus Ouroboros variant

GrujaRS found a new Ouroboros variant that appends the .Angus extension to encrypted files.

RANSOM RANSOM

6.10.19

State of Ransomware in the U.S.: 2019 Report for Q1 to Q3

In the first nine months of 2019, at least 621 government entities, healthcare service providers and school districts, colleges and universities were affected by ransomware. The attacks have caused massive disruption: municipal and emergency services have been interrupted, medical practices have permanently closed, ER patients have been diverted, property transactions halted, the collection of property taxes and water bills delayed, medical procedures canceled, schools closed and data lost.

RANSOM RANSOM

6.10.19

New BadDay GlobeImposter 2.0 variant

Raby found a new variant of the GlobeImposter 2.0 Ransomware that appends the .badday extension and drops a ransom note named how_to_back_files.html.

RANSOM RANSOM

6.10.19

New Kuub STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .kuub extension to encrypted files.

RANSOM RANSOM

6.10.19

U.S. and Australian Hospitals Targeted by New Ransomware Attacks

Several hospitals and health service providers from the U.S. and Australia were forced to completely close down or shut down some of their systems after being hit by ransomware attacks that affected and disrupted their IT systems.

RANSOM RANSOM

6.10.19

Dharma seen using PowerSploit injector

Kyle Hanslovan notes that the vbox Dharma Ransomware variant was seen using the same PowerSploit injector that is commonly seen in Sodinokibi/Revil MSP attacks.

RANSOM RANSOM

6.10.19

Ransomware incident to cost Danish company a whopping $95 million

Demant, one of the world's largest manufacturers of hearing aids, expects to incur losses of up to $95 million following what appears to be a ransomware infection that hit the company at the start of the month

RANSOM RANSOM

6.10.19

New QNAPCrypt Ransomware

Amigo-A found a new variant of the QNAPCrypt Ransomware that appends the .muhstik extension and drops a ransom note named README_FOR_DECRYPT.txt.

RANSOM RANSOM

6.10.19

New MegaCortex variant

MalwareHunterTeam found a new found a new MegaCortex Ransomware variant that was reverse engineered by Vitali Kremez to show that it uses the M3GA-S2= marker.

RANSOM RANSOM

6.10.19

New Bwall in-dev Ransomware

MalwareHunterTeam found an in-dev ransomware named BWall that appends the .bwall extension to encrypted files.
 

RANSOM RANSOM

6.10.19

New RansomwareWin10 found

MalwareHunterTeam found the RansomwareWin10 that appends the .RANSOMED extension and drops a ransom note named DECRYPT_INSTRUCTION_%TARGET_ID%.txt.

RANSOM RANSOM

6.10.19

New Phobos Ransomware variant
 

M. Shahpasandi found a new Phobos Ransomware variant that appends the .deal extension to encrypted files.

RANSOM RANSOM

6.10.19

Joke Ransomware called FBI-Ware

MalwareHunterTeam found a new joke ransomware called FBI-Ware.

RANSOM RANSOM

6.10.19

New GalactiCrypter Ransomware

MalwareHunterTeam found a new ransomware called GalactiCrypter.

RANSOM RANSOM

6.10.19

New Polish Ransomware

MalwareHunterTeam found a new ransomware targeting Polish users that appends the .proced extension to encrypted files.

RANSOM RANSOM

6.10.19

New Boot STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .boot extension to encrypted files.

RANSOM RANSOM
29.9.19New Vival Dharma Ransomware variant Jakub Krouste found a new Dharma Ransomware variant that appends the .VIVAL extension to encrypted files. RANSOM RANSOM
29.9.19New AES Ransomware MalwareHunterTeam found a new ransomware variant that appends the .aes extension to encrypted files and drops a ransom note named Instruction.txt. RANSOM RANSOM

29.9.19

Another Jigsaw Ransomware variant MalwareHunterTeam found another Jigsaw Ransomware variant that appends the .LOCKED_PAY RANSOM RANSOM
29.9.19New Jigsaw Ransomware variant MalwareHunterTeam found a new Jigsaw Ransomware variant that claims to be from the "Badut Clowns". RANSOM RANSOM

29.9.19

New Scarab Ransomware variant dnwls0719 found a new variant of the Scarab Ransomware that appends the .local extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT. RANSOM RANSOM
29.9.19FTCode Ransomware possibly distribute by Gootkit TG Soft found that GootKit may be distributing tht FTCode ransomware on victims machines. This is a fairly old ransomware that appends the .ftcode extension to encrypted files. RANSOM RANSOM

29.9.19

People are still paying the WannaCry ransom Vess points out that people are still paying the WannaCry ransom. Go figure. RANSOM RANSOM
29.9.19Some crappy ransomware discovered Leo found some little crappy ransomware. Not much to it then a screen. RANSOM RANSOM

29.9.19

Avest Ransomware decryptor released Emsisoft released a decryptor for the Avest Ransomware, which uses the extension .ckey().email().pack14. RANSOM RANSOM
29.9.19Why are cybercriminals disguising wipers as ransomware? There’s a new spam campaign in town. Disguised as a job application from a person named “Eva Richter”, the campaign aims to infect German-speaking users with a strain of malware known as Ordinypt. RANSOM RANSOM

29.9.19

REvil (Sodinokibi) Ransomware Targets Chinese Users with DHL Spam A new spam campaign is underway that is targeting Chinese recipients to trick them into installing the REvil (Sodinokibi) Ransomware. RANSOM RANSOM
29.9.19New Caley Phobos Ransomware variant GrujaRS found a new Phobos Ransomware variant that appends the .Caley extension to encryped files. RANSOM RANSOM

29.9.19

New Avest Ransomware discovered GrujaRS discovered the Avest Ransomware that appends the .pack14 extension and drops a ransom note named !!!Readme!!!Help!!!.txt. RANSOM RANSOM
29.9.19New Hidden Tear variant Raby found a new Hidden Tear variant that appends the .shade8 extension. Can be decrypted with the HiddenTear Decryptor. RANSOM RANSOM

29.9.19

Ransomware Decryptors Released for Yatron, WannaCryFake, & FortuneCrypt Security vendors released decryptors for three ransomware infections today that allow victims to recover their files for free. These decryptors are for the WannaCryFake, Yatron, and FortuneCrypt Ransomware infections. RANSOM RANSOM
29.9.19New Scarab Ransomware variant GrujaRS found a new variant of the Scarab Ransomware that appends the .li extension to encrypted files and drops the DECRYPT YOUR FILES.TXT ransom note. RANSOM RANSOM

29.9.19

New Kronos Zeropadypt variant Amigo-A found a new variant of the Zeropadypt Ransomware that appends the .KRONOS bextension to encrypted files. RANSOM RANSOM
29.9.19Shared Code Links Sodinokibi to GandCrab, Minus the Fun & Games Hints of a connection between the defunct GandCrab and the Sodinokibi ransomware get stronger as researchers find code-level similarities and artifacts suggesting continued operations. RANSOM RANSOM

29.9.19

New MegaCortex variant found Raby found a new variant of the MegaCortex Ransomware that appends the .m3gac0rtx extension. RANSOM RANSOM
29.9.19New Matrix Ransomware variant Michael Gillespie found a new Matrix Ransomware variant that appends the .DECP extension to encrypted files and drops a ransom note named #DECP_README#.rtf. RANSOM RANSOM

29.9.19

New Nesa STOP Djvu Ransomware variant Michael Gillespie found a new STOP Ransomware variant that appends the .nesa extension to encrypted files. RANSOM RANSOM
29.9.19New LonleyCrypt Ransomware GrujaRS found the new LonleyCrypt Ransomware that appends the .LonleyEncryptedFile extension to encrypted files. RANSOM RANSOM
29.9.19New Karl STOP Djvu Ransomware variant Michael Gillespie found a new STOP Ransomware variant that appends the .karl extension to encrypted files. RANSOM RANSOM

21.9.19

New in-development GoRansom JAMESWT found the new in-development GoRansom that appends the .gore extension and drops a ransom note named GoRansom.txt. RANSOM RANSOM

21.9.19

Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About Have you ever heard of the STOP Ransomware? Probably not, as few write about it, most researchers don't cover it, and for the most part it targets consumers through cracked software, adware bundles, and shady sites. RANSOM RANSOM

21.9.19

Ransomware attack against Ava, Mo. School District fails, prompts strengthening of network It's been happening all across the country and now it's happened here in the Ozarks. Scammers are hacking into the computer servers of school districts and cities, holding their data for ransom RANSOM RANSOM

21.9.19

The WannaCry hangover More than two years on, modified WannaCry variants still cause headaches for IT admins and security analysts RANSOM RANSOM

21.9.19

New Alco Ransomware variant onion found a new variant of the Alco ransomware that appends the .Artemis865-20 extension. RANSOM RANSOM

21.9.19

New Sherminator Ransomware discovered GrujaRS found the Sherminator Ransomware that appends the .[ID]XXXXXXXXX[ID] extension and drops a ransom note named Decoder.hta. RANSOM RANSOM

21.9.19

TFlower Ransomware - The Latest Attack Targeting Businesses The latest ransomware targeting corporate environments is called TFlower and is being installed on networks after attackers hack into exposed Remote Desktop services. RANSOM RANSOM

21.9.19

New Phobos Ransomware variant GrujaRS found a new Phobos Ransomware variant that appends the .WannaCry extension and drops a ransom note named info.hta. RANSOM RANSOM

21.9.19

New WannaCash variant Alex Svirid found a new WannaCash Ransomware variant that changes the filename to файл зашифрован (original_name).zip and drops a ransom note named как расшифровать файлы.txt. RANSOM RANSOM

21.9.19

New Phobos Ransomware variant GrujaRS found a new Phobos Ransomware variant that appends the .WannaCry extension and drops a ransom note named info.hta. RANSOM RANSOM

21.9.19

New Matrix Ransomware Variant Michael Gillespie found a new variant of the Matrix Ransomware that appends the .YDHM and drops a ransom note named !YDHM_INFO!.rtf. RANSOM RANSOM

21.9.19

New Domn STOP Ransomware variant Michael Gillespie found a new variant of the STOP Ransomware that appends the .domn extension to encrypted files. RANSOM RANSOM

21.9.19

New Kvag STOP Ransomware variant Amigo-A found a new variant of the STOP Ransomware that appends the .kvag extension to encrypted files. RANSOM RANSOM

21.9.19

Ransomware using victim's number as extension A new ransomware was discovered by Amigo-A that uses the victim's phone number as the extension. This has been going on since the middle of August. RANSOM RANSOM

21.9.19

New Ebola Dharma Ransomware variant Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .ebola extension to encrypted files. RANSOM RANSOM

21.9.19

How to Enable Ransomware Protection in Windows 10 Windows Defender includes a security feature called "Ransomware Protection" that allows you to enable various protections against ransomware infections. This feature is disabled by default in Windows 10, but with ransomware running rampant, it is important to enable this feature in order to get the most protection you can for your computer. RANSOM RANSOM

21.9.19

Irish government admits ransomware breach The Department of Communications, Climate Action and the Environment, which is responsible for protecting the state against cyber-attacks, has admitted its IT systems were breached in a ransomware attack last year. RANSOM RANSOM

21.9.19

New HildaCrypt Ransomware variant GrujaRS found a new GlobeImposter variant that appends the .HCY and drops a ransom note named HILDACRYPTReadMe.html. RANSOM RANSOM

21.9.19

Destructive Ordinypt Malware Hitting Germany in New Spam Campaign A new spam campaign is underway that pretends to be a job application from "Eva Richter" who is sending her photo and resume. This resume, though, is actually an executable masquerading as a PDF file that destroys a victim's files by installing the Ordinypt Wiper. RANSOM RANSOM
21.9.19Nemty Ransomware Update Lets It Kill Processes and Services Nemty ransomware is under active development, although its version number may not show it. Its authors are clearly making efforts to make it a more efficient and sophisticated malware and it begins wider distribution. RANSOM RANSOM

15.9.19

New RSA Dharma variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .RSA extension to encrypted files. RANSOM RANSOM
15.9.19Giant Entercom Radio Network Deals with Ransomware-Like Incident Entercom Communications, one of the largest radio station owners in the U.S. has been dealing with a cyber attack that looks very much like a ransomware incident. The issue occurred over the past weekend and affects all offices the company has across the country. RANSOM RANSOM
15.9.19New GarrantyDecrypt or Outside variant Amigo-A found a new variant of the GarrantyDecrypt or Outsider Ransomware that appends the .guarded and drops a ransom note named GUARDED-README.txt. RANSOM RANSOM
15.9.19The New Target That Enables Ransomware Hackers to Paralyze Dozens of Towns and Businesses at Once Cybercriminals are zeroing in on the managed service providers that handle computer systems for local governments and medical clinics. RANSOM RANSOM

15.9.19

New Hermes837 Ransomware spotted GrujaRS found a new ransomware that appends the .hermes837 extension and drops a ransom note named !!!READ_ME!!!.txt. RANSOM RANSOM
15.9.19Ryuk Related Malware Steals Confidential Military, Financial Files A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files. RANSOM RANSOM
15.9.19New Meds Stop Ransomware variant Amigo-A found a new variant of the STOP Ransomware that appends the .meds extension. RANSOM RANSOM
15.9.19New Barak Phobos Ransomware variant Amigo-A found a new variant of the Phobos Ransomware that appends the .barak or .Barak extension to encrypted files. RANSOM RANSOM

15.9.19

New PyLock Ransomware GrujaRS found the PyLock Ransomware that appends the .locked extension. RANSOM RANSOM
15.9.19Exploit Kits Target Windows Users with Ransomware and Trojans Over the weekend and into today, four different malvertising campaigns have been redirecting users to exploit kits that install password stealing Trojans, ransomware, and clipboard hijackers. RANSOM RANSOM
15.9.19New GlobeImposter variant GrujaRS found a new GlobeImposter variant that appends the .Erenahen extension to encrypted files. Has an updated and nice looking ransom note named How_to_open_files.html. RANSOM RANSOM
15.9.19New InfinityLock Ransomware GrujaRS found a new ransomware called InfinityLock that appends a long id as an extension. RANSOM RANSOM
15.9.19Fake PayPal Site Spreads Nemty Ransomware A web page pretending to offer an official application from PayPal is currently spreading a new variant of Nemty ransomware to unsuspecting users. RANSOM RANSOM

8.9.19

'Coordinated Ransomware Attack' in Texas Hits 23 Local Governments Texas is currently fighting an unprecedented wave of ransomware attacks that has targeted local government entities in the state, with at least 23 impacted by the attacks. RANSOM RANSOM

8.9.19

New STOP Djvu Ransomware variants Michael Gillespie spotted new STOP Djvu variants that append the .nuksus and .vesrato extension. RANSOM RANSOM
8.9.19New STOP Djvu variant Michael Gillespie spotted a new STOP Djvu variant that append the .masodas extension. RANSOM RANSOM
8.9.19STOP Decryptor updated Michael Gillespie updated his STOP Decryptor to support the offline keys for the .mtogas, .nasoh, .nacro, .pedro, .vesrato, and .masodas extension. RANSOM RANSOM
8.9.19Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks The threat actor that hit multiple Texas local governments with file-encrypting malware last week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says. RANSOM RANSOM
8.9.19New Nemty Ransomware discovered S!Ri found a new ransomware called Nemty that appends the .nemty extension and drops a ransom note named NEMTY-DECRYPT.txt. RANSOM RANSOM

8.9.19

Backups backups backups. Joe describes a primitive (but effective) phishing scheme being tracked by Bleeping Computer. Dave shares news from a Black Hat presentation on phishing stats from Google. The catch of the day is a friendly invitation from Hawaii. Our guest is Michael Gillespie from Emsisoft describing the ID Ransomware project. RANSOM RANSOM

8.9.19

New Stare STOP Djvu variant Michael Gillespie spotted a new STOP Djvu variant that appends the .stare extension. RANSOM RANSOM
8.9.19New SGuard Ransomware Michael Gillespie is looking for a new ransomware that appends the .sguard extension and drops a ransom note named SGUARD-README.TXT. RANSOM RANSOM

8.9.19

New DOM Scarab Ransomware variant M. Shahpasandi found a new Scarab Ransomware variant that appends the .dom extension to encrypted files and drops a ransom note named How to decrypt files.txt. RANSOM RANSOM

8.9.19

New GlobeImposter variant M. Shahpasandi found a new GlobeImposter2 variant that appends the .makkonahi extension to encrypted files. RANSOM RANSOM
8.9.19New Nemty Ransomware May Spread via Compromised RDP Connections A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. The researchers call it Nemty. RANSOM RANSOM
8.9.19New STOP Djvu variants Michael Gillespie spotted new STOP Djvu variants that append the .carote, .gero, or .hese extensions. RANSOM RANSOM
8.9.19New PDF Dharma variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .pdf extension. RANSOM RANSOM
8.9.19Syrk Decryptor released by Emsisoft Emsisoft released a decryptor for the Syrk Ransomware that pretended to be a Fortnite cheat. RANSOM RANSOM

8.9.19

New Scarab Bomber variant Amigo-A found a new Scarab ransomware variant that .lbiaf6c8 and drops a ransom note named КАК РАСШИФРОВАТЬ ФАЙЛЫ.TXT. RANSOM RANSOM

8.9.19

The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks Ransomware is proliferating across America, disabling computer systems of corporations, city governments, schools and police departments. This month, attackers seeking millions of dollars encrypted the files of 22 Texas municipalities. Overlooked in the ransomware spree is the role of an industry that is both fueling and benefiting from it: insurance. In recent years, cyber insurance sold by domestic and foreign companies has grown into an estimated $7 billion to $8 billion-a-year market in the U.S. alone, according to Fred Eslami, an associate director at AM Best, a credit rating agency that focuses on the insurance industry. While insurers do not release information about ransom payments, ProPublica has found that they often accommodate attackers’ demands, even when alternatives such as saved backup files may be available. RANSOM RANSOM
8.9.19Putting an end to Retadup: A malicious worm that infected hundreds of thousands Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware authors’ behalf. However, in some cases, we have also observed Retadup distributing the Stop ransomware and the Arkei password stealer. RANSOM RANSOM

8.9.19

New Geno STOP Djvu variant Michael Gillespie spotted a new STOP Djvu variant that appends the .geno extension. RANSOM RANSOM

8.9.19

Sodinokibi Ransomware Encrypts Records of Hundreds of Dental Practices A ransomware attack hit a remote data backup service and encrypted files from dental practices in the U.S. Hundreds of customers relying on the backup solution had their data locked by the Sodinokibi file-encrypting malware. RANSOM RANSOM
8.9.19New Good Ransomware Leo found a new ransomware variant that appends the .good extension to encrypted files. What makes it interesting is that this "one actually tells you that other decryption services would only act as intermediaries so you should contact them instead for a lower price (which is sadly the truth in many cases)" RANSOM RANSOM
8.9.19A Look Inside the Highly Profitable Sodinokibi Ransomware Business Relatively new on the ransomware scene, Sodinokibi has already made impressive profits for its administrators and affiliates, some victims paying as much as $240,000, while a network infection netted $150,000 on average. RANSOM RANSOM
8.9.19STOP Djvu Ransomware Decryptor will no longer be updated Michael Gillespie has announced that his STOP Djvu Ransomware decryptor will no longer be updated as the ransomware developers changed the decryption method. This prevents the decryptor from working.This last version adds the offline keys for the .nuksus, .cetori, .stare, .carote extensions. RANSOM RANSOM
8.9.19New CMD Dharma variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .cmd extension. RANSOM RANSOM

8.9.19

New HorseLiker Phobos variant Rmy discovered a new variant of the Phobos Ransomware that appends the .HorseLiker extension to encrypted files. RANSOM RANSOM

8.9.19

New HildaCrypt v1.0 Ransomware GrujaRS found a new GlobeImposter variant that appends the .HILDA and drops a ransom note named READ_IT.txt. RANSOM RANSOM
8.9.19New Apollon865 GlobeImposter variant GrujaRS found a new GlobeImposter variant that appends the .Apollon865 and drops a ransom note named HOW TO BACK YOUR FILES.exe. RANSOM RANSOM

8.9.19

Sodinokibi Ransomware Spreads via Fake Forums on Hacked Sites A distributor for the Sodinokibi Ransomware is hacking into WordPress sites and injecting JavaScript that displays a fake Q & A forum post over the content of the original site. This fake post contains an "answer" from the site's "admin" that contains a link to the ransomware installer. RANSOM RANSOM

8.9.19

New Seto STOP Djvu variant M. Shahpasandi found a new STOP Djvu variant that appends the .seto extension to encrypted files. RANSOM RANSOM
8.9.19Nemty Ransomware Gets Distribution from RIG Exploit Kit The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits. RANSOM RANSOM
8.9.19New STOP Djvu variants Michael Gillespie spotted new STOP Djvu variants that append the .shariz or .peta extensions. RANSOM RANSOM
8.9.19New MGS Dharma variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .MGS extension. RANSOM RANSOM
8.9.19New Group Dharma Ransomware variant Amigo-A found a new Dharma Ransomware variant that appends the .group extension and drops a ransom note named RETURN FILES.txt. RANSOM RANSOM

8.9.19

New Banks Phobos Ransomware variant Amigo-A found a new Phobos Ransomware variant that appends the .BANKS extension. RANSOM RANSOM

8.9.19

Is ransomware driving up the price of Bitcoin? Cybercriminals may be partially responsible for driving up the price of Bitcoin. RANSOM RANSOM
8.9.19Koko Ransomware discovered GrujaRS found a new ransomware called Koko that appends the mailto[kokoklock@cock.li].1be018 extension and drops a ransom note named 1BE018-Readme.txt. RANSOM RANSOM
8.9.19Students Rejoice: School District Closed by Ransomware Attack The summer school holiday has not ended for students in Flagstaff, Arizona, as a ransomware attack hitting the School District computers forces the decision to cancel classes for today. The schedule for tomorrow is uncertain. RANSOM RANSOM

8.9.19

Ransomware Adopts DoppelPaymer Name Given by Researchers Whether it be malware devs contacting us about our stories or commenting in our forums, we all know that the ransomware developers monitor researchers and technology sites for information about their programs. Nothing shows this better, than a ransomware that recently decided to adopt the name given to it by researchers. RANSOM RANSOM

8.9.19

Hackers Ask for $5.3 Million Ransom, Turn Down $400k, Get Nothing Hackers infecting the computer systems of the city of New Bedford, Massachusetts, with ransomware wouldn't settle for anything less that than $5.3 million to decrypt the data. The ransom was too high and they got a big fat nothing in return. RANSOM RANSOM
8.9.19New Moka STOP Djvu variant Michael Gillespie spotted a new STOP Djvu variant that appends the .moka extension. RANSOM RANSOM
8.9.19Lilocked Ransomware Actively Targeting Servers and Web Sites A relatively new ransomware named Lilocked by researchers and Lilu by the developers is actively targeting servers and encrypting the data located on them. All of the known infected servers are web sites, which is causing the encrypted files to show up in Google search results. RANSOM RANSOM
8.9.19School gets hit ransomware in July and this week Another US school hit by #Ryuk today, this one is different in that they were previously hit by Ryuk in July as well. First time I have seen them hitting the same target twice. RANSOM RANSOM
17.8.19Emsisoft's Aurora Decryptor updated Emsisoft's Aurora decryptor was updated to support the Dragon Ransomware with the locked extension. RANSOM RANSOM
17.8.19New Pedro STOP Djvu variant Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .pedro extension. RANSOM RANSOM
17.8.19New Dragon Ransomware Aurora variant Jack discovered a new variant of the Aurora ransomware that appends the .locked extension and drops a ransom note named #DECRYPT_MY_FILES#.txt. RANSOM RANSOM
17.8.19New LuckyJoe GonnaCry variant Amigo-A discovered a new GonnaCry variant called LuckyJoe that appends the .GNNCRY extension and drops a ransom note named GNNCRY_Readme. RANSOM RANSOM
17.8.19New Plague17 Dont Worry Ransomware variant Alex Svirid discovered a new Dont_Worry Ransomware variant called Plague17 that changes the file name to [16 hex digit]>.PLAGUE17-[16 hex digits] extension and drops a ransom note named PLAGUE17.txt. RANSOM RANSOM
17.8.19They Stole Your Files, You Don’t Have to Pay the Ransom Lack of public awareness may be one reason that victims of ransomware in the United States are often willing to pay their attackers in order to regain control of their files and computer systems. In June alone, two cities in Florida — Riviera Beach and Lake City — agreed to make Bitcoin ransom payments worth roughly $600,000 and $460,000, respectively. In both cities, most of the payments will be covered by their insurers. RANSOM RANSOM
17.8.19New Nacro STOP Djvu variant Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nacro extension. RANSOM RANSOM
17.8.19New Coharos Stop DJvu variant M. Shahpasandi found a new STOP Djvu variant that appends the .coharos extension to encrypted files. RANSOM RANSOM
17.8.19Interview With Fabian Wosar – Emsisoft Safety Detective’s Aviva Zacks learned all about how a young child, fascinated by computer viruses, became a cybersecurity superstar. Read our interview with Fabian Wosar, Emsisoft’s CTO. RANSOM RANSOM
17.8.19New Nasoh STOP Djvu variant Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nasoh extension. RANSOM RANSOM
17.8.19STOP Decryptor updated Michael Gillespie updated the STOP Decryptor to support the offline keys for the .cosakos, .nvetud, .kovasoh, .brusaf, .londec, and .krusop extension. RANSOM RANSOM
17.8.19New Krusop and Mtogas STOP Djvu variants Michael Gillespie found new STOP Djvu Ransomware variants that append the .krusop or .mtogas extensions. RANSOM RANSOM
17.8.19New Relock Ransomware variant Amigo-A found a new variant of the Relock Ransomware that drops ransom notes named FIX_Instructions.txt and FIX_Instructions.hta. RANSOM RANSOM
17.8.19New Cry36/Nemesis variant M. Shahpasandi found a new Cry36/Nemesis variant that appends the .id_*********_.WECANHELP extension and drops a ransom note named _RESTORE FILES_.txt. RANSOM RANSOM
17.8.19Canon DSLR Camera Infected with Ransomware Over the Air Vulnerabilities in the image transfer protocol used in digital cameras enabled a security researcher to infect with ransomware a Canon EOS 80D DSLR over a rogue WiFi connection. RANSOM RANSOM
10.8.19New SkidPatrol Ransomware MalwareHunterTeam found a new ransomware called SkidPatrol. RANSOM RANSOM
10.8.19New Londec STOP DJvu variant Michael Gillespie found a new STOP DJvu variant that appends the .londec extension to encrypted file names. RANSOM RANSOM
10.8.19How Reverse Engineering (and Cyber-Criminals’ Mistakes) Can Help You When You’ve Been a Ransomware Victim Luckily for us, ransomware developers are not always as professional as they wish and sometimes, they make mistakes that allow us to recover the kidnapped files without having to pay the ransom. That’s exactly what happened with a ransomware called Whiterose. RANSOM RANSOM
10.8.19Emsisoft Decryptor for JSWorm 4.0 JSWorm 4.0 is a ransomware written in C++ that uses a modified version of AES-256 to encrypt files, and adds the extension ".[ID-][].JSWRM to files. RANSOM RANSOM
10.8.19US Accounts for More than Half of World's Ransomware Attacks The threat of ransomware is more prevalent in the U.S., with more than half of the global detections originating from this country, a new report informs RANSOM RANSOM
10.8.19New Help Phobos Ransomware variant Raby found a new variant of the Phobos Ransomware that appends the .help extension to encrypted file names. RANSOM RANSOM
10.8.19New MegaCortex variant Vitali Kremez found a new variant of the MegaCortex Ransomware that users the MEGA-G6= marker. RANSOM RANSOM
10.8.19Arsium Ransomware Builder released Jan discovered the new Arsium Ransomware Builder being prompted on malware forums. RANSOM RANSOM
10.8.19STOP Djvu Decryptor updated Michael Gillespie updated his STOP Djvu decryptor to support the offline keys for the .nelasod, .mogranos, .lotej, .prandel, .zatrov, .masok extensions. RANSOM RANSOM
10.8.19New Brusaf STOP DJvu variant Michael Gillespie found a new STOP DJvu variant that appends the .brusaf extension to encrypted file names. RANSOM RANSOM
10.8.19New Lord Exploit Kit Pushes njRAT and ERIS Ransomware A new kit for web-based attacks calling itself Lord EK has been spotted at the beginning of the month as part of a malvertising chain that uses the PopCash ad network. RANSOM RANSOM
10.8.19New STOP DJvu variants Michael Gillespie found two new STOP DJvu variants that append the .zatrov or .prandel extensions to encrypted file names. RANSOM RANSOM
10.8.19SODINOKIBI: THE CROWN PRINCE OF RANSOMWARE In April of 2019, the Cybereason Nocturnus team encountered and analyzed a new type of ransomware dubbed Sodinokibi. Sobinokibi is highly evasive, and takes many measures to prevent its detection by antivirus and other means. RANSOM RANSOM
10.8.19New version of MegaCortex targets business disruption iDefense engineers have identified and analyzed a recently updated version of the dangerous ransomware MegaCortex, which is known to have previously caused costly incidents across various industries in Europe and North America. RANSOM RANSOM
10.8.19New Paradise Team Ransomware Alex Svirid found a new ransomware called Paradise Team and appending the .junior extension to encrypted files. RANSOM RANSOM
10.8.19ECh0raix Ransomware Decryptor Restores QNAP Files For Free A decryptor for the eCh0raix Ransomware, or QNAPCrypt, has been released that allows victims to recover encrypted files on their QNAP NAS devices. RANSOM RANSOM
10.8.19GermanWiper Ransomware Erases Data, Still Asks for Ransom Multiple German companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware targeted them and asked for a ransom. This wiper is being named GermanWiper due to its targeting of German victims and it being a destructive wiper rather than a ransomware. RANSOM RANSOM
10.8.19New Q1G Dharma variant Jakub Kroustek found a new variant of the Dharma ransomware that appends the .Q1G extension to encrypted file names. RANSOM RANSOM
4.8.19New MegaCortex variant Vitali Kremez found a new variant of the MegaCortex ransomware that uses MEGA-F8= file marker. RANSOM RANSOM
4.8.19New Lotej and Kovasoh STOP Djvu variants Michael Gillespie found new variants of the STOP DJvu ransomware that append the .lotej or .kovasoh extensions to encrypted files. RANSOM RANSOM
4.8.19Ransom Note Replaces 2.1M Customer Records on Open MongoDB Hackers on the prowl for unsecured databases found a publicly accessible MongoDB instance and replaced the almost 1.2 million sensitive records it stored with a ransom note. RANSOM RANSOM
4.8.19New Syrk Ransomware Leo found the new Syrk Ransomware that appears to be in development. RANSOM RANSOM
4.8.19New Nvetud and Cosakos STOP Djvu variants Michael Gillespie found new variants of the STOP DJvu ransomware that append the .nvetud or .cosakos extensions to encrypted files. RANSOM RANSOM
4.8.19Article on the Clop CryptoMix Ransomware variant This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There are some variants of the Clop ransomware but in this report, we will focus on the main version and highlight part of those variations. The main goal of Clop is to encrypt all files in an enterprise and request a payment to receive a decryptor to decrypt all the affected files. To achieve this, we observed some new techniques being used by the author that we have not seen before. Clearly over the last few months we have seen more innovative techniques appearing in ransomware. RANSOM RANSOM
4.8.19Updated STOP Decryptor Michael Gillespie updated the STOP Djvu decrypt the offline keys for the .ndarod, .access, and .format extensions. RANSOM RANSOM
4.8.19New Mogranos STOP Djvu variant Michael Gillespie found a new variant of the STOP DJvu ransomware that appends the .mogranos extension to encrypted files. RANSOM RANSOM
4.8.19Aurora Decryptor updated Emsisoft updated the Aurora decryptor to support the .infected extension. RANSOM RANSOM
4.8.19Tflower Ransomware discovered GrujaRS found a new ransomware called TFlower that does not append an extension and uses a targeted ransom note. RANSOM RANSOM
4.8.19New Scarab Ransomware variant Amigo-A discovered a new Scarab Ransomware variant that appends the .rsalive extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT. RANSOM RANSOM
4.8.19US Govt, NGOs Ask Cyber Community to Boost Ransomware Defenses A joint statement published by the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) urges government partners and the cyber community to reinforce their ransomware defenses. RANSOM RANSOM
4.8.19Some Govt web sites hit with ransomware Germán Fernández noticed that at one point some government web sites got hit with the Dharma and Phobos ransomware infections. RANSOM RANSOM
4.8.19New Access and Format STOP Djvu variants Michael Gillespie found new variants of the STOP Djvu ransomware that append the .access and .format extensions to encrypted files. RANSOM RANSOM
4.8.19Ransomware infection takes some police car laptops offline in Georgia A ransomware infection at the Georgia Department of Public Safety (DPS) has crippled laptops installed in police cars across the state. RANSOM RANSOM
4.8.19The price of being a ransomware hero: Chips with Everything podcast The Guardian interviews Fabian Wosar about ransomware. RANSOM RANSOM
4.8.19Attackers Are Wiping Iomega NAS Devices, Leaving Ransom Notes Attackers are deleting files on publicly accessible Lenovo Iomega NAS devices and leaving ransom notes behind. These ransom notes state that the attackers will give the files back if a bitcoin ransom is paid. RANSOM RANSOM
4.8.19New Android Ransomware Uses SMS Spam to Infect Its Victims A new ransomware family targeting Android devices spreads to other victims by sending text messages containing malicious links to the entire contact list found on already infected targets. RANSOM RANSOM
4.8.19New MegaCortex variant discovered Vitali Kremez found a new variant of the MegaCortex ransomware that uses MEGA-F3= file marker. RANSOM RANSOM
4.8.19New EXE Xorist variant Amigo-A found a new Xorist variant that appends the .exe extension and drops a ransom note named HOW-TO-DECRYPT-FILES.HTM. RANSOM RANSOM
4.8.19New Nqix Dharma Ransomware variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .nqix extension. RANSOM RANSOM
4.8.19Clop CryptoMix variant is back MalwareHunterTeam noted that the Clop CryptoMix Ransomware variant is back from an extended absence. RANSOM RANSOM
28.7.19New Scarab Ransomware variant Amigo-A found a new Scarab Ransomware variant that appends the .btchelp@xmpp.jp extension to encrypted files and drops a ransom note named HOW TO RECOVER - btchelp@xmpp.jp ENCRYPTED FILES.TXT. RANSOM RANSOM
28.7.19New Ndarod STOP Ransomware variant Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .ndarod extension to encrypted files. RANSOM RANSOM
28.7.19No More Ransom Success Story: Saves $108+ Million in Ransomware Payments Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and researchers, the project has been able to help hundreds of thousands, if not millions, of victims get their encrypted files back for free. Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and researchers, the project has been able to help hundreds of thousands, if not millions, of victims get their encrypted files back for free. RANSOM RANSOM
28.7.19Ransomware attacks four Louisville healthcare clinics Four Louisville healthcare centers are infected with ransomware, according to Park DuValle Community Health Center CEO Ann Hagan-Grigsby. This is the second attack so far this year. The CEO said they contacted the FBI shortly after learning of the infected servers. RANSOM RANSOM
28.7.19New Acuf2 Dharma Ransomware variant Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .Acuf2 extension. RANSOM RANSOM
28.7.19STOP DJvu Ransomware decryptor updated Michael Gillespie updated his STOP Decryptor to support the offline keys for the .lapoi, .todar, .dodoc, .bopador, and .novasof extensions. RANSOM RANSOM
28.7.19New Ntuseg STOP Ransomware variant Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .ntuseg extension to encrypted files. RANSOM RANSOM
28.7.19New Banjo Phobos Ransomware variant Michael Gillespie found a new Phobos Ransomware variant that appends the .banjo extension. RANSOM RANSOM
28.7.19Ransomware Attack Cripples Power Company’s Entire Network A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications. RANSOM RANSOM
28.7.19Ransomware Attacks Prompt Louisiana to Declare State of Emergency Louisiana Governor John Edwards has declared a state of emergency after a wave of ransomware attacks targeted school districts this month. This Emergency Declaration will allow Louisiana state resources and cybersecurity experts to assist local governments in securing their networks. RANSOM RANSOM
28.7.19New Haven Public Schools hit by ransomware attack The New Haven Public School district recently was hit by a ransomware attack, an official confirmed Wednesday. RANSOM RANSOM
28.7.19DecryptIomega Ransomware discovered Amigo-A found a new ransomware called DecryptIomega that is target Lenovo Iomega NAS drives. The files are hidden, or removed, so it is not know if anything is encrypted, but it does drop a ransom note named YOUR FILES ARE SAFE!!!.txt. RANSOM RANSOM
28.7.19A deep dive into Phobos ransomware Phobos ransomware appeared at the beginning of 2019. It has been noted that this new strain of ransomware is strongly based on the previously known family: Dharma (a.k.a. CrySis), and probably distributed by the same group as Dharma. RANSOM RANSOM
28.7.19NinjaRMM Partner Used To Seed Ransomware NinjaRMM said its tool was used to spread ransomware across “multiple endpoints” within the last 36 hours, and it is encouraging partners to enable two-factor authentication, which it said could have stopped the attack, according to an email it sent to partners today. RANSOM RANSOM
28.7.19New STOP Ransomware variants Michael Gillespie found new STOP Djvu Ransomware variants that append the .novasof or .bopador extensions to encrypted files. RANSOM RANSOM
28.7.19Ransomware: Most Popular Malware in Underground Forums Through the analysis of over 3.9 million posts on underground hacker and malware forums, a new report illustrates the most common malware and threats being discussed. RANSOM RANSOM
28.7.19Sodinokibi Ransomware Distributed by Hackers Posing as German BSI BSI, the German national cybersecurity authority, has issued a warning regarding a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages. RANSOM RANSOM
28.7.19Vigo County works to assess extent of malware attack Vigo County officials are working today to determine what kind of attack was made on the county's computer system. RANSOM RANSOM
28.7.19New ransomware taunting Emsisoft A new ransomware was discovered by Petrovic that appears to be taunting Emsisoft by using the extensions .xuy and ..emsisosisoft. RANSOM RANSOM
28.7.19New com2 Dharma Ransomware variant Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .com2 extension. RANSOM RANSOM
28.7.19New Dodoc STOP Ransomware variant Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .dodoc extension to encrypted files. RANSOM RANSOM
28.7.19Technical analysis of Ryuk ransomware that targets the large organizations Ryuk ransomware, a modified version of Hermes, is used by Grim Spider a cyber-criminal group, it made its first appearance in August 2018. RANSOM RANSOM
28.7.19New Maoloa Ransomware variant GrujaRS found a new Maoloa Ransomware variant that appends the .Hades666 extension and drops a ransom note named HOW TO BACK YOUR FILES.txt. RANSOM RANSOM
28.7.19New STOP Ransomware variants Michael Gillespie found new STOP Djvu Ransomware variants that append the .lapoi or .todar extension to encrypted files. RANSOM RANSOM
28.7.19LooCipher Ransomware Decryptor Gets Your Files Back for Free A decryptor for the LooCipher Ransomware has been released by Emsisoft that allows victims to decrypt their files for free. If you were infected with LooCipher, do not pay the ransom and instead follow the instructions below. RANSOM RANSOM
28.7.19New Lucky Joe Ransomware Germán Fernández found a new ransomware called Lucky Joe that appears to be a GonnaCry variant. According to pollo290987, this variant drops a ransom note named GNNCRY_Readme.txt. RANSOM RANSOM
28.7.19New RotorCrypt Ransomware Michael Gillespie found a new RotorCrypt Ransomware !-information-...___ingibitor366@cumallover.me___....RT4BLOCK and drops a ransom note named NEWS_INGiBiToR.txt. RANSOM RANSOM
28.7.19STOP DJvu Ransomware decryptor updated Michael Gillespie updated his STOP Decryptor to support the offline keys for the .gusau, .madek, and .tocue extensions. RANSOM RANSOM
28.7.19New Daris STOP Ransomware variant Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .daris extension to encrypted files. RANSOM RANSOM
28.7.19New Tocue STOP Ransomware variant Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .tocue extension to encrypted files. RANSOM RANSOM
28.7.19Haka Ransomware found Michael Gillespie is looking for a ransomware that appends the extension .haka and drops a ransom note named !!!READ_ME_FIRST!!!.txt. RANSOM RANSOM
28.7.19LilLocked Ransomware found Michael Gillespie is looking for a ransomware that appends the extension .lilocked and drops a ransom note named #README.lilocked. RANSOM RANSOM
28.7.19New Scarab Ransomware variant Alex Svirid found a new Scarab Ransomware variant that appends the {Help557@cock.li}.exe extension to encrypted file names. RANSOM RANSOM
21.7.19Emsisoft releases imS00rry decryptor Emsisoft released a decryptor for imS00rry Ransomware. RANSOM RANSOM
21.7.19SkyStars Ransomware discovered Petrovic‏ found a new ransomware called SkyStars. RANSOM RANSOM
21.7.19New Matrix Ransomware variant Amigo-A found a new Matrix Ransomware variant that appends the .[Kromber@tutanota.com] extension and drops a ransom note named #_#ReadMe#_#.rtf. RANSOM RANSOM
21.7.19La Porte County Pays $130,000 Ransom To Ryuk Ransomware Another public administration in the U.S. surrenders cybercriminal demands as La Porte County, Indiana, pays $130,000 to recover data on computer systems impacted by ransomware. RANSOM RANSOM
21.7.19New 1BTC Dharma variant Jakub Kroustek found a new Dharma Ransomware variant that appends the .1BTC extension to encrypted files. RANSOM RANSOM
21.7.19New DoppelPaymer Ransomware Emerges from BitPaymer's Code Malware researchers have discovered a new file-encrypting malware they dubbed DoppelPaymer that has been making victims since at least mid-June, asking hundreds of thousands of US dollars in ransom. RANSOM RANSOM
21.7.19Ryuk, Sodinokibi Ransomware Responsible for Higher Average Ransoms The average payment demand following a ransomware attack has almost doubled in the second quarter of the year and victims have Ryuk and Sodinokibi to blame. RANSOM RANSOM
21.7.19FBI Releases Master Decryption Keys for GandCrab Ransomware In an FBI Flash Alert, the FBI has released the master decryption keys for the Gandcrab Ransomware versions 4, 5, 5.0.4, 5.1, and 5.2. Using these keys, any individual or organization can create and release their very own GandCrab decryptor. RANSOM RANSOM
21.7.19New Budak and Herad STOP DJvu variants Michael Gillespie found a new variants of the STOP DJvu Ransomware that append the .budak or .herad extension to encrypted files. RANSOM RANSOM
21.7.19New Nemesis Ransomware variant M. Shahpasandi found a new variant of the Cry36/Nemesis Ransomware that appends the .id_**********_.YOUR_LAST_CHANCE extension to encrypted file names. RANSOM RANSOM
21.7.19Onondaga Libraries hit by ransomware attack, locations open but some services affected Libraries across Onondaga County continue to deal with service issues caused by a cyber attack discovered last Friday. RANSOM RANSOM
21.7.19Lessons learned from ransomware authors’ crypto mistakes Some ransomware authors get the cryptography right, but make web security mistakes that leave their command and control (C2) infrastructure vulnerable to attacks. RANSOM RANSOM
21.7.19New Berosuce STOP DJvu variant Michael Gillespie found a new variant of the STOP DJvu Ransomware that appends the .berosuce extension to encrypted files. RANSOM RANSOM
21.7.19STOP Decryptor updated Michael Gillespie updated his STOP DJvu Ransomware decryptor to support the offline keys for the .godes, .budak, .heran, and .berosuce extensions. RANSOM RANSOM
21.7.19Sodinokibi Spam campaign attacking Germany Karsten Hahn reported that a spam wave targeting Germany was distributing the Sodinokibi Ransomware. RANSOM RANSOM
21.7.19Radio station WMNF victim of ransomware cyberattack Tampa-based community radio station WMNF 88.5-FM is stepping up cybersecurity after its computer systems were hobbled by ransom-seeking hackers last month. RANSOM RANSOM
21.7.19New Phobos Ransomware variant GrujaRS found a new variant of the Phobos ransomware that appends the .id[XXXXXX-2224].[zoye1596@msgden.net].actor extension and drops a ransom note named info.txt. RANSOM RANSOM
21.7.19New Ouroboros Ransomware GrujaRS found a new variant of the Ouroboros Ransomware that appends the .[id=xxxxxxx][mail=BackFileHelp@protonmail.com].limbo extension and drops a ransom note named Read-Me-Now.txt. RANSOM RANSOM
21.7.19Avast Releases a GandCrab Decryptor Avast Software has released their own decryptor for the GandCrab Ransomware. RANSOM RANSOM
21.7.19New Gusau STOP DJvu variants Michael Gillespie found new variants of the STOP DJvu Ransomware that appends the .gusau, .vusad, .madek, or .gehad extensions to encrypted files. RANSOM RANSOM
21.7.19STOP Decryptor updated Michael Gillespie updated his STOP DJvu Ransomware decryptor to support the offline keys for the .gehad extensions. RANSOM RANSOM
21.7.19Ransomware attack impacting Collierville, officials say City officials said the attack disrupted the town’s information technology systems. They first received reports of the disruption Thursday morning and have determined it is the Ryuk ransomware virus. RANSOM RANSOM
21.7.19Elusive MegaCortex Ransomware Found - Here is What We Know A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer. RANSOM RANSOM
21.7.19Ransomware Attacks Grow Rampant, Paying Still Not a Good Option A flurry of ransomware attacks has been reported this week affecting entities in US states of Georgia, New York, Tennessee, and Florida. RANSOM RANSOM
21.7.19iNSYNQ Cloud Hosting Provider Hit by Ransomware Attack Cloud computing provider iNSYNQ experienced a ransomware attack which forced the company to shut down some of its servers to contain the malware infection from spreading and affecting more customer data. RANSOM RANSOM
21.7.19Lawrenceville police latest victims of cyberattack Lawrenceville police confirmed the FBI and private security experts have been called in to help with the cyberattack that has hijacked the department’s body camera file footage and other department files. It is also the same ransomware that attacked Henry County police, sources say. RANSOM RANSOM
21.7.19New Maoloa Ransomware variant GrujaRS found a new variant of the Maoloa Ransomware that appends .Persephone666 extension to encrypted files. RANSOM RANSOM

14.7.19

Monroe College Hit With Ransomware, $2 Million Demanded

A ransomware attack at New York City's Monroe College has shutdown the college's computer systems at campuses located in Manhattan, New Rochelle and St. Lucia. Attackers are demanding $2 million ransom to restore their files.

RANSOM RANSOM

14.7.19

Northwest Indian College Hit with Ransomware

This week, the Northwest Indian College (NWIC) has been facing a cyberattack identified as the Ryuk ransomware virus. The outbreak has corrupted many internal files on our systems, including backups and legacy data.

RANSOM RANSOM

14.7.19

New Bulba Ransomware

GrujaRS found a new ransomware called Bulba that appends the .Pox extension and drops a ransom note named HOW TO DECRYPT FILES.txt.

RANSOM RANSOM

14.7.19

New Godes STOP Djvu variant

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .godes extension.

RANSOM RANSOM

14.7.19

STOP Decryptor updated

Michael Gillespie updated his STOP DJvu decryptor to support the offline keys for the .cezor and .lokas extensions. Mayors pass resolution against paying ransomware ransoms.The U.S. Conference of Mayors has passed a resolution calling on city leaders not to pay ransoms to their cyberattackers in the event ransomware attacks.

RANSOM RANSOM

14.7.19

New HTML Dharma variant

Amigo-A has discovered a new Dharma ransomware variant that appends the .HTML extension to encrypted files and drops a ransom note named HOW_TO_DECRYPT.txt/

RANSOM RANSOM

14.7.19

Westchester Library System Attacked By Ransomware Virus

A ransomware virus attack on the Westchester Library System is being investigated, an IT official said on Wednesday, July 10.

RANSOM RANSOM

14.7.19

New Nemesis Ransomware variant

GrujaRS found a new Nemesis Ransomware variant that appends the YOUR_LAST_CHANCE extension to encrypted files and drops a ransom note named _RESTORE FILES_.txt.

RANSOM RANSOM

14.7.19

Rodentia Ransomware discovered

MalwareHunterTeam found a new Jigsaw Ransomware variant called Rodentia Ransomware that does not encrypt anything.

RANSOM RANSOM

14.7.19

Wanna Dead Ransomware discovered

MalwareHunterTeam found a new ransomware called Wanna Dead that is based off of HiddenTear and does not encrypt anything.

RANSOM RANSOM

14.7.19

New .BKP Dharma variant

Michael Gillespie found a new Dharma ransomware variant that appends the .BKP extension.

RANSOM RANSOM

14.7.19

How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers

More eCh0raix news by Intezer who call this ransomware QNAPCrypt.
We at Intezer have detected and temporarily DoS’d the operation of a ransomware targeting Linux-based file storage systems (NAS servers).

RANSOM RANSOM

14.7.19

New eCh0raix Ransomware Brute-Forces QNAP NAS Devices

A new ransomware strain written in Go and dubbed eCh0raix by the Anomali Threat Research Team is being used in the wild to infect and encrypt documents on consumer and enterprise QNAP Network Attached Storage (NAS) devices used for backups and file storage.

RANSOM RANSOM

14.7.19

Crown Ransomware discovered

Petrovic discovered a new ransomware called Crown that appends the .CROWN extension to encrypted files.

RANSOM RANSOM

14.7.19

Qihoo 360 releases a GandCrab v5.2 decryption tool

Previously, 360 Total Security intercepted all aspects of the attack and fully supported the powerful killing of the entire series of GandCrab ransomware. Nowadays, 360 Total Security launch the decryption tool for GandCrab v5.2, which means that 360 Total Security have supported GandCrab ransomware 4.0/5.0/5.0.2/5.0.3/ 5.0.4/5.1/5.2 full range of decryption, users who have been infected can successfully decrypt the file without paying for the ransom!

RANSOM RANSOM

14.7.19

Ransomware REvil - Sodinokibi: Technical analysis and Threat Intelligence Report

The authors of Sodinokibi ransomware, even if they are the first versions of their creation, seem to have a long experience in this threats of cyber-crime.
Some researchers have identified the similarities with GandCrab ransomware, whose project was shut down in beginning June. It seems that Sodinokibi ransomware is the right candidate to fill the hole left behind GandCrab.

RANSOM RANSOM

14.7.19

Rig Exploit Kit Pushing Eris Ransomware in Drive-by Downloads

The RIG exploit kit has been spotted distributing the new ERIS Ransomware as its payload. Using the RIG exploit kit, vulnerable victims will find that the ransomware is installed on their computer without their knowledge simply by visiting a web site.

RANSOM RANSOM

14.7.19

Who’s Behind the GandCrab Ransomware?

The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.

RANSOM RANSOM

14.7.19

Custom exploit kit pushing the ERIS Ransomware

Jérôme Segura found a custom exploit called Azera pushing the ERIS Ransomware.

RANSOM RANSOM

14.7.19

New .lokas STOP Djvu variant

Michael Gillespie found a new STOP Djvu variant that appends the .lokas extension to encrypted files.

RANSOM RANSOM

14.7.19

New GarrantyDecrypt variant

Michael Gillespie found a new GarrantyDecrypt Ransomware variant that appends the .popoticus extension.

RANSOM RANSOM

14.7.19

New .kick Dharma variant

Michael Gillespie found a new Dharma ransomware variant that appends the .kick extension.

RANSOM RANSOM

14.7.19

New .save Dharma variant

Jakub Kroustek found new a Dharma variant that append the .save extension.

RANSOM RANSOM

14.7.19

New .php and .dqb Dharma variants

Jakub Kroustek found new Dharma variants that append the .php and.dqb extensions.

RANSOM RANSOM

14.7.19

A City Paid a Hefty Ransom to Hackers. But Its Pains Are Far From Over.

More than 100 years’ worth of municipal records, from ordinances to meeting minutes to resolutions and City Council agendas, have been locked in cyberspace for nearly a month, hijacked by unidentified hackers who encrypted the city’s computer system sand demanded more than $460,000 in ransom.

RANSOM RANSOM

14.7.19

New Basilisque Locker discovered

Amigo-A found a new ransomware called Basilisque Locker that appends the .basilisque@protonmail_com extension and drops a ransom note named HOW_TO_DECRYPT.txt.

RANSOM RANSOM

14.7.19

New .crash Dharma variant

Michael Gillespie found a new Dharma ransomware variant that appends the .crash extension.

RANSOM RANSOM

6.7.19

Eurofins Scientific: Forensic services firm paid ransom after cyber-attack

The UK's biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.

RANSOM RANSOM

6.7.19

New Cezar STOP Ransomware variant

Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .cezar extension to encrypted files.

RANSOM RANSOM

6.7.19

New DRCTR Ransomware variant

Amigo-A has disovered a new DRCTR variant that appends the .CAGO extension and drops the ransom notes named DECRYPT_INFO.txt and DECRYPT_INFO.hta.

RANSOM RANSOM

6.7.19

STOP DJvu Decryptor Updated

Michael Gillespie's STOP DJvu decryptor has been updated to include the offline keys for the .nusar, .litar, and .besub extensions.

RANSOM RANSOM

6.7.19

Sodinokibi Ransomware Exploits Windows Bug to Elevate Privileges

The Sodinokibi ransomware is looking to increase its privileges on a victim machine by exploiting a vulnerability in the Win32k component present on Windows 7 through 10 and Server editions.

RANSOM RANSOM

6.7.19

VirusEncoder Discovered

GrujaRS discovered a ransomware called VirusEncoder that appends the .boooam@cock_li extension and drops a ransom note named HOW_TO_DECRYPT_FILES.html.

RANSOM RANSOM

6.7.19

SEON Ransomware 0.2 spotted

Petrovic found the 0.2 version of the SEON Ransomware.

RANSOM RANSOM

6.7.19

Don't pay ransom payments for Cryakl CS1.6

Alex Svirid explains: "If you were hit by Cryakl CS1.6 ransomware (3nity@tuta.io) before July 3 2019, this one is for you: As far as we know authorities have taken control of crook's server, that keeps private keys. Attention - attacker didn't backup any data, so you shouldn't pay him."

RANSOM RANSOM

6.7.19

Crypto Locker Ransomware

Petrovic found a new ransomware that calls itself Crypto Locker and appends the .isolated extension to encrypted files.

RANSOM RANSOM

6.7.19

CXK NMSL Ransomware

Petrovic found a new ransomware called CXK NMSL that is a batch file. It appends the .cxk_nmsl extension to encrypted files.

RANSOM RANSOM

6.7.19

Georgia court system hit by ransomware attack

At least a portion of the digital information systems for Georgia’s court system has been taken offline by a ransomware attack after a note was found requesting contact, officials confirmed Monday.

RANSOM RANSOM

6.7.19

New Phobos Ransomware variant

Michael Gillespie found a new Phobos Ransomware variant that appends the .1500dollars extension to encrypted files.

RANSOM RANSOM

6.7.19

Cryakl Changes its extension scheme

Michael Gillespie explains "Looks like Cryakl Ransomware has a new extension ".cs16" - e.g. "email-3nity@tuta.io.ver-CS 1.6.id-.fname-NEWS.RTF.cs16""

RANSOM RANSOM

6.7.19

New Litar STOP Ransomware variant

Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .litar extension to encrypted files.

RANSOM RANSOM

6.7.19

New Scarab Ransomware variant

Amigo-A found a new Scarab ransomware variant that appends the .alilibat extension and drops a ransom note named DECRYPT.TXT.

RANSOM RANSOM

6.7.19

Wav_list Ransomware hunt

Michael Gillespie is looking for a new ransomware that appends the .wav_list extension and drops a ransom note named HOW TO DECRYPT[].txt.

RANSOM RANSOM

6.7.19

“We need to up our game”—DHS cybersecurity director on Iran and ransomware

Talking with Ars, Christopher Krebs shares the to-do list: Iran, ransomware—and elections.

RANSOM RANSOM

6.7.19

Freezing PowerShell Ransomware

Petrovic found a new ransomware written in PowerShell that appends the .Freezing extension.

RANSOM RANSOM

6.7.19

New Go Ransomware spreads via EternalBlue

A Shadow found a ransomware written in Go that uses the Pyexe tool to spread via EternalBlue. This ransomware appends the .locked extension.

RANSOM RANSOM

6.7.19

STOP DJvu Decryptor Updated

Michael Gillespie's STOP DJvu decryptor has been updated to include the offline keys for the .truke, .dalle, and .lotep extensions.

RANSOM RANSOM

6.7.19

Peekaboo Ransomware decryptor released

Emsisoft released a decryptor for the Peekaboo Ransomware.

RANSOM RANSOM

6.7.19

New Nusar STOP Ransomware variant

Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .nusar extension to encrypted files.

RANSOM RANSOM

6.7.19

Hacked Ad Server Pushes SEON Ransomware, Trojans Via Malvertising

The ad server for a very popular video converter site was hacked to display malvertising that loads the GreenFlash Sundown exploit kit. This exploit kit would then drop the SEON Ransomware, Pony information stealing Trojan, and miners on a vulnerable computer.

RANSOM RANSOM

6.7.19

New PZDC Ransomware variant

Amigo-A found a new PZDC Ransomware variant that appends the ,pzdc extension and drops a ransom note named 1_VIRUS_SHIFROVALSHIK.txt.

RANSOM RANSOM

6.7.19

Popotic Ransomware hunt

Michael Gillespie is looking for a new ransomware that appends the .popotic extension and drops a ransom note named HOW-TO-RESTORE-FILES.txt.

RANSOM RANSOM

6.7.19

Attackers Earn Over $1 Million in Florida Ransomware Attacks

Hackers launching ransomware attacks against municipalities in Florida locked earnings in excess of $1 million this month as administrators of two cities found no other way to recover files on affected systems.

RANSOM RANSOM

6.7.19

Ransomware strain Troldesh spikes again – Avast tracks new attacks

This week the ransomware known as Troldesh, which made headlines early this year, spiked again in Russia, Mexico, and the U.S.

RANSOM RANSOM

6.7.19

Craftul Ransomware hunt

Michael Gillespie is looking for a new ransomware that appends the .craftul extension and drops a ransom note named FilesInfo.txt.

RANSOM RANSOM

6.7.19

Peekaboo Ransomware hunt

Michael Gillespie is looking for a new ransomware that appends the .peekaboo extension and drops a ransom note named @@_TAKE_A_LOOK_@@.txt.

RANSOM RANSOM

6.7.19

New Zeropadypt Ransomware variant

Amigo-A found a new variant of the Zeropadypt Ransomware that appends the .limbo extension and drops a note named Read-Me-Now.txt.

RANSOM RANSOM

6.7.19

New XXXX Dharma Ransomware variant

Jakub Kroustek discovered a new Dharma Ransomware variant that appends the .xxxx extension to encrypted files.

RANSOM RANSOM

6.7.19

New Lotep STOP Ransomware variant

Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .lotep extension to encrypted files.

RANSOM RANSOM

6.7.19

Troll Ransomware Hunt

Michael Gillespie is looking for a new rnasomware that appends the .TROLL extension and drops a ransom note named HOW TO BACK YOUR FILES.txt.

RANSOM RANSOM

6.7.19

Sting Catches Another Ransomware Firm — Red Mosquito — Negotiating With “Hackers”

We recently wrote about two U.S. firms that promised high-tech ransomware solutions but instead paid the cyber-attacker. A U.K. company appears to do the same.

RANSOM RANSOM

6.7.19

Walan Ransomware hunt

Michael Gillespie is looking for a new ransomware variant that appends the .WALAN extension and drops a ransom note named DECRYPT_INFO.txt.

RANSOM RANSOM

6.7.19

New Phobos Ransomware variant

Michael Gillespie was shown a new Phobos ransomware variant that uses the .wallet extension. This extension is best known as being used by Dharma.

RANSOM RANSOM

6.7.19

New Litra Ransomware

S!Ri discovered a new ransomware that appends the .Litra extension to encrypted files.

RANSOM RANSOM

6.7.19

New Dharma Ransomware variants

Michael Gillespie found new Dharma variants that appends the .hccapx and .cap extensions to encrypted files.

RANSOM RANSOM

6.7.19

New Dalle STOP Ransomware variant

Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .dalle extension to encrypted files.

RANSOM RANSOM

6.7.19

Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising

The Sodinokibi Ransomware has been spotted being distributed through malvertising that redirects to the RIG exploit kit. With the use of exploit kits, Sodinokibi is now using a wide stream of vectors to infect victims with the ransomware.

RANSOM RANSOM

6.7.19

New Snatch Ransomware variant

Petrovic found a new Snatch Ransomware variant that appends the .cbs0z extension to encrypted files and drops a ransom note named RESTORE_CBS0Z_DATA.txt.

RANSOM RANSOM

22.6.19

New [Locked] Ransomware

Michael Gillespie is looking for a new ransomware that appends the [LOCKED] extension and drops a ransom note named UNLOCK INSTRUCTIONS.txt.

RANSOM RANSOM

22.6.19

New Hack Dharma Ransomware variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .HACK extension to encrypted files.

RANSOM RANSOM

22.6.19

New 0day Dharma Ransomware variant

Michael Gillespie found a new Dharma Ransomware variant that appends the .0Day extension to encrypted files.

RANSOM RANSOM

22.6.19

Stop Decryptor updated

Michael Gillespie updated his Stop Decryptor to support the offline key for the .vesad extension variant.

RANSOM RANSOM

22.6.19

Release of GandCrab 5.2 Decryptor Ends a Bad Ransomware Story

In collaboration with law enforcement agencies around the world, Bitdefender has released an updated decryptor for the GandCrab Ransomware that can decrypt files encrypted by versions 1, 4, and 5 through 5.2.

RANSOM RANSOM

22.6.19

New Horon STOP Djvu variant

Michael Gillespie found a new variant of STOP Djvu ransomware that appends the .horon extension to encrypted files.

RANSOM RANSOM

22.6.19

New Orion version of Major Ransomware

Amigo-A found a new variant of the Major Ransomware that appends the .orion extension on encrypted files and drops a ransom note named READ_ME.orion.

RANSOM RANSOM

22.6.19

WannaCash Decryptor updated

Alex Svirid updated his WannaCash Decryptor to support new variants.

RANSOM RANSOM

22.6.19

New Middleman Ransomware

Michael Gillespie is looking for a new ransomware that appends the .middleman2020 extension and drops a ransom note named !INSTRUCTI0NS!.TXT.

RANSOM RANSOM

22.6.19

New Copan DCRTR Ransomware

Amigo-A found a new variant of the DCRTR Ransomware that appends the .COPAN extension and drops ransom notes named HOW TO DECRYPT FILES.txt and HOW TO DECRYPT FILES.hta.

RANSOM RANSOM

22.6.19

Ryuk Ransomware Adds IP and Computer Name Blacklisting

A new variant of the Ryuk Ransomware has been discovered that adds IP address and computer blacklisting so that matching computers will not be encrypted.

RANSOM RANSOM

22.6.19

New Neras STOP Djvu variant

Michael Gillespie found a new variant of STOP Djvu ransomware that appends the .neras extension to encrypted files.

RANSOM RANSOM

22.6.19

New Adage Phobos Ransomware variant

M. Shahpasandi found a new variant of the Phobos Ransomware that appends the .id[********-****].[helpteam38@protonmail.com].adage exemsion to encrypted files.

RANSOM RANSOM

22.6.19

Florida city pays $600,000 to ransomware gang to have its data back

The city council for Riviera Beach, Florida, voted this week to pay more than $600,000 to a ransomware gang so city officials could recover data that has been locked and encrypted more than three weeks ago.

RANSOM RANSOM

22.6.19

DanaBot Banking Trojan Upgraded with 'Non Ransomware' Module

A new malicious campaign is distributing an upgraded variant of DanaBot that comes with a new ransomware module used to target potential victims from Italy and Poland via phishing emails which deliver malware droppers. Checkpoint also released a decryptor for this ransomware.

RANSOM RANSOM

22.6.19

Stop Decryptor updated

Michael Gillespie updated his Stop Decryptor to support the offline key for the .horon extension variant.

RANSOM RANSOM

22.6.19

New Ransomnix Ransomware variant

Amigo-A found a new variant of the Ransomnix Ransomware that appends the .dmo extension and drops a ransom note named HOW_TO_RETURN_FILES.txt.

RANSOM RANSOM

22.6.19

Sodinokibi Ransomware Spreads Wide via Hacked MSPs, Sites, and Spam

With the GandCrab Ransomware operation shutting down, affiliates are looking to fill the hole left behind with other ransomware. Such is the case with the Sodinokibi Ransomware, whose affiliates are using a wide range of tactics to distribute the ransomware and earn a commission.

RANSOM RANSOM

22.6.19

New LooCipher Ransomware Spreads Its Evil Through Spam

A new ransomware called LooCipher has been discovered that is actively being used in the wild to infect users. While it is not known exactly how this ransomware is being distributed, based on some of the files that were found, we believe it is through a spam campaign.

RANSOM RANSOM

22.6.19

New Truke STOP Djvu variant

Michael Gillespie found a new variant of STOP Djvu ransomware that appends the .truke extension to encrypted files.

RANSOM RANSOM

22.6.19

New Bitch Ransomware

MalwareHunterTeam found a new ransomware that calls itself "Bitch Ransomware". Nuff said.

RANSOM RANSOM

16.6.19

New Myskle and Boston STOP Djvu Ransomware

Michael Gillespie found a new variants of the STOP Djvu Ransomware that append the .myskle or .boston extensions to encrypted files.

RANSOM RANSOM

16.6.19

STOP Decryptor Updated

Michael Gillespie updated his STOP Decryptor to contain the offline key for the .heroset variant.

RANSOM RANSOM

16.6.19

New Zoh Dharma Ransomware variant

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .zoh extension to encrypted files.

RANSOM RANSOM

16.6.19

JSWorm Ransomware 3.1 Released

Amigo-A discovered JSWorm Ransomware 3.1 that uses a new ransom note named JSWORM-DECRYPT.hta. Still uses the .jsworm extension.

RANSOM RANSOM

16.6.19

New Muslat STOP Djvu Ransomware

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .muslat extension to encrypted files.

RANSOM RANSOM

16.6.19

Food Bank Hit By Ransomware, Needs Your Charity to Rebuild

Ransomware attacks hit indiscriminately and sometimes they may affect charitable organizations that can’t afford to surrender to the demand. Auburn Food Bank in King County, Washington, fell victim to a ransomware strain known as GlobeImposter 2.0, which encrypted all computers on their network.

RANSOM RANSOM

16.6.19

How Cybercriminals Recruited Young Romanian Woman

In this excerpt from Kate Fazzini’s “Kingdom of Lies,” one former Romanian hacker tells how she got into the biz.

RANSOM RANSOM

16.6.19

New Gerosan STOP Djvu Ransomware

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .gerosan extension to encrypted files.

RANSOM RANSOM

16.6.19

New Html Dharma Ransomware variant

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .html extension to encrypted files.

RANSOM RANSOM

16.6.19

Bisquilla Ransomware discovered

Jack found the Bisquilla Ransomware, which appears to be in dev as it does not encrypt.

RANSOM RANSOM

16.6.19

New Cephalo Ransomware discovered

Daniel Gallagher discovered a ransomware being distributed through a LNK file that contains a PowerShell command.

RANSOM RANSOM

16.6.19

Ransomware identification for the judicious analyst

Malware detection is a simple yes- or no-answer to the question: Is this file malicious?
Or in case of ransomware detection: Is this file ransomware? Identification on the other hand will provide an aswer to the question: Which malware or ransomware family is this?

RANSOM RANSOM

16.6.19

Ransomware halts production for days at major airplane parts manufacturer

ASCO, one of the world's largest suppliers of airplane parts, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium.

RANSOM RANSOM

16.6.19

New SD 1.1 Ransomware

A new ransomware called SD 1.1 was posted on the BleepingComputer forums and was identified by Amigo-A, The ransomware appends the .[Unlock11@protonmail.com].enc extension.

RANSOM RANSOM

16.6.19

pyLocky Decryptor Released by French Authorities

A decryptor for pyLocky Ransomware versions 1 and 2 has been released by French authorities that allows victim to decrypt their files for free.

RANSOM RANSOM

16.6.19

New Vesad STOP Djvu Ransomware

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .vesad extension to encrypted files.

RANSOM RANSOM

16.6.19

STOP Decryptor Updated

Michael Gillespie updated his STOP Decryptor to contain the offline key for the .boston, .muslat, and .gerosan extension.

RANSOM RANSOM

16.6.19

New Harma Dharma Ransomware variant

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .harma extension to encrypted files.

RANSOM RANSOM

16.6.19

Armageddon Ransomware Discovered

S!Ri discovered the Armageddon Ransomware. This ransomware does not encrypt all files on the PC.

RANSOM RANSOM

16.6.19

New Poop Ransomware?

Petrovic found a new ransomware that appends the .poop extension to encrypted files. It is quite ugly too.

RANSOM RANSOM

16.6.19

GandCrab is covering up their tracks

CapsLo0ck noticed that the Gandcrab devs have asked Exploit.in to delete their posts on the site.

RANSOM RANSOM

9.6.19

GandCrab Ransomware Shutting Down After Claiming to Earn $2.5 Billion

After almost a year and a half, the operators behind the GandCrab Ransomware are shutting down their operation and affiliates are being told to stop distributing the ransomware.

RANSOM RANSOM

9.6.19

Dodger Ransomware discovered

MalwareHunterTeam discovered a new ransomware called Dodger that appends the .dodger extension and shows this not very nice screen.

RANSOM RANSOM

9.6.19

New Lanset and Redmat Stop Ransomware variants

Michael Gillespie found new variants of the STOP Djvu Ransomware that appends the .lanset and .redmat extensions to encrypted files.

RANSOM RANSOM

9.6.19

New BSC Dharma Ransomware variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .bsc extension to encrypted files.

RANSOM RANSOM

9.6.19

Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA

Sodinokibi ransomware was known so far for being installed via Oracle WebLogic exploit (see Talos' article). A new campaign uses spam emails with attached MS Office Word document to download Sokinokibi to the target system. JamesWT found the first sample, Sculabs another one[1]. The email pretends to be a warning letter from the fee collection center of public-law broadcasting institutions in the Federal Public of Germany and demands 213.50 EUR payment.

RANSOM RANSOM

9.6.19

Baltimore ransomware perp pinky-swears he didn’t use NSA exploit

Over the past few weeks, a Twitter account that has since been confirmed by researchers to be that of the operator of the ransomware that took down Baltimore City's networks May 4 has posted taunts of Baltimore City officials and documents demonstrating that at least some data was stolen from a city server. Those documents were posted in response to interactions I had with the ransomware operator in an attempt to confirm that the account was not a prank.

RANSOM RANSOM

9.6.19

New Davda Stop Ransomware found

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .davda extension to encrypted files.

RANSOM RANSOM

9.6.19

Baltimore’s bill for ransomware: Over $18 million, so far

It has been a month since the City of Baltimore's networks were brought to a standstill by ransomware. On Tuesday, Mayor Bernard "Jack" Young and his cabinet briefed press on the status of the cleanup, which the city's director of finance has estimated will cost Baltimore $10 million—not including $8 million lost because of deferred or lost revenue while the city was unable to process payments. The recovery remains in its early stages, with less than a third of city employees issued new log-in credentials thus far and many city business functions restricted to paper-based workarounds.

RANSOM RANSOM

9.6.19

New Pidom and Poret Stop Ransomware variants

Michael Gillespie found new variants of the STOP Djvu Ransomware that appends the .pidom and .poret extensions to encrypted files.

RANSOM RANSOM

9.6.19

New Kjh Dharma Ransomware variant

Michael Gillespie found a new variant of the Dharma Ransomware that appends the .kjh extension to encrypted files.

RANSOM RANSOM

9.6.19

New Wannacash Ransomware variant

Alex Svirid found a new WannaCash Ransomware variant that changes an encrypted file's name to "файл зашифрован (original_filename) .punisher"

RANSOM RANSOM

9.6.19

The RIG Exploit Kit is Now Pushing the Buran Ransomware

The RIG exploit kit is now infecting victim's computers with a new ransomware variant called Buran. This ransomware is a variant of the Vega ransomware that was previously being distributed through Russian malvertising campaigns.

RANSOM RANSOM

9.6.19

New Heroset Stop Ransomware found

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .heroset extension to encrypted files.

RANSOM RANSOM

9.6.19

STOP Djvu Decryptor udpated

Michael Gillespie has updated his STOP Djvu decrypter to include the offline keys for the .stone, .lanset, .davda, .poret, .pidon extensions.

RANSOM RANSOM

9.6.19

New GlobeImposter 2 variant

Michael Gillespie found a new GlobeImposter 2 variant that appends the .{dresdent@protonmail.com}DDT extension to encrypted files.

RANSOM RANSOM

9.6.19

New Euclid Ransomware

Michael Gillespie found a new ransomware called Euclid uploaded to ID Ransomware that appends the .euclid extension and drops a ransom note named how to recovery.txt.

RANSOM RANSOM

9.6.19

Hackers Won’t Let Up in Their Attack on U.S. Cities

WSJ reports that there were two intrusions in Baltimore city networks; one by an actor that used EternalBlue to move around the network and the other was the one who installed RobbinHood and did not use EternalBlue."Local governments across the country are facing a growing threat of cyberattacks and escalating ransom demands, as an attack in this city has crippled thousands of computers for a month."

RANSOM RANSOM

2.6.19

In-dev GottaCry Ransomware

MalwareHunterTeam found a new ransomware called GottaCry that is in-development.

RANSOM RANSOM

2.6.19

SysFrog Ransomware discovered

Michael Gillespie spotted a ransomware that appends the .sysfrog extension to encrypted files and drops a ransom note named how_to_decrypt.txt.

RANSOM RANSOM

2.6.19

New QBX Dharma Ransomware variant

Michael Gillespie spotted a new Dharma Ransomware variant that appends the .qbx extension to encrypted files.

RANSOM RANSOM

2.6.19

New Mogera STOP Djvu variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .mogera extension to encrypted files.

RANSOM RANSOM

2.6.19

New ZOH Dharma Ransomware variant

Michael Gillespie spotted a new Dharma Ransomware variant that appends the .zoh extension to encrypted files.

RANSOM RANSOM

2.6.19

New BEETS Dharma Ransomware variant

Jakub Kroustek spotted a new Dharma Ransomware variant that appends the .beets extension to encrypted files.

RANSOM RANSOM

2.6.19

New Rezuc STOP Djvu variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .rezuc extension to encrypted files.

RANSOM RANSOM

2.6.19

New Eric Ransomware

Michael Gillespie spotted a new ransomware that appends the .ERIS extension and drops a ransom note named @ READ ME TO RECOVER FILES @.txt.

RANSOM RANSOM

2.6.19

New GlobeImposter variant

GrujaRS found a new GlobeImposter variant that appends the .LotR extension and drops a ransom note named NEW_WAVE.html.

RANSOM RANSOM

2.6.19

MBR-based NMoreira Boot Ransomware

Dave Logue found a variant of the NMoreira Ransomware that appears to be targeting the MBR.

RANSOM RANSOM

2.6.19

Fake WannaCry Ransomware

MalwareHunterTeam found a fake WannaCry Ransomware that looks like it was made a joke, school assignment, or for "fun".

RANSOM RANSOM

2.6.19

New Harma Dharma Ransomware variant

Michael Gillespie spotted a new Dharma Ransomware variant that appends the .harma extension to encrypted files.

RANSOM RANSOM

2.6.19

STOP Ransomware Decryptor updated

Michael Gillespie updated his STOP Djvu Ransomware decryptor to support the offline keys for the .skymap, .mogera, and .rezuc variants.

RANSOM RANSOM

2.6.19

New Buran Ransomware spotted

Michael Gillespie spotted a new ransomware on ID-Ransomware that utilizes what looks like a GUID for the extension. For example, .3674AD9F-5958-4F2A-5CB7-F0F56A8885EA. It also drops a ransom note named !!! YOUR FILES ARE ENCRYPTED !!!.TXT.

RANSOM RANSOM

2.6.19

Sodinokibi Ransomware Pushed via Foreclosure Warning Spam

A malspam campaign targeting potential German victims is actively distributing Sodinokibi ransomware via spam emails disguised as foreclosure notifications with malicious attachments which pose as foreclosure notifications.

RANSOM RANSOM

2.6.19

Maze Ransomware Says Computer Type Determines Ransom Amount

A variant of the Maze Ransomware, otherwise known as the ChaCha Ransomware, has been spotted being distributed by the Fallout exploit kit. An interesting feature of this ransomware is that it says the ransom amount will be different depending on whether the victim is a home computer, server, or workstation.

RANSOM RANSOM

2.6.19

New Stone STOP Djvu variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .stone extension to encrypted files.

RANSOM RANSOM

2.6.19

New RotorCrypt Ransomware variant

Michael Gillespie found a new RotorCrypt Ransomware variant that appends the !__prontos@cumallover.me__.bak extension.

RANSOM RANSOM

26.5.19

New ransomware discovered

Michael Gillespie found a new ransomware that appends the .[epta.mcold@gmail.com] and drops a ransom note named !INSTRUCTI0NS!.TXT,

RANSOM RANSOM

26.5.19

New in-dev EZDZ Ransomware

MalwareHunterTeam found a new in-dev ransomware called EZDZ that utilizes the .EZDZ extension and drops a ransom note named HELP_PC.EZDZ-REMOVE.txt.

RANSOM RANSOM

26.5.19

New Radman STOP Djvu Ransomware variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .radman extension.

RANSOM RANSOM

26.5.19

New Ferosas STOP Djvu Ransomware variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .ferosas extension.

RANSOM RANSOM

26.5.19

New TOR13 Dharma variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .TOR13 extension to encrypted files.

RANSOM RANSOM

26.5.19

Cryptocurrent scam pushing ransomware

Frost found an Ether scam distributing a new ransomware.

RANSOM RANSOM

26.5.19

JSWorm 2.0 Ransomware Decryptor Gets Your Files Back For Free

A decryptor for the JSWorm 2.0 Ransomware has been released by Emsisoft this week that allows victims to decrypt their files for free. If you become infected with JSWorm 2.0, do not pay the ransom and instead follow the instructions below.

RANSOM RANSOM

26.5.19

Louisville Regional Airport Authority hit by 'ransomware' attack

WDRB reports: "The Louisville Regional Airport Authority said it fell victim to ransomware Monday morning."

RANSOM RANSOM

26.5.19

GetCrypt Ransomware Brute Forces Credentials, Decryptor Released

A new ransomware called GetCrypt is being installed through malvertising campaigns that redirect victims to the RIG exploit kit. Once installed, GetCrypt will encrypt all of the files on a computer and then demand a ransom payment to decrypt the files.

RANSOM RANSOM

26.5.19

Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next

A NY Times article by Niraj Chokshi covering Baltimore being hit by the RobbinHood ransomware. Also includes a quote from your favorite ransomware information site :)

RANSOM RANSOM

26.5.19

New Rectot STOP Djvu Ransomware variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .rectot extension.

RANSOM RANSOM

26.5.19

New Les Scarab Ransomware variant

Michael Gillespie found a new Scarab Ransomware variant that appends the .les# extension and drops a ransom note named как расшифровать файлы les#.TXT.

RANSOM RANSOM

26.5.19

Wiper disguised as ransomware distributed via email

honkone found an email pushing a malicious executable. Bart analyzed and determined it was a ransomware, but Michael Gillespie stated it was actually a wiper. The fun of malware.

RANSOM RANSOM

26.5.19

STOP Djvu Decryptor updated

Michael Gillespie updated the STOP Djvu decryptor to support the offline IDs for .ferosas, .rectot, and .INFOWAIT variants.  

RANSOM RANSOM

26.5.19

Sodinokibi Ransomware Poised to Impact Larger Enterprises

Coveware states:"Given the sophisticated attack vector and the investment the developers of Sodinokibi have made to their payment TOR site, this variant seems to be poised to become a popular choice among ransomware distributors."

RANSOM RANSOM

26.5.19

New Good Dharma variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .GOOD extension to encrypted files.

RANSOM RANSOM

26.5.19

NordFox Ransomware discovered

GrujaRS discovered the NordFox Ransomware, which appends the .legacy extension to encrypted files and drops a ransom note named READ_ME.txt.

RANSOM RANSOM

26.5.19

New Skymap STOP Djvu Ransomware variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .skymap extension.

RANSOM RANSOM

18.5.19

New STOP Djvu variant discovered

Michael Gillespie found a new STOP Djvu variant that adds the .codnat extension to encrypted files.

RANSOM RANSOM

18.5.19

New Dharma variants released

Jakub Kroustek found new variants of the Dharma Ransomware that append the .qbtex and the .yG extension to encrypted files.

RANSOM RANSOM

18.5.19

New STOP Djvu variant discovered

Michael Gillespie found a new STOP Djvu variant that adds the .codnat1 extension to encrypted files.

RANSOM RANSOM

18.5.19

WannaCry still present on 1.7 million machines

2 years after WannaCry and there’s still 1.7M machines with SMB exposed to the Internet!

RANSOM RANSOM

18.5.19

New DrWeb Dharma variant released

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .drweb extension to encrypted files.

RANSOM RANSOM

18.5.19

New STOP Djvu variant discovered

Michael Gillespie found a new STOP Djvu variant that adds the .bufas extension to encrypted files.

RANSOM RANSOM

18.5.19

Wesker Encrypter discovered

Michael Gillespie found the Wesker Encrypter that does not add an extension but drops ransom notes name !!!INSTRUCTION_RNSMW!!!.txt.

RANSOM RANSOM

18.5.19

New ChaCha Ransomware variant

Michael Gillespie found a new ChaCha Ransomware variant that appends a random 6-7 char extension and drops a ransom note named DECRYPT-FILES.html.

RANSOM RANSOM

18.5.19

Non Ransomware discovered

GrujaRS found the Non Ransomware that appends the .non extension and drops a ransom note named HowToBackFiles.txt. Possibly in-dev as the ransom note does not include an email address.

RANSOM RANSOM

18.5.19

New Dharma variants released

Jakub Kroustek found new variants of the Dharma Ransomware that append the .jack and .PLUT extensions to encrypted files.

RANSOM RANSOM

18.5.19

JSWorm Ransomware sends a shoutout to researchers

The JSWorm Ransomware sent a shoutout in its code to MalwareHunterTeam, S!Ri, and Amigo-A.

RANSOM RANSOM

18.5.19

Possible new Desktop Ransomware variant

GrujaRS found a new ransomware that could be a variant of the Desktop Ransomware. This ransomware prepends the Locked. string to encrypted file's names.

RANSOM RANSOM

18.5.19

THE TRADE SECRET: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers

As ransomware attacks crippled businesses and law enforcement agencies, two U.S. data recovery firms claimed to offer an ethical way out. Instead, they typically paid the ransom and charged victims extra.

RANSOM RANSOM

18.5.19

New DDOS Dharma variant released

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .DDOS extension to encrypted files.

RANSOM RANSOM

18.5.19

New Oops Scarab Ransomware variant

Amigo-A found a new Scarab Ransomware variant that appends the .Oops extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

18.5.19

New Mamba Phobos Ransomware variant

GrujaRS found a new Phobos Ransomware variant that appends the .mamba extension to encrypted files.

RANSOM RANSOM

18.5.19

New Cry Dharma variant released

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .cry extension to encrypted files.

RANSOM RANSOM

18.5.19

New STOP Djvu variant discovered

Michael Gillespie found a new STOP Djvu variant that adds the .dotmap extension to encrypted files.

RANSOM RANSOM

18.5.19

The Reality Of Ransomware

"About 1.5 million ransomware attacks occur annually, putting individuals and corporations in a no-win situation. ProPublica technology reporter Renee Dudley joins host Krys Boyd to explain how these attacks work, how firms can sometimes recover the stolen data, and how sometimes the solution is just to pay up.Her recent story on the topic is a joint investigation with The Guardian."

RANSOM RANSOM

18.5.19

New Ge0l0Gic Ransomware

GrujaRS found the Ge0l0Gic Ransomware that appends the .ge0l0gic extension and drops a ransom note named .ge0l0gic_readme.txt.

RANSOM RANSOM

18.5.19

ZQ Ransomware decryptor updated

Emsisoft has updated their ZQ Ransomware decryptor to support the w_unblock24@qq.com].ws variant.

RANSOM RANSOM

18.5.19

New 4k Dharma variant released

Jakub Kroustek found a variant of the Dharma Ransomware that appends the .4k extension to encrypted files.

RANSOM RANSOM

18.5.19

Baltimore Ransomware still affecting city services

Catalin Cimpanu states "A list of what's still down, almost 2 weeks after the attack:"

RANSOM RANSOM

18.5.19

STOP Djvu Decrypter updated

Michael Gillespie released an update for his STOP Decrypter to support the offline IDs for the .shadow, .fordan, .codnat, and .dotmap extensions.

RANSOM RANSOM

11.5.19

New MegaCortex Ransomware Found Targeting Business Networks

A new ransomware has been discovered called MegaCortex that is targeting corporate networks and the workstations on them. Once a network is penetrated, the attackers infect the entire network by distributing the ransomware using Windows domain controllers.

RANSOM RANSOM

11.5.19

New STOP Ransomware variant

Amigo-A found a new STOP Djvu Ransomware variant that appends the .sarut extension to encrypted files.

RANSOM RANSOM

11.5.19

New Navi Scarab Ransomware variant

Alex Svirid found a new Scarab Ransomware variant that appends the .Navi extension to encrypted files.

RANSOM RANSOM

11.5.19

New BAT Dharma variant

Jakub Kroustek found a new Dharma ransomware variant that appends the .bat extension to encrypted files.

RANSOM RANSOM

11.5.19

New Scarab Ransomware variant

Amigo-A found a new Scarab Ransomware variant that appends the kes$ extension and drops a ransom nte named Инструкция по расшифровке.TXT.

RANSOM RANSOM

11.5.19

New Scarab Ransomware variant

Amigo-A found a new Scarab Ransomware variant that appends the .zoro extension and drops a ransom nte named !!! RESTORE DATA !!!.TXT.

RANSOM RANSOM

11.5.19

New Dharma variants

Jakub Kroustek found a bunch of new Dharma ransomware variants that append the ,qbix, .aa1, and .wal extension to encrypted files.

RANSOM RANSOM

11.5.19

Yara rules created for the MegaCortex Ransomware

Marc Rivero López created Yara rules to detect the MegaCortex ransomware and the Rietspoof loader. This MegaCortex rule is posted here and the Rietspoof rule is here.

RANSOM RANSOM

11.5.19

New STOP Ransomware variant

Amigo-A found a new STOP Djvu Ransomware variant that appends the .fedasot extension to encrypted files and drops a ransom note named _readme.txt.

RANSOM RANSOM

11.5.19

New KBK GlobeImposter 2.0 variant

Michael Gillespie found a new GlobeImposter 2.0 Ransomware variant that appends the .{Killback@protonmail.com}KBK extension.

RANSOM RANSOM

11.5.19

Ransomware hunt for the Recry Ransomware

Michael Gillespie is looking for a ransomware that appends the .recry1 extension and drops a ransom note named decryption_help.txt.

RANSOM RANSOM

11.5.19

New STOP Ransomware variants

Michael Gillespie found new STOP Djvu Ransomware variants that appends the .forasom or .berost extensions to encrypted files.

RANSOM RANSOM

11.5.19

Local Authorities in Texas and Maryland Hit by Ransomware

The servers of Baltimore City Hall and Amarillo, TX, Potter County were hit by ransomware attacks, with the former having shut down most servers while the latter already got some of its computing systems back online.

RANSOM RANSOM

11.5.19

STOP Decryptor offline keys updated

Michael Gillespie updated STOP Decryptor with the offline keys for .roldat, .dutan, .sarut, .berost, and .forasom.

RANSOM RANSOM

11.5.19

Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims

A new Dharma ransomware strain is using ESET AV Remover installations as a "smoke screen" technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro.

RANSOM RANSOM

11.5.19

New MERS Dharma variant

Jakub Kroustek found a new Dharma ransomware variant that appends the .MERS extension to encrypted files.

RANSOM RANSOM

11.5.19

New Blitzkrieg Ransomware

Amigo-A found the new Blitzkrieg Ransomware that appends the .bkc extension and drops a ransom note named HowToBackFiles.txt.

RANSOM RANSOM

11.5.19

Imperial County officials to invest in rebuilding network following cyber attack

The hacker made a ransom demand of $1.2 million dollars in bitcoin to restore the network, a demand Imperial County decided not to pay.

RANSOM RANSOM

11.5.19

Jokeroo Ransomware as a Service Pulls an Exit Scam

Since May 7th, 2019, the Tor sites for the Jokeroo Ransomware as a Service (RaaS) have started displaying a notice stating that their server was seized by the Royal Thai Police in conjunction with the Dutch National Police and Europol. It turns out that this notice is fake and the RaaS is performing an exit scam.

RANSOM RANSOM

11.5.19

New BKC GlobeImposter 2.0 variant

Michael Gillespie found a new GlobeImposter 2.0 Ransomware variant that appends the [blellockr@godzym.me].bkc extension.

RANSOM RANSOM

11.5.19

New STOP Ransomware variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .fordan extension to encrypted files.

RANSOM RANSOM

11.5.19

MegaCortex, deconstructed: mysteries mount as analysis continues

It’s been a week since we published our initial research on the ransomware calling itself MegaCortex. Our initial post was written over about a day and a half, as we started to observe an early outbreak on May 1. We have a lot of new information to share today.

RANSOM RANSOM

11.5.19

New Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that appends the .QH24 extension and drops a ransom note named !QH24_INFO!.rtf.

RANSOM RANSOM

11.5.19

New FLKR Ransomware variant

Alex Svirid found a new FLKR Ransomware variant that appends the .+jabber-theone@safetyjabber.com extension to encrypted files.

RANSOM RANSOM

4.5.19

Russian Legion Ransomware found

MalwareHunterTeam found a new HiddenTear variant called Russian Legion

RANSOM RANSOM

4.5.19

Sodinokibi Ransomware found

GrujaRS found the Sodinokibi Ransomware that assigned a random extension to each victim.

RANSOM RANSOM

4.5.19

BellevueInject Ransomware

MalwareHunterTeam found the BellevueInject CryptoWire variant that appears to target Bellevue College. Looks in-dev.

RANSOM RANSOM

4.5.19

STOP Djvu Decryptor updated

Michael Gillespie updated the STOP Djvu decryptor to include the offline IDs for .etols, .guvara, .norvas, .moresa, .verasto, and .hrosas.

RANSOM RANSOM

4.5.19

New Fredd Dharma variant

Michael Gillespie spotted a new Dharma Ransomware variant that appends the .FREDD extension.

RANSOM RANSOM

4.5.19

BigBobRoss Ransomware decrypted updated

Emsisoft has updated their decryptor for the BigBobRoss Ransomware to support the .cheetah variant.

RANSOM RANSOM

4.5.19

New Prodecryptor Ransomware

GrujaRS found a new ransomware named Prodecryptor that appends the .Prodecryptor extension and drops a ransom note named ReadME-Prodecryptor@gmail.com.txt.

RANSOM RANSOM

4.5.19

New STOP Djvu variant

Michael Gillespie found a new STOP Djvu variant that appends the .todarius extension to encrypted files.

RANSOM RANSOM

4.5.19

LockerGoga Ransomware Family Used in Targeted Attacks

Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried and true formula of encrypting victims’ files and asking for payment to decrypt them, has gained notoriety for the targets it has affected.

RANSOM RANSOM

4.5.19

Sodinokibi Ransomware Being Installed on Exploited WebLogic Servers

Attackers are exploiting a recently disclosed WebLogic vulnerability to install a new ransomware called Sodinokibi. As this vulnerability is trivial to exploit, it is important that server admins install the patch immediately in order to prevent infections or unauthorized access.

RANSOM RANSOM

4.5.19

GitHub-Hosted Malware Targets Accountants With Ransomware

Threat actors ran a malvertising campaign on the Russian Yandex.Direct advertising network starting October 2018 to disseminate a malware cocktail designed to encrypt victims' data and steal cryptocurrency.

RANSOM RANSOM

4.5.19

New STOP Djvu ransomware variants

Michael Gillespie has found new STOP Djvu variants that append the .roldat or .hofos extensions to encrypted files.

RANSOM RANSOM

4.5.19

New .TXT Dharma Variant

Michael Gillespie has spotted a new variant of the Dharma ransomware that uses the .txt extension for encrypted files. This going to confuse as a lot of people.

RANSOM RANSOM

4.5.19

Windows Server hosting provider still down a week after ransomware attack

A ransomware infection has crippled the operations of a US-based web hosting provider for almost eight days now, several of the company's disgruntled customers have told ZDNet today.

RANSOM RANSOM

4.5.19

New Video Dharma variant

Jakub Kroustek found a new variant of the Dharma ransomware that appends the .video extension to encrypted files.

RANSOM RANSOM

4.5.19

New Zeropadypt Ransomware

Amigo_A_ found a new ransomware that fills "files with zeros".

RANSOM RANSOM

4.5.19

Emsisoft releases a decryptor for the ZQ Ransomware

Emsisoft has released a decryptor for the ZQ Ransomware.

RANSOM RANSOM

4.5.19

New WannaOof Ransomware

MalwareHunterTeam found a new ransomware called WannaOof that appends the .oof extension to encrypted files.

RANSOM RANSOM

4.5.19

STOP decryptor updated with further offline keys

Michael Gillespie has updated his STOP decryptor with the offline keys for .kiratos and .todarius.

RANSOM RANSOM

4.5.19

Decryptor for MegaLocker and NamPoHyu Virus Ransomware Released

Emsisoft has released a decryptor for the MegaLocker and NamPoHyu Virus ransomware that has been targeting exposed Samba servers. Victims can now use this decryptor to recover their files for free.

RANSOM RANSOM

4.5.19

New Wal Dharma variant

Michael Gillespie has found a new Dharma variant that appends the .wal extension to encrypted files.

RANSOM RANSOM

4.5.19

New STOP Djvu ransomware variant

Michael Gillespie has found a new STOP Djvu variant that append the .dutan extension to encrypted files.

RANSOM RANSOM

4.5.19

“MegaCortex” ransomware wants to be The One

A new ransomware that calls itself MegaCortex got a jolt of life on Wednesday as we detected a spike in the number of attacks against Sophos customers around the world, including in Italy, the United States, Canada, the Netherlands, Ireland, and France. The attackers delivering this new malware campaign employed sophisticated techiques in the attempt to infect victims.

RANSOM RANSOM

27.4.19

New STOP Djvu Ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .moresa extension to encrypted files.

RANSOM RANSOM

27.4.19

New Scarab Ransomware variant

Michael Gillespie found a new variant of the Scarab Ransomware that appends the .croc and drops a ransom note named HELP_BY_CROC.TXT.

RANSOM RANSOM

27.4.19

New Paradise Ransomware variant

Michael Gillespie found a new Paradise Ransomware variant that appends the .sambo extension and drops a ransom note named Instructions with your files.txt.

RANSOM RANSOM

27.4.19

New LDPR Dharma variant

Michael Gillespie found a new Dharma Ransomware that appends the .LDPR extension to encrypted files.

RANSOM RANSOM

27.4.19

Someone made a payment to a WannaCry Ransomware wallet

Someone just paid 0.0584 BTC ($309.26 USD) to a bitcoin wallet tied to #WannaCry ransomware.

RANSOM RANSOM

27.4.19

New Colorit Ransomware

Michael Gillespie spotted a new ransomware that appends the .COLORIT on ID Ransomware.

RANSOM RANSOM

27.4.19

ST04: Ransomware Trends with Raj Samani and John Fokker

Raj Samani, Chief Scientist and McAfee Fellow, and John Fokker, Head of Cyber Investigations for McAfee Advanced Threat Research, discuss various ransomware attacks and how it’s evolving.

RANSOM RANSOM

27.4.19

New STOP Djvu Ransomware variant

Michael Gillespie found a new version of the STOP Djvu ransomware that appends the .verasto extension to encrypted files.

RANSOM RANSOM

27.4.19

New Scarab Ransomware variant

Amigo-A found a new variant of the Scarab Ransomware that appends the .vally extension.

RANSOM RANSOM

27.4.19

New Major Ransomware variant

Michael Gillespie found a new variant of the Major Ransomware that appends the .mars extesion and drops a ransom note named READ_ME.mars.

RANSOM RANSOM

27.4.19

Over 500% Increase in Ransomware Attacks Against Businesses

Cybercriminals have started focusing their efforts on businesses during Q1 2019, with consumer threat detections decreasing by roughly 24% year over year while businesses have seen a 235% increase in the number of cyber attacks against their computing systems.

RANSOM RANSOM

27.4.19

New BigBobRoss Ransomware variant

Michael Gillespie found a new BigBobRoss variant that appends the .cheetah extension that drops a ransom note named How to recover your files.txt.

RANSOM RANSOM

27.4.19

New STOP Djvu Ransomware variant

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .hrosas extension to encrypted files.

RANSOM RANSOM

27.4.19

New Scarab Ransomware variant

Michael Gillespie found a new Scarab Ransomware variant that appends the .[zoro4747@gmx.de].zoro and drops a ransom note named !!! RESTORE DATA !!!.TXT.

RANSOM RANSOM

27.4.19

New JSWorm variant discovered with a message for ID-Ransomware

S!Ri found a new variant of the JSWorm that has a message for ID Ransomware.

RANSOM RANSOM

27.4.19

New GlobeImposter variant

GrujaRS found a new GlobeImposter variant that appends the .DOCM and drops a ransom note named Restore-My-Files.txt.

RANSOM RANSOM

27.4.19

Vulnerable Confluence Servers Get Infected with Ransomware, Trojans

A critical Atlassian Confluence Server vulnerability is being remotely exploited by attackers to compromise both Linux and Windows servers, allowing them to drop GandCrab ransomware and the Dofloo (aka AES.DDoS, Mr. Black) Trojan.

RANSOM RANSOM

27.4.19

Snatch Ransomware discovered

GrujaRS found the Snatch Ransomware that appends the .hceem extension and drops a ransom note named RESTORE_HCEEM_DATA.txt.

RANSOM RANSOM

27.4.19

Signed Hermes Ransomware variant spotted

MalwareHunterTeam found a signed Hermes Ransomware variant.

RANSOM RANSOM

27.4.19

New Kiratos Stop Djvu Ransomware variant

Amigo-A found a new STOP Djvu ransomware variant that appends the .kiratos extension to encrypted files.

RANSOM RANSOM

27.4.19

A Closer Look at the RobbinHood Ransomware

The RobbinHood Ransomware is the latest player in the ransomware scene that is targeting companies and the computers on their network. This ransomware is not being distributed through spam but rather through other methods, which could include hacked remote desktop services or other Trojans that provide access to the attackers.

RANSOM RANSOM

20.4.19

RobbinHood Ransomware Claims It's Protecting Your Privacy

A new ransomware is in play called RobbinHood that is targeting entire networks and then encrypting all computers that they can gain access to. They then request a certain amount of bitcoins to decrypt a single computer or a larger amount to decrypt the entire network.

RANSOM RANSOM

20.4.19

New Locked Ransomware

Petrovic found a new ransomware that appends the .locked extension and drops a ransom note named README[number].txt. Below is an image supplied by GrujaRS of this infection.

RANSOM RANSOM

20.4.19

New Proyecto X Ransomware

MalwareHunterTeam found a ransomware called Proyecto X that appends the .robinhood extension to encrypted files.

RANSOM RANSOM

20.4.19

Android Sauron Locker Ransomware discovered

Lukas Stefanko found a new Android ransomware called Sauron Locker that locks device and replaces background wallpaper for ransom note.

RANSOM RANSOM

20.4.19

Ransom amounts rise 90% in Q1 as Ryuk increases

Coveware's Q1 Ransomware Marketplace report aggregates anonymized ransomware data from cases handled and resolved by Coveware’s Incident Response Team. Unlike surveys, which rely on sentiment, this report is created solely from a standardized set of data collected from every case. By aggregating and sharing this data we believe large and small enterprises can better protect themselves from the persistent and ever-evolving ransomware threat.

RANSOM RANSOM

20.4.19

'NamPoHyu Virus' Ransomware Targets Remote Samba Servers

A new ransomware family called NamPoHyu Virus or MegaLocker Virus is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim's computer, the attacker is running the ransomware locally and having it remotely encrypt accessible Samba servers.

RANSOM RANSOM

20.4.19

New Phoenix Phobos Ransomware variant

GrujaRS found a new variant of the Phobos Ransomware that appends the .phoenix extension to encrypted files and drops a ransom note named info.txt.

RANSOM RANSOM

20.4.19

New Exploit Paradise Ransomware variant

Amigo-A found a new Paradise Ransomware variant that appends the .exploit extension to encrypted files.

RANSOM RANSOM

20.4.19

New Burn Scarab Ransomware variant

Michael Gillespie found a new Scarab Ransomware variant that appends the .burn extension to encrypted files.

RANSOM RANSOM

20.4.19

Cube Ransomware Hunt

Michael Gillespie is looking for a new ransomware that appends the .cube extension and drops a ransom note named READ_ME.cube.

RANSOM RANSOM

20.4.19

New CRABSLKT Scarab Ransomware variant

Amigo-A found a new Scarab Ransomware variant that appends the .CRABSLKT and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

20.4.19

Cyber-security firm Verint hit by ransomware

The Israel offices of US cyber-security firm Verint have been hit by ransomware, according to a screenshot taken by a Verint employee that started circulating online earlier today.

RANSOM RANSOM

20.4.19

DLL Cryptomix Ransomware Variant Installed Via Remote Desktop

The CryptoMix ransomware is still alive and kicking as a new variant has been spotted being spread in the wild. This new version appends the .DLL extension to encrypted files and is said to be installed through hacked remote desktop services.

RANSOM RANSOM

20.4.19

New norvas STOP Djvu Ransomware

Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .norvas extension to encrypted files.

RANSOM RANSOM

20.4.19

Weekly Ransomware Market Share from Coveware

Coveware notes that Ryuk attacks have continued to decline in prevalence since last week. New Variants of Dharma and Phobos continue to hit smaller enterprises via RDP in the US. A slew of GandCrab attacks hit enterprises in Western Europe via CVE’s that allow remote code execution

RANSOM RANSOM

20.4.19

Jokeroo jokers modify a GandCrab executable?

Jakub Kroustek discovered an unpacked GandCrab 5.3 executable that contains strings from the Jokeroo RaaS. It is not known if it's the GandCrab devleopers poking fun at another ransomware developers or the jokers behind Jokeroo playing with GandCrab.

RANSOM RANSOM

13.4.19

Genesee County, Michigan Recovering from Ransomware Attack

Genesee County, Michigan was hit with a ransomware attack on Tuesday and the county has been working non-stop to get their systems back online. Unfortunately, this process turned out to be more difficult than expected and system are still down.

RANSOM RANSOM

13.4.19

Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware

Recently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out of character due to FIN6’s historical targeting of payment card data. The intent of the intrusion was initially unclear because the customer did not have or process payment card data. Fortunately, every investigation conducted by Managed Defense or Mandiant includes analysts from our FireEye Advanced Practices team who help correlate activity observed in our hundreds of investigations and voluminous threat intelligence holdings. Our team quickly linked this activity with some recent Mandiant investigations and enabled us to determine that FIN6 has expanded their criminal enterprise to deploy ransomware in an attempt to further monetize their access to compromised entities.

RANSOM RANSOM

13.4.19

New .btix Dharma variant

Jakub Kroustek discovered a new variant of the Dharma ransomware that appends the .btix extension to encrypted files.

RANSOM RANSOM

13.4.19

New raldug STOP Djvu variant

Amigo-A found a new variant of the STOP Djvu ransomware that appends the .raldug extension to encrypted file names.

RANSOM RANSOM

13.4.19

AsuraHTTP Bot with Ransomware capabilities

MalwareHunterTeam discovered a LiteHTTP Bot renamed as AsuraHTTP with some Ransomware code added to it.

RANSOM RANSOM

13.4.19

Planetary Ransomware Decryptor Gets Your Files Back For Free

A decryptor for the Planetary Ransomware family was released by Emsisoft this week that allows victims to decrypt their files for free. This ransomware family is named Planetary because it commonly uses the names of planets for the extensions added to encrypted file's names.

RANSOM RANSOM

13.4.19

Anubis Android Trojan Spotted with Almost Functional Ransomware Module

An Android application which steals PayPal credentials, encrypts files from the device's external storage, and locks the screen using a black screen was spotted in the Google Play Store by ESET malware researcher Lukas Stefanko.

RANSOM RANSOM

13.4.19

GET YOUR DATA BACK WITHOUT PAYING RANSOM

"We reached out to three battle-weary ransomware knights — Wosar (whose day job is at Emsisoft), Lawrence Abrams from Bleeping Computer (a computer help site started in 2004) and Michael Gillespie, who founded the free ID Ransomware service three years ago — for tips on how individuals and businesses can thwart the thievery. They all had surprisingly similar advice"

RANSOM RANSOM

13.4.19

Turkish Aurora offline variant

MalwareHunterTeam discovered a new Turkish Aurora offline variant that adds the .cryptoid extension to encrypted files.

RANSOM RANSOM

13.4.19

GoRansom pushed by maldoc

enSilo found a ransomware written in Go that is being pushed by a malicious Word document. Appears to be a research project.

RANSOM RANSOM

13.4.19

Distributor of the Reveton Police Ransomware Jailed by UK's NCA

A key member of a crime group behind the notorious Reveton Police Trojan that locked users out of Windows unless they paid a ransom has now found himself locked up in jail.

RANSOM RANSOM

13.4.19

How did a teenager become the UK’s biggest cyber criminal?

BBC radio discusses:
Zain Qaiser made hundreds of thousands blackmailing porn users from his parents’ house.

RANSOM RANSOM

13.4.19

STOP Djvu Decryptor updated

Michael Gillespie updated his STOP Djvu decryptor to support the offline IDs for the .grovat, .raldug, and .roland variants.

RANSOM RANSOM

13.4.19

New Extortion Email Threatens to Install WannaCry and DDoS Your Network

A new extortion email scam campaign is underway that states that your computer was hacked and that it was discovered you were hiding your taxes. The alleged hackers then demand 2 bitcoins or they will notify the "Tax Department", DDoS your network, and then install the WannaCry ransomware.

RANSOM RANSOM

13.4.19

How to Save Ransomware Encrypted Files for Decryption

Coveware writes: When ransomware strikes and restoring from backups is not an option, a victim often feels that paying the ransom is the only option. Often, victims realize that they can indeed live without the data that has been encrypted, and are able to wait for a potential free decryption solution to be published. Given how unpredictable the release of free decryptor tools is, how should ransomware victims plan their recovery? What can they do to increase their chances of a full recovery?

RANSOM RANSOM

13.4.19

New Bitcoin666 Ransomware

MalwareHunterTeam found a new ransomware that appends the .bitcoin666@cock.li.word extension to encrypted files.

RANSOM RANSOM

13.4.19

New .gate Dharma variant

Michael Gillespie spotted a new Dharma variant that uses the .gate extension.

RANSOM RANSOM

13.4.19

New langolier Scarab variant

Amigo-A found a new Scarab variant that appends the .langolier extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

13.4.19

New guvara and etols STOP Djvu Ransomware variants

Michael Gillespie found new variants of the STOP Djvu Ransomware that append the .guvara and .etols extensions.

RANSOM RANSOM

13.4.19

Emsisoft released a decryptor for the CryptoPokemon

Emsisoft released a decryptor for the CryptoPokemon Ransomware that appends the .CRYPTOPOKEMON extension.

RANSOM RANSOM

13.4.19

New fuchsia Scarab Ransomware variant

Amigo-A found a new Scarab variant that appends the .fuchsia extension and drops a ransom note named DECRYPT FILES.TXT.

RANSOM RANSOM

13.4.19

New Love Dharma variant

Jakub Kroustek found a new variant of the Dharma ransomware that appends the .LOVE extension.

RANSOM RANSOM

13.4.19

New Tokog Scarab Ransomware variant

Amigo-A found a new Scarab variant that appends the .tokog extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

13.4.19

SadComputer Ransomware discovered

MalwareHunterTeam found the SadComputer ransomware which appends the .sad extension and drops a ransom note named sadcomputer_note.txt.

RANSOM RANSOM

13.4.19

Weekly Ransomware Market Share from Coveware

According to Coveware, Ryuk cases have slowed a bit, though are still a substantial portion of new cases. GandCrab v5.2 has picked up slightly in April. Phobos and Dharma continue to hold the largest share of attacks affecting enterprises.

RANSOM RANSOM

13.4.19

New browec STOP Djvu Ransomware variants

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .browec extension.

RANSOM RANSOM

6.4.19

New Plant Matrix Ransomware variant

Stephen DeLucia discovered a new Matrix Ransomware variant that appends the .Plant extension.

RANSOM RANSOM

6.4.19

RobLocker X discovered

GrujaRS found a new ransomware called RobLocker X.

RANSOM RANSOM

6.4.19

vxCrypter Is the First Ransomware to Delete Duplicate Files

The vxCrypter Ransomware could be the first ransomware infection that not only encrypts a victim's data, but also tidy's up their computer by deleting duplicate files.

RANSOM RANSOM

6.4.19

New York Albany Capital Hit by Ransomware Attack

The City of Albany, the capital of the U.S. state of New York, was hit by a ransomware attack on March 30, with city officials working over the weekend to respond to the incident.

RANSOM RANSOM

6.4.19

Mira Ransomware decryptor released

F-secure released a decryptor for the Planetary ransomware variant that appends the .Mira extension.

RANSOM RANSOM

6.4.19

Pacman Ransomware

MalwareHunterTeam found a new ransomware called.... Pacman. This ransomware prepends encrypted before the original extension.

RANSOM RANSOM

6.4.19

Aurora decryptor released

Emsisoft released a decryptor for the Aurora ransomware.

RANSOM RANSOM

6.4.19

New STOP Djvu variant

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .grovat extension to encrypted files.

RANSOM RANSOM

6.4.19

Cyber Criminals Increasingly Target Small and Midsize Businesses

A report by Chubbs "examines the emergence of new #ransomware and #malware strains, including Emotet, Ryuk, and Credential Stuffing".

RANSOM RANSOM

6.4.19

Norsk Hydro releases a documentary-like video on their LockerGoga cyberattack

In a unprecedented move, Norsk Hydro created a documentary-like video about the employees who discovered they were infected by LockerGoga.

RANSOM RANSOM

6.4.19

New STOP Djvu variant

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .roland extension to encrypted files.

RANSOM RANSOM

6.4.19

Arizona Beverages knocked offline by ransomware attack

Arizona Beverages, one of the largest beverage suppliers in the U.S., is recovering after a massive ransomware attack last month, TechCrunch has learned.

RANSOM RANSOM

6.4.19

MR.Z3B1 Jigsaw variant

MalwareHunterTeam found a new Jigsaw Ransomware variant that appends the Contact onlineservices1@usa.com Hacked by Z3b1 your ID [MI0985547KE] .locked extension to encrypted files.

RANSOM RANSOM

6.4.19

New hunt for Ransomware that appends ._Crypted

Michael Gillespie is looking for a ransomware sample that appends the ._Crypted extension and drops a ransom note named _CRYPTED_README.html.

RANSOM RANSOM

6.4.19

Seon Ransoware ver 0.2 found

JAMESWT found a new variant of the Seon Ransomware that brings it to "ver 0.2" and appends the .FIXT extension.

RANSOM RANSOM

6.4.19

New ms13 Dharma variant

safety found a new variant of the Dharma ransomware that appends the .ms13 extension to encrypted files.

RANSOM RANSOM

6.4.19

New Xwo Web Scanner Helps MongoLock Ransomware Find Victims

Code and infrastructure from two known malware families have been observed with a new threat named Xwo, which helps operators of the MongoLock ransomware discover unprotected web services reachable over the internet.

RANSOM RANSOM

6.4.19

Planetary Ransomware decryptor released

Emsisoft has released a new decryptor for the Planetary Ransomware. This decryptor will target ransomware variants that append the .mira, .yum, .Neptune, or .Pluto extension.

RANSOM RANSOM

6.4.19

New ransomware hunt

Michael Gillespie is looking for ransomware samples that append the .bmps@tutanota.com.major or .bmps@tutanota.com.major extension.

RANSOM RANSOM

6.4.19

New STOP Djvu variant

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .refols extension to encrypted files.

RANSOM RANSOM

6.4.19

FIN6 Group Diversifies Activity, Uses LockerGoga and Ryuk Ransomware

FIN6 cybercrime group has taken a step toward increased monetization of their intrusions and added ransomware to its portfolio, choosing LockerGoga and Ryuk file encryption malware for the extortion jobs.

RANSOM RANSOM

6.4.19

New Phobos Ransomware variant

Michael Gillespie found a new Phobos variant that appends the .phoenix extension.

RANSOM RANSOM

6.4.19

New .carcn Dharma variant

Jakub Kroustek found a new variant of the Dharma ransomware that appends the .carcn extension.

RANSOM RANSOM

30.3.19

New STOP Djvu Ransomware variants

Michael Gillespie found a new variants of the STOP Djvu Ransomware that append the .chech or .luceq extensions to encrypted files.

RANSOM RANSOM

30.3.19

New .bk666 Dharma variant

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .bk666 extension to encrypted files.

RANSOM RANSOM

30.3.19

Emsisoft has Released a Decryptor for the Hacked Ransomware

A decryptor for the Hacked Ransomware was released today by Emsisoft that allows victims to recover their files for free. This ransomware was active in 2017 and targeted English, Turkish, Spanish, and Italian users.

RANSOM RANSOM

30.3.19

New STOP Djvu Ransomware variant

Michael Gillespie found new variants of the STOP Djvu Ransomware that append the .proden or .drume extensions to encrypted files.

RANSOM RANSOM

30.3.19

New Matrix Ransomware variant

Michael Gillespie found new Matrix Ransomware variants that append the .MDEN or .SDEN extensions and drops a ransom note named !MDEN_INFO!.rtf or !SDEN_INFO!.rtf.

RANSOM RANSOM

30.3.19

Ransomware hunt for YYYYBJQOQDU

Michael Gillespie is searching for a ransomware that appends the .YYYYBJQOQDU extension and drops a ransom note named YOUR FILES ARE ENCRYPTED.TXT.

RANSOM RANSOM

30.3.19

New Paradise Ransomware variant

Michael Gillespie spotted a new Paradise Ransomware variant that appends the .securityP extension and drops a ransom note named Instructions with your files.txt.

RANSOM RANSOM

30.3.19

STOPDecrypter Updated

Michael Gillespie updated the STOP decrypter with offline keys for .kroput1, .charck, .kropun, .doples, .luces, .luceq, .chech, .pulsar1, .drume, .tronas, .trosak, and .grovas, and .proden.

RANSOM RANSOM

30.3.19

New BigBobRoss variant

Michael Gillespie found a new BigBobRoss Ransomware variant that uses the .encryptedALL and .djvu extensions.

RANSOM RANSOM

30.3.19

New Xorist variant with long extension

Michael Gillespie found a Xoris Ransomware variant with the .NEED-TO-MAKE-PAYMENT-OR-ALL-YOUR-FILLES-WILL-BE-DELETED-CRITICAL-SITUATION-URGENT-ATTENTION-24-HOURS-TO-PAY-OR-EVERYTHING-WILL-BE-PERMANENTLY-DELETED-FOREVER. This ransomware is decryptable.

RANSOM RANSOM

30.3.19

Another Xorist Variant

Michael found another Xorist variant that utilizes the extension ....VeraCrypt_System_Error2019-You_need_to_make_payment_in_maxmin_24_hours_if_you_dont_the_decryptor_license_will_be_deleted_this_is_not_a_joke.

RANSOM RANSOM

30.3.19

Analysis of LockerGoga Ransomware

F-Secure posted a technical analysis of the LockerGoga ransomware:We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs).

RANSOM RANSOM

30.3.19

UNNAM3D Ransomware Locks Files in Protected Archives, Demands Gift Cards

A new ransomware called Unnam3d R@nsomware is being distributed via email that will move a victim's files into password protected RAR archives. The ransomware then demands a $50 Amazon gift card code in order to get the archive password.

RANSOM RANSOM

30.3.19

Ransomware Hits Garage of Canadian Domain Registration Authority

The parking garage used by employees of the Canadian Internet Registration Authority (CIRA) allowed people to park for free after computer systems were infected by ransomware.

RANSOM RANSOM

30.3.19

New Rapid Ransomware variant

MalwareHunterTeam found a new Rapid Ransomware variant that uses the .GILLETTE extension and drops a ransom note named Decrypt DATA.txt.

RANSOM RANSOM

30.3.19

New Stun Dharma Ransomware variant

Michael Gillespie found a new Dharma Ransomware variant that appends the .stun extension to encrypted files.

RANSOM RANSOM

30.3.19

New STOP Djvu Ransomware variants

Michael found new variants of the STOP Djvu ransomware that append the .tronas, .trosak, and .grovas extensions to encrypted files.

RANSOM RANSOM

30.3.19

New Swamp RAT Ransomware

Lawrence Abrams discovered a new RAT that pretends to be a ransomware called Swamp Rat. This is in-dev and quite bizarre.

RANSOM RANSOM

30.3.19

New Scarab Ransomware variant

JAMESWT found a new Scarab Ransomware variant that appends the .crypt000 extension to encrypted files.

RANSOM RANSOM

30.3.19

Avast updates their BigBobRoss Decryptor

Avast has updated their BigBobRoss decryptor to decrypt victims with the .encryptedALL variant.

RANSOM RANSOM

30.3.19

Emsisoft updates their BigBobRoss Decryptor

Not to be outdone :), Emsisoft also updated their BigBobRoss decryptor to support the .encryptedAll variant.

RANSOM RANSOM

30.3.19

New vxCrypter Ransomware

Lawrence Abrams discovered a new variant of the vxCrypter Ransomware that appends .xLck. This is in-development and deletes duplicate files on the computer.

RANSOM RANSOM

24.3.19

New Snatch Ransomware variant

Michael Gillespie found a new variant of the Snatch Ransomware that appends the .jimm extension and drops a ransom note named Restore_JIMM_Files.txt.

RANSOM RANSOM

24.3.19

Hated and hunted

Joe Tidy wrote an article about the life of ransomware expert Fabian Wosar:Fabian is world renowned for destroying ransomware - the viruses sent out by criminal gangs to extort money. Because of this, he lives a reclusive existence, always having to be one step ahead of the cyber criminals. He has moved to an unknown location since this interview was carried out.

RANSOM RANSOM

24.3.19

ID Ransomware now tracks over 700 Ransomware families

Congrats to Michael Gillespie for setting up the terrific ID Ransomware service that now identifies 700 ransomware families.

RANSOM RANSOM

24.3.19

Ransomware hunt for.L1LL Ransomware

Michael Gillespie is looking for a ransomware that appends the .L1LL extension to encrypted files.

RANSOM RANSOM

24.3.19

New RotorCrypt Ransomware variant

Michael Gillespie has found a new RotorCrypt variant that appends the !!!! prusa@rape.lol !!!.prus extension and drops a ransom note named informprus.txt.

RANSOM RANSOM

24.3.19

New GlobeImposter2 variant uses an interesting extension

Michael Gillespie found a new variant of the GlobeImposter 2.0 ransomware that adds the .{CALLMEGOAT@PROTONMAIL.COM}CMG extension to encrypted files.

RANSOM RANSOM

24.3.19

Golden Axe Ransomware discovered

GrujaRS.discovered a new ransomware called Golden Axe that uses the .UIK1J extension for encrypted files. Unfortunately, it does not appear to be related to the classic Golden Axe video game :(

RANSOM RANSOM

24.3.19

JNEC.a Ransomware Spread by WinRAR Ace Exploit

A new ransomware called JNEC.a spreads through an exploit for the recently reported code execution ACE vulnerability in WinRAR. After encrypting a computer, it will generate a Gmail address that victims need to create in order to receive the file decryption key once they pay the ransom.

RANSOM RANSOM

24.3.19

New STOP Ransomware .charcl variant

Michael Gillespie found another STOP Djvu variant that appends the .charcl extension to encrypted files.

RANSOM RANSOM

24.3.19

New Dharma variant

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .azero extension to encrypted files.

RANSOM RANSOM

24.3.19

New FLKR Ransomware variant

Alex Svirid found a new variant of the FKLR Ransomware that appends the +jabber-winnipyh123@sj.ms extension to encrypted files.

RANSOM RANSOM

24.3.19

LockerGoga Ransomware Sends Norsk Hydro Into Manual Mode

One of the largest aluminum producers in the world, Norsk Hydro, has been forced to switch to partial manual operations due to a cyber attack that is allegedly pushing LockerGoga ransomware.

RANSOM RANSOM

24.3.19

LockerGoga variant uploaded from Norway

MalwareHunterTeam found a sample of the LockerGoga ransomware that was uploaded from Norway. Could this be the variant that affected Norsk Hydro?

RANSOM RANSOM

24.3.19

Emsisoft releases decryptor for PewDiePie

Emsisoft has released a decryptor for the PewDiePie/PewCrypt Ransomware.

RANSOM RANSOM

24.3.19

New variant of the Matrix Ransomware

Kshom found a new variant of the Matrix Ransomware that appends the [BIGBOSS777@airmail.cc].[random string].CRYPTO extension.

RANSOM RANSOM

24.3.19

Donaldjtrumpware Ransomware is Yuuuuuge

MalwareHunterTeam found an old ransomware sample called donaldjtrumpware that was an in-development ransomware and did not save the decryption key.

RANSOM RANSOM

24.3.19

Another LockerGoga variant

Because it's LockerGoga week, here is another variant found by GrujaRS.

RANSOM RANSOM

24.3.19

Excellent analysis of LockerGoga

A thread by Lasha Khasaia offers excellent technical information on how LockerGoga works based on his reverse engineering of the sample.

RANSOM RANSOM

24.3.19

Ransomware is not dead - a light analysis of LockerGoga

Another good technical article on LockerGoga byJoe Security.

RANSOM RANSOM

24.3.19

New Xorist Variant

Michael Gillespie found a new Xorist Ransomware variant that appends the .Mr-X666 extension to encrypted files and drops a ransom note named HOW TO BACK YOUR FILES.txt.

RANSOM RANSOM

24.3.19

New Doples STOP Djvu variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .doples extension to encrypted files.

RANSOM RANSOM

24.3.19

New GarrantyDecrypt variant

Michael Gillespie found a new variant of the GarrantyDecrypt Ransomware that appends the .metan extension.

RANSOM RANSOM

24.3.19

New hunt for Fox Ransomware

Michael Gillespie found a new ransomware that appends the id [numbers][Rabbit2002@pm.me].fox extension to encrypted files and drops a ransom note named Decrypt.txt.

RANSOM RANSOM

24.3.19

New hunt for Robbin Hood Ransomware

Michael Gillespie found a new ransomware named Robbin Hood that appends the Encrypted_.enc_robbinhood extension and drops a ransom note named _Decryption_ReadMe.html.

RANSOM RANSOM

24.3.19

Fake CDC Emails Warning of Flu Pandemic Push Ransomware

A new malspam campaign is being conducted that is pretending to be from the Centers for Disease Control and Prevention (CDC) about a new Flu pandemic. Attached to the emails are a malicious attachment that when opened will install the GandCrab v5.2 Ransomware on the target's computer.

RANSOM RANSOM

24.3.19

Dharma ransomware recovery rates fall as ransom demands skyrocket

Coveware writes about "New Research on Dharma Ransomware: Data recovery rates decline as ransom demand skyrocket."

RANSOM RANSOM

24.3.19

New STOP Djvu .Luces variant

Michael Gillespie found a new variant of the STOP Djvu ransomware that appends the .luces extension to encrypted files.

RANSOM RANSOM

24.3.19

Rabbit Ransomware discovered

MalwareHunterTeam discovered the Rabbit Ransomware screenlocker. The unlock code is "RabbCompany66"

RANSOM RANSOM

24.3.19

Police Federation in the UK have been hit with a ransomware attack

"We can confirm we have been subject to a malware attack on our computer systems. We were alerted by our own security systems on Saturday 9 March. Cyber experts rapidly reacted to isolate the malware and prevent it from spreading"

RANSOM RANSOM

24.3.19

New Planetary Ransomware variant

GrujaRS found a new variant of the Planetary Ransomware that appends the .mira extension and drops a ransom note named !!!READ_IT!!!.txt.

RANSOM RANSOM

24.3.19

Kaspersky think LockerGoga is affiliated with GrimSpider

Ivan Kwiatkowski has stated that his team at Kaspersky feels that LockerGoga is related to GrimSpider.

RANSOM RANSOM

24.3.19

New GFS Scarab Ransomware variant

Michael Gillespie found a new Scarab Ransomware variant that appends the .[mrpeterson@cock.li].GFS extension to encrypted files.

RANSOM RANSOM

24.3.19

New Suffer Scarab Ransomware variant

Amigo-A found a new variant of the Scarab Ransomware that appends the .suffer extension to encrypted files and creates ransom notes named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

16.3.19

Ransomware Attack on Jackson County Gets Cybercriminals $400,000

A ransomware attack hit the computers of Jackson County, Georgia, reducing government activity to a crawl until officials decided to pay cybercriminals $400,000 in exchange for the file decryption key.

RANSOM RANSOM

16.3.19

Emsisoft Decrypter for BigBobRoss

Emsisoft has released a decryptor for the BigBobRoss ransomware. It uses AES-128 ECB to encrypt files, and adds the extension ".obfuscated". Some variants also prepend the victim ID to the filename. The ransom note "Read Me.txt" asks the victim to contact "BigBobRoss@computer4u.com".

RANSOM RANSOM

16.3.19

Avast releases a decryptor for BigBobRoss as well

Avast Threat Labs released a decryptor for BigBobRoss as well today.

RANSOM RANSOM

16.3.19

New STOP Ransomware variant

Michael Gillespie found new variants of the STOP Ransomware that append the .promorad2 or .kroput extensions to encrypted files.

RANSOM RANSOM

16.3.19

STOP Ransomware Installing Password Stealing Trojans on Victims

In addition to encrypting a victim's files, the STOP ransomware family has also started to install the Azorult password-stealing Trojan on victim's computer to steal account credentials, cryptocurrency wallets, desktop files, and more.

RANSOM RANSOM

16.3.19

New Dharma variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .NWA extension to encrypted files.

RANSOM RANSOM

16.3.19

Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits

A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours.

RANSOM RANSOM

16.3.19

New bRcrypT Ransomware

Michael Gillespie found a new ransomware that appends the .bRcrypT extension and drops a ransom note named FILES ENCRYPTED.txt.

RANSOM RANSOM

16.3.19

New RotorCrypt Ransomware

Michael Gillespie found a new RotorCrypt Ransomware variant that appends the !__help2decode@mail.com__.a800 extension and drops a ransom note named recovery.instruction.txt.

RANSOM RANSOM

16.3.19

Updated STOPDecrypter

Michael Gillespie updated his STOPDecrypter to have more offline encryption keys. This one is for OFFLINE ID "0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDosJ24DmXt1" (.promorad2).

RANSOM RANSOM

16.3.19

New GILLETTE Ransomware variant

Michael Gillespie found a new ransomware that appends the .GILLETTE extension and drops a ransom note named Decrypt DATA.txt.

RANSOM RANSOM

16.3.19

New Matrix Ransomware variant

Michael Gillespie found a new Matrix ransomware that appends the .SCR extension to encrypted files.

RANSOM RANSOM

16.3.19

New ransomware hunt

Michael Gillespie is search for a sample of the ransomware that appends the .yum extension and drops a ransom note named !!!READ_IT!!!.txt.

RANSOM RANSOM

16.3.19

New Dharma Ransomware variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .com extension to encrypted files.

RANSOM RANSOM

16.3.19

Updated STOPDecrypter

Michael Gillespie updated his STOPDecrypter to have more offline encryption keys. This one is for OFFLINE ID "upOacGl1yOz9XbrhjX9UR2M0j8i03YwVB0pXr1t1" (.kroput).

RANSOM RANSOM

16.3.19

New Scarab variant pretends to be GandCrab

Amigo-A found a new variant of the Scarab Ransomware that pretends to be GandCrab by using the .[crab2727@gmx.de].gdcb and dropping a ransom note named GDCB-DECRYPT.TXT.

RANSOM RANSOM

16.3.19

MegaLocker Virus discovered

MalwareHunterTeam found a new ransomware called MegaLocker Virus that appends the .crypted extension to encrypted files and drops a ransom note named !DECRYPT INSTRUCTION.TXT. Appears to have encrypted a web server in the image.

RANSOM RANSOM

16.3.19

New 0kilobypt Ransomware variant

Amigo-A discovered a new variant of the 0kilobypt Ransomware that appends the .crypt extension to encrypted files.

RANSOM RANSOM

16.3.19

New STOP Ransomware variants

Michael Gillespie found new STOP ransomware variants that append the .kroput1, .pulsar1 or .charck extensions to encrypted files.

RANSOM RANSOM

16.3.19

New Ransomware hunt for Scorpion Ransomware

Michael Gillespie is looking for a new ransomware that appends the .Scorpion extension and drops a ransom note named About .Scorpion V4.0 unlocking instructions.txt.

RANSOM RANSOM

16.3.19

New Ransomware hunt

Michael Gillespie is looking for a new ransomware that appends the .[w_decrypt24@qq.com].zq extension.

RANSOM RANSOM

16.3.19

New Paradise Ransomware variant

Michael Gillespie found a new Paradise Ransomware variant that appends the _[id]_{babyfromparadise666@gmail.com}.p3rf0rm4 and drops a ransom note named Instructions with your files.txt.

RANSOM RANSOM

16.3.19

New Jamper Ransomware

Michael Gillespie is looking for a new ransomware that appends the .jamper extension and drops a ransom note named ---README---.TXT.

RANSOM RANSOM

16.3.19

New RotorCrypt variant

Michael Gillespie found a new RotorCrypt variant that appends the !@#$%^&-().1c and drops a ransom note named INFO.txt.

RANSOM RANSOM

16.3.19

New STOP Ransomware variants

Michael Gillespie found new STOP Ransomware variants that append the .kropun or .klope extensions to encrypted file's names.

RANSOM RANSOM

9.3.19

Ransomware Pretends to Be Proton Security Team Securing Data From Hackers

A recent variant of the GarrantyDecrypt ransomware has been found that pretends to be from the security team for Proton Technologies, the company behind ProtonMail and ProtonVPN.

RANSOM RANSOM

9.3.19

CrazyCrypt 4.1 discovered

MalwareHunterTeam found the new 4.1 variant of CrazyCrypt 4.1 that drops a ransom note named FILES ENCRYPTED.txt.

RANSOM RANSOM

9.3.19

New Korea Dharma variant

Jakub Kroustek found a new Dharma Ransomware variant that uses the .korea extension.

RANSOM RANSOM

9.3.19

#OpJerusalem Targeted Israeli Windows Users with JCry Ransomware

Over the weekend, hundreds of popular Israeli sites were targeted by an attack called #OpJerusalem whose goal was to infect Windows users with the JCry ransomware. Thankfully, a mistake in the attacker's code caused the page to show a defacement rather than causing the ransomware to be distributed.

RANSOM RANSOM

9.3.19

Annabelle 2.1 becomes a wiper

Michael Gillespie found a new variant of the Annabelle Ransomware that has become a wiper due to shoddy coding.

RANSOM RANSOM

9.3.19

New GlobeImposter 2.0 variant

Michael Gillespie found a new GlobeImposter 2.0 Ransomware variant that appends the .{mattpear@protonmail.com}MTP extension.

RANSOM RANSOM

9.3.19

Neptune Ransomware

Michael Gillespie found a new ransomware that appends the .Neptune extension. This family has been releasing variants utilizing extensions named after planets.

RANSOM RANSOM

9.3.19

New ransomware hunt

Michael Gillespie is looking for a ransomware that appends the .[help24decrypt@cock.li and drops a ransom note named How to decrypt.txt.

RANSOM RANSOM

9.3.19

New Satan Ransomware variant

Michael Gillespie found a new variant of the Satan/Lucky that uses the .evopro extension and drops a ransom note named _如何解密我的文件_.txt. According xiaopao, this is a Satan variant.

RANSOM RANSOM

9.3.19

New Seed Locker Everbe Ransomware variant

MalwareHunterTeam found a new variant of the Everbe 2.0 ransomware called Seed Locker. This infection will append the .seed extension to encrypted files and drops a ransom note named !#_How_to_decrypt_files_$!.txt.

RANSOM RANSOM

9.3.19

CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers

A new CryptoMix Ransomware variant has been discovered that appends the .CLOP or .CIOP extension to encrypted files. Of particular interest, is that this variant is now indicating that the attackers are targeting entire networks rather than individual computers.

RANSOM RANSOM

9.3.19

Jokeroo Ransomware-as-a-Service Offers Multiple Membership Packages

A new Ransomware-as-a-Service called Jokeroo is being promoted on underground hacking sites and via Twitter that allows affiliates to allegedly gain access to a fully functional ransomware and payment server.

RANSOM RANSOM

9.3.19

New Scarab Ransomware variant

Emmanuel_ADC-Soft found a new Scarab Ransomware variant that appends the .kitty extension to encrypted files and drops a ransom note named HOW-TO-RESTORE-FILES.txt.

RANSOM RANSOM

9.3.19

New ICP Ransomware

Michael Gillespie is looking for a new ransomware that appends the .icp extension to encrypted files and drops a ransom note named Restore_ICPICP_Files.txt.

RANSOM RANSOM

9.3.19

New .plomb Dharma variant

Michael Gillespie found a new Dharma variant that appends the .id-[id].[plombiren@hotmail.com].plomb extension.

RANSOM RANSOM

9.3.19

New Scarab Ransomware variant

GrujaRS found a new Scarab Ransomware variant that appends the .dy8wud and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

9.3.19

New W1F1RANSOM screenlocker discovered

MalwareHunterTeam found a new screenlocker called W1F1RANSOM or W1F1SN1FF3R that uses an unlock key of 0000.

RANSOM RANSOM

9.3.19

StopDecrypter Updated

Michael Gillespie added more OFFLINE keys to his StopDecrypter program. These are for the .promoz, .promok, .promorad, .promok variants.

RANSOM RANSOM

2.3.19

GarrantyDecrypt Ransomware

Michael Gillespie found a new ransomware called GarrantyDecrypt that appends the .cammora extension.

RANSOM RANSOM

2.3.19

New DeltaSEC Jigsaw Ransomware

MalwareHunterTeam found a new Jigsaw Ransomware variant called DeltaSEC.

RANSOM RANSOM

2.3.19

New Russian ransomware variant

Michael Gillespie found a new ransomware that appends the .infileshop@gmail_com_ID44 and drops a ransom note named ! ПРОЧТИ МЕНЯ !.html.

RANSOM RANSOM

2.3.19

New Scarab Ransomware variant

Emmanuel_ADC-Soft found a new variant of the Scarab Ransomware that appends the .X3 extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

2.3.19

GandCrab Decrypter Available for v5.1, New 5.2 Variant Already Out

A free file decryption tool is available for users whose computers got infected with the latest confirmed versions of GandCrab. It can unlock data encrypted by versions 4 through 5.1 of the malware, and some earlier releases of the threat.

RANSOM RANSOM

2.3.19

New Ransomware pretends to be from ProtonMail

Michael Gillespie found a new ransomware that drops a ransom note named SECURITY-ISSUE-INFO.txt and pretends to be from the security team at ProtonMail.

RANSOM RANSOM

2.3.19

New Promos STOP variant

Michael Gillespie found a new variant of the STOP/DJVU Ransomware that appends the .promos extension to encrypted files.

RANSOM RANSOM

2.3.19

New Seed Locker Ransomware

Emmanuel_ADC-Soft found a new ransomware that appends the .seed extension and drops a ransom note named !#_How_to_decrypt_files_#!.

RANSOM RANSOM

2.3.19

Formjacking Surpasses Ransomware and Cryptojacking as Top Threat of 2018

A new year in review report from Symantec shows that formjacking accompanied by supply chain attacks were the fastest growing threats of 2018, while living-off-the-land (LotL) attacks saw a large boost in adoption from threat actors, with PowerShell scripts usage, for example, seeing a formidable 1000% increase.

RANSOM RANSOM

2.3.19

Cekisan Ransomware discovered

Michael Gillespie found a new ransomware that appends the .cekisan extension and drops a ransom note named Readme_Restore_Files.txt.

RANSOM RANSOM

2.3.19

New Aqva Dharma variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .aqva extension to encrypted files.

RANSOM RANSOM

2.3.19

GandCrab Ransomware Affiliates Continue to Push Decryptable Versions

GandCrab Ransomware affiliates are doing their victims a favor by screwing up and distributing a version of the ransomware that can be decrypted for free.

RANSOM RANSOM

2.3.19

New BlackPink Ransomware

Michael Gillespie saw a new ransomware uploaded to ID Ransomware that appends the .BlackPink extension to encrypted files and has a Korean ransom note named how_to_recver_files.txt.

RANSOM RANSOM

2.3.19

New Russian Ransomware

Michael Gillespie found a new Russian ransomware that drops a ransom note named инструкция по оплате.txt.

RANSOM RANSOM

2.3.19

New Ransomware appends .crazy

Michael Gillespie found a new ransomware that appends the .id.[id].[[emai]].crazy extension to encrypted files and drops a ransom note named FILES ENCRYPTED.txt.

RANSOM RANSOM

2.3.19

New Matrix Ransomware variant

Michael Gillespie is on fire with a new Matrix Ransomware variant that appends the .GBLOCK extension and drops a ransom note named !GBLOCK_INFO.rtf.

RANSOM RANSOM

2.3.19

Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems

A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it.

RANSOM RANSOM

2.3.19

New .AYE Dharma variant

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .AYE extension to encrypted files.

RANSOM RANSOM

2.3.19

Ransomware Dogge discovered

Dodge This Security found a new ransomware called Dogge Ransomware. Appears to be a joke ransomware.

RANSOM RANSOM

2.3.19

B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers

A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.

RANSOM RANSOM

2.3.19

New Xorist Ransomware variant

GrujaRS found a Xorist Ransomware sample that appends only a period as an extension and drops a ransom note named HOW TO DECRYPT FILES.txt.

RANSOM RANSOM

2.3.19

D-Link advisory on Cr1ptT0r

D-Link issued a security advisory on the Cr1ptT0r Ransomware.

RANSOM RANSOM

2.3.19

CrazyCrypt Ransomware discovered

MalwareHunterTeam found a new Stupid Ransomware variant called CrazyCrypt 2.1.

RANSOM RANSOM

2.3.19

New Artemy Scarab Ransomware variant

GrujaRS found a new Scarab Ransomware variant that appends the .ARTEMY extension to encrypted files.

RANSOM RANSOM

2.3.19

New Phobos Ransomware variant

Jakub Kroustek found a new Phobos Ransomware variant that appends the .Frendi extension.

RANSOM RANSOM

2.3.19

New Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that appends the .SBLOCK extension and drops a ransom note named !SBLOCK_INFO!.rtf.

RANSOM RANSOM

2.3.19

New STOP/DJVU Variant

Michael Gillespie found a new STOP/DJVU variant that appends the .promoz.

RANSOM RANSOM

2.3.19

Florida ISP's service impacted by ransomware

The Tallahassee Democrat reports: A ransomware attack targeting Network Tallahassee kept customers from getting online, sending or receiving emails or accessing website domains, which were completely shutdown.

RANSOM RANSOM

2.3.19

New RotorCrypt Sample

Michael Gillespie found a new RotorCrypt sample that appends the !_!email__ prusa@goat.si __!..PAYMAN extension and drops a ransom note named open_payman.txt.

RANSOM RANSOM

2.3.19

CSP Ransomware

Michael Gillespie is looking for a new ransomware variant that appends the _csp extension and drops a ransom note named HOW TO DECRYPT[1T0tO].txt.

RANSOM RANSOM

2.3.19

New STOP/DJVU variants

Michael Gillespie found a new variant of the STOP/DJVU Ransomware that appends the .promorad and .promock.

RANSOM RANSOM

16.2.19

New FCRYPT Ransomware

GrujaRS found a new ransomware called FCRYPT that appends the .FCrypt extension and drops a ransom note named #HELP-DECRYPT-FCRYPT1.1#.txt to encrypted files. Michael Gillespie stated it can be decrypted.

RANSOM RANSOM

16.2.19

New Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that appends the .PLANT extension to encrypted files.

RANSOM RANSOM

16.2.19

New Ransomware has trouble spelling planets

Michael Gillespie found a new ransomware variant that tried to spell "Mercury", but used .mecury as the extension for encrypted files.

RANSOM RANSOM

16.2.19

Ransomware Story Comic

Christiaan Beek and Hackerstrip teamed up to create a comic about ransomware.

RANSOM RANSOM

16.2.19

New Encrypted5 ransomware

GrujaRS found a new ransomware variant that appends the .Encrypted5.

RANSOM RANSOM

16.2.19

New Matrix Ransomware variant

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .PEDANT and drops a ransom note named !PEDANT_INFO!.rtf.

RANSOM RANSOM

16.2.19

Ransomware Attacks Target MSPs to Mass-Infect Customers

Ransomware distributors have started to target managed service providers (MSPs) in order to mass-infect all of their clients in a single attack. Recent reports indicate that multiple MSPs have been hacked recently, which has led to hundreds, if not thousands, of clients being infected with the GandCrab Ransomware.

RANSOM RANSOM

16.2.19

New Dharma variant

Jakub Kroustek found a new variant of the Dharma ransomware that appends the .KARLS extension to encrypted files.

RANSOM RANSOM

16.2.19

New Snatch Ransomware variant

GrujaRS found a new Snatch ransomware variant appends the .jupstb extension to encrypted files.

RANSOM RANSOM

9.2.19

New PayDay Ransomware variant

MalwareHunterTeam found a new variant of the PayDay Ransomware that uses a ransom note named HOW_TO_DECRYPT_MY_FILES.txt.

RANSOM RANSOM

9.2.19

New variant of the STOP Ransomware

dis found a new variant of the STOP Ransomware that uses the .blower extension.

RANSOM RANSOM

9.2.19

New RotorCrypt variant

Michael Gillespie found a new variant of the RotorCrypt Ransomware that appends the "!ymayka-email@yahoo.com.cryptotes" extension.

RANSOM RANSOM

9.2.19

New Dharma variant

Michael Gillespie found a new variant of the Dharma Ransomware that appends the .888 extension.

RANSOM RANSOM

9.2.19

New PennyWise Jigsaw Ransomware variant

MalwareHunterTeam found a new Jigsaw Ransomware that uses the .PennyWise extension for encrypted files.

RANSOM RANSOM

9.2.19

Crypted Pony Ransomware found

Petrovic found a new ransomware that appends the .crypted_pony_test_build_xxx_xxx_xxx_xxx_xxx extension to encrypted files.

RANSOM RANSOM

9.2.19

Cryptojacking Overtakes Ransomware, Malware-as-a-Service on the Rise

Cryptominers infected roughly ten times more organizations during 2018 than ransomware did, however only one in five security professionals knew that their company's systems have been impacted by a malware attack as reported by Check Point Research.

RANSOM RANSOM

9.2.19

GandCrab Ransomware Helps Shady Data Recovery Firms Hide Ransom Costs

The GandCrab ransomware TOR site allows shady data recovery companies to hide the actual ransom cost from victims and it is currently being disseminated through a large assortment of distribution channels according to a Coveware report.

RANSOM RANSOM

9.2.19

Russian ransomware with a valid cert

MalwareHunterTeam found a Russian ransomware sample that drops a ransom note named Your files are now encrypted.txt but does not use an extension. Uses a valid certificate.

RANSOM RANSOM

9.2.19

New Ransomware appends FileSlack

Michael Gillespie found a new Ransomware that appends the .FileSlack extension and drops a ransom note named Readme_Restore_Files.txt.

RANSOM RANSOM

9.2.19

Looking for a sample of Pluto Ransomware

Michael Gillespie is looking for a ransomware sample that appends the .pluto extension and drops a ransom note named !!!READ_IT!!!.txt.

RANSOM RANSOM

9.2.19

LOLSEC Jigsaw Ransomware variant

Michael Gillespie found a new Jigsaw Ransomware variant that appends .paycoin to encrypted files and uses the following background.

RANSOM RANSOM

9.2.19

New Dharma variant found

Jakub Kroustek found new Dharma variants that appends the .amber or .frend extension.

RANSOM RANSOM

9.2.19

Mail Attachment Builds Ransomware Downloader from Super Mario Image

A malicious spreadsheet has been discovered that builds a PowerShell command from individual pixels in a downloaded image of Mario from Super Mario Bros. When executed, this command will download and install malware such as the GandCrab Ransomware and other malware.

RANSOM RANSOM

9.2.19

New Clop Ransomware

Michael Gillespie found a new ransomware that appends the .Clop extension to encrypted file names and drops a ransom note named ClopReadMe.txt.

RANSOM RANSOM

9.2.19

Gandcrab via fake invoice using password protected zip files

My Online Security reports: It’s Friday afternoon at the end of a busy week for many people and we get yet another Gandcrab ransomware campaign. This campaign is slightly different to previous versions that I have seen. We generally see Gandcrab delivered via Office ( normally Word) documents, either Macros or possibly Equation editor or other embedded ole object exploits. Today’s version is the first time that I have seen a js file inside a zip that was password protected as the initial vector. You need the password “invoice123” to be able to open the zip file.

RANSOM RANSOM

2.2.19

New Scarab Ransomware variant

Amgad.M found a new Scarab Ransomware variant that appends the .Crash extension to encrypted files.

RANSOM RANSOM

2.2.19

Akron says cyberattack forced shutdown of city help line

WHIO-TV reports: Officials say a financially motivated cyberattack on computer servers forced an Ohio city to shut down its 311 call center line as it prepared to dig out from a snowstorm. The Akron Beacon Journal reports a city of Akron spokeswoman says the attack included ransomware that demanded thousands of dollars. Ransomware is malicious software that threatens to publish a target's data or block access to it.

RANSOM RANSOM

2.2.19

New Xorist Ransomware

Petrovic discovered a new Xorist variant that appends the .mcafee extension to encrypted files.

RANSOM RANSOM

2.2.19

Blackware Ransomware discovered

MalwareHunterTeam discovered the Blackware Ransomware 1.0 that is only a screenlocker. Does not encrypt.

RANSOM RANSOM

2.2.19

Spiteful Doubletake Ransomware discovered

Jakub Kroustek has discovered a ransomware written in Perl called Spiteful Doubletake that appears to be in-development or a PoC. Appends the .enc extension to encrypted files.

RANSOM RANSOM

2.2.19

New STOP .adobee variant

Michael Gillespie found a new STOP Ransomware variant that appends the .adobee extension to encrypted files.

RANSOM RANSOM

2.2.19

Gorgon Ransomware discovered

Jakub Kroustek discovered the Gorgon Ransomware that appends the .[buy-decryptor@pm.me] extnesion to encrypted files.

RANSOM RANSOM

2.2.19

Russia hit by new wave of ransomware spam

January 2019 has seen a dramatic uptick in detections of malicious JavaScript email attachments, an attack vector that mostly lay dormant throughout 2018. Among the “New Year edition” of malicious spam campaigns relying on this vector, we have detected a new wave of Russian-language spam that distributes ransomware known as Shade or Troldesh, and detected by ESET as Win32/Filecoder.Shade.

RANSOM RANSOM

2.2.19

Unit09 Ransomware discovered

Michael Gillespie found a new ransomware that appends the .UNIT09 extension to encrypted files and drops a ransom note named $!READ ME.txt.

RANSOM RANSOM

2.2.19

New .mbrcodes Xorist variant found

Michael Gillespie found a new Xoris Ransomware variant that appends the .mbrcodes extension.

RANSOM RANSOM

2.2.19

Anti-Capitalist Jigsaw Ransomware variant found

MalwareHunterTeam found a new Jigsaw Ransomware variant called Anti-Capitalist that appends the .fun extension to encrypted files.

RANSOM RANSOM

2.2.19

DESYNC Ransomware Discovered

Michael Gillespie found a new ransomware that appends the .DESYNC extension to encrypted files and drops a ransom note named # HOW TO DECRYPT YOUR FILES #.txt.

RANSOM RANSOM

2.2.19

Love Letter Malspam Serves Cocktail of Malware, Heavily Targets Japan

The "Love Letter" malspam campaign which was previously detected and analyzed on January 10, has now changed its focus to Japanese targets and almost doubled the volume of malicious attachments it delivers, including GandCrab.

RANSOM RANSOM

2.2.19

New LockerGoga Ransomware Allegedly Used in Altran Attack

Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and their own assets, Altran decided to shut down its network and applications.

RANSOM RANSOM

2.2.19

Xorist Ransomware variant

GrujaRS found a new Xorist variant that appends the .Mcafee extension and drops a ransom note named HOW TO DECRYPT FILES.

RANSOM RANSOM

2.2.19

Looking Into Jaff Ransomware

Jaff ransomware was originally released in the spring of 2017, but it was largely neglected because that was the same time that WannaCry was the lead story for news agencies around the world. Since that time, Jaff ransomware has lurked in the shadows while infecting machines worldwide. In this FortiGuard Labs analysis, we will look into some of the common ransomware techniques used by this malware, and how it represents the ransomware’s infection routine in general.

RANSOM RANSOM

2.2.19

Flurry of Dharma variant discovered

Jakub Kroustek found a few new Dharma variants that append the .qwex, .ETH, or .air extension to encrypted files.

RANSOM RANSOM

2.2.19

New Obfuscated Ransomware variant

Michael Gillespie found a new variant of the Obfuscated Ransomware that prepends "[id=]" to encrypted files. Still decryptable.

RANSOM RANSOM

2.2.19

Jigsaw variant discovered

Michael Gillespie found a Jigsaw Ransomware variant that appends the .YOLO extension to encrypted files. Possible Red Team/Blue Team exercise based on ransom message?

RANSOM RANSOM

2.2.19

Matrix: A Low-Key Targeted Ransomware

Sophos security research Luca Nagy released an research paper on the Matrix Ransomware.

RANSOM RANSOM

27.1.19

New AUF Dharma variant

Jakub Kroustek discovered a new Dharma Ransomware variant that appends the .AUF extension to encrypted files.

RANSOM RANSOM

27.1.19

Ransomware Attacks May Soon Require Disclosure in North Carolina

North Carolina’s Attorney General Josh Stein and Rep. Jason Saine proposed legislation designed to strengthen the state's identity theft protection law, targeting prevention and consumer protection boost in the face of breaches.

RANSOM RANSOM

27.1.19

New Rumba STOP Ransomware Being Installed by Software Cracks

The STOP ransomware has seen very heavy distribution over the last month using adware installers disguised as cracks. This campaign continues with a new variant released over the past few days that appends the .rumba extension to the names of encrypted files. Michael Gillespie also reported finding a variant utilizing the .shadow extension.

RANSOM RANSOM

27.1.19

STOP Ransomware decryptor updated for offline DJVU variants

Michael Gillespie updated his STOP Decryptor to decrypt the offline versions of the DJVU variants.

RANSOM RANSOM

27.1.19

New Dharma variants discovered

Jakub Kroustek discovered two more Dharma variants that utilize the .USA, .xwx, and .best extensions for encrypted files.

RANSOM RANSOM

27.1.19

New variant of Ryuk using project name of Cryptor 2.0

MalwareHunterTeam found a new Ryuk variant that uses an internal project name of "Cryptor 2.0".

RANSOM RANSOM

27.1.19

New Matrix Ransomware variant

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .GMBN extension and drops a ransom note named !README_GMBN!.rtf. Michael found another variant that uses the .SPCT extension.

RANSOM RANSOM

27.1.19

New .heets Dharma variant

Coveware found a new Dharma variant that is appending the .heets extension to encrypted files.

RANSOM RANSOM

27.1.19

New Anatova Ransomware Supports Modules for Extra Functionality

A new ransomware family called Anatova has popped on the radar of analysts, who see it as a serious threat created by skilled authors that can turn it into a multifunctional piece of malware.

RANSOM RANSOM

27.1.19

STOP Ransomware variant uses .adobe

Michael Gillespie found a new variant of the STOP Ransomware that utilizes the .adobe variant. This extension was previously used by the Dharma ransomware.

RANSOM RANSOM

27.1.19

New BSS Hidden Tear variant

MalwareHunterTeam found someone named Dennis playing with a Hidden Tear variant named "Ransomware by BSS".

RANSOM RANSOM

27.1.19

New ransomware strain is locking up Bitcoin mining rigs in China

A new strain of ransomware has been observed targeting Bitcoin mining rigs. At the time of writing, most of the infections have been reported in China, the country where most of the world's cryptocurrency mining farms are located.

RANSOM RANSOM

27.1.19

New JSWorm Ransomware

MalwareHunterTeam found the JSWorm Ransomware that appends the .JSWORM extension and drops a ransom note named JSWORM-DECRYPT.html.

RANSOM RANSOM

27.1.19

Beware of Exit Map Spam Pushing GandCrab v5.1 Ransomware

A new malspam campaign pretending to be the current emergency exit map for the recipient's building is being used to install the GandCrab Ransomware. These spam emails contain malicious Word documents that download and install the infection from a remote computer.

RANSOM RANSOM

27.1.19

New Xorist variant

Petrovic found a new Xorist variant that appends the .vaca etension to encrypted files.

RANSOM RANSOM

27.1.19

New Cyspt ransomware

MalwareHunterTeam found the Cyspt ransomware that appends the .OOFNIK extension to encrypted files.

RANSOM RANSOM

27.1.19

New Scarab Ransomware variant

found a new Scarab Ransomware variant that appends the .GEFEST extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

27.1.19

GandCrab is not a RaaS

Damian has stated that according to a post at Exploit.in, the developers behind GandCrab have denied being part of a RaaS.

RANSOM RANSOM

27.1.19

New ransomware variant

A new unknown ransomware was discovered by lc4m that appends the .locked extension and drops a ransom note named README-NOW.txt.

RANSOM RANSOM

19.1.19

New Krab Scarab Ransomware variant

Amigo-A found a new variant of of the Scarab Ransomware that appends the .Krab extension to encrypted files and drops a ransom note named !!! RETURN YOUR FILES !!!.TXT.

RANSOM RANSOM

19.1.19

New .zzzzzzzz Scarab Ransomware variant

Emmanuel_ADC-Soft found a new sleepy variant of the Scarab Ransomware that appends the .zzzzzzzz extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

RANSOM RANSOM

19.1.19

New PPAM GlobeImposter 2 variant

Petrovic found a new variant of the GlobeImposter2 that appends the .ppam extension to encrypted file names.

RANSOM RANSOM

19.1.19

New ransomware appends mdk4y

Leo found a new ransomware that appends the .mdk4y extension to encrypted file names.

RANSOM RANSOM

19.1.19

New French Jigsaw Ransomware variant

Michael Gillespie found a new French Jigsaw Ransomware variant that appends the .data extension.

RANSOM RANSOM

19.1.19

New Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that appends the .GRHAN extension and drops a ransom note named !README_GRHAN!.rtf.

RANSOM RANSOM

19.1.19

New TrumpHead Ransomware

MalwareHunterTeam found a new ransomware called TrumpHead that contains text that sounds like, well, Trump.

RANSOM RANSOM

19.1.19

Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles

In December 2018, a new ransomware called Djvu, which could be a variant of STOP, was released that has been heavily promoted through crack downloads and adware bundles. Originally, this ransomware would append a variation of the .djvu string as an extension to encrypted files, but a recent variant has switched to the .tro extension.

RANSOM RANSOM

19.1.19

New Ransomware Bundles PayPal Phishing Into Its Ransom Note

A new in-development ransomware has been discovered that not only encrypts your files, but also tries to steal your credit card information with an included PayPal phishing page.

RANSOM RANSOM

19.1.19

New IsraBye is repeating itself

MalwareHunterTeam found a new IsraByte variant that seems to be repeating itself with the extension.

RANSOM RANSOM

19.1.19

New Paradise Ransomware variant

MalwareHunterTeam found a new Paradise ransomware variant that drops a ransom note named Instructions with your files.txt and uses the extension _%ID%_{admin@prt-decrypt.xyz}.xyz,

RANSOM RANSOM

19.1.19

New JobCrypter Ransomware variant

MalwareHunterTeam found a new JobCrypter variant.

RANSOM RANSOM

19.1.19

Looking for the Obfuscated Ransomware

Michael Gillespie is looking for a new ransomware that appends the .obfuscated extension and drops a ransom note named Read Me.txt.

RANSOM RANSOM

19.1.19

New Anatova ransomware discovered

Valthek discovered a new ransomware called Anatova that asks for a ransom payment in Dash.

RANSOM RANSOM

19.1.19

New ransomware variant

Petrovic found a new ransomware variant that appends the .jundmd@cock.li!! extension to encrypted files and drops a ransom note named Help to decrypt.txt.

RANSOM RANSOM

19.1.19

BlackRouter Ransomware Promoted as a RaaS by Iranian Developer

A ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previousl distributed another ransomware called Blackheart and promotes other infections such as a RAT.

RANSOM RANSOM

19.1.19

New 7Zip Ransomware variant

Amigo-A found a new variant of the 7Zip Ransomware that appends the .aes extension to encrypted files and drops a ransom note named INFORMATION.hta.

RANSOM RANSOM

19.1.19

Xcry Ransomware discovered

MalwareHunterTeam discovered a new ransomware called Xcry that was programmed in Nim. Xcry Ransomware will append the .xcry7684 extension to encrypted files and drop a ransom note named HOW_TO_DECRYPT_FILES.html.

RANSOM RANSOM

19.1.19

Oscar Venom Ransomware discovered

MalwareHunterTeam discovered a new Jigsaw Ransomware variant called Oscar Venom that appends the .venom extension to encrypted files.

RANSOM RANSOM

19.1.19

Fake Jigsaw variants

MalwareHunterTeam discovered some new fake Jigsaw Ransomware variants that do not encrypt and have a password of "1212". They then display the "RUSSIAN FEDERATION ATTACKING YOU!" message when closing the program.

RANSOM RANSOM

19.1.19

Jigsaw Ransomware has a loooong extension

Michael Gillespie found a new Jigsaw Ransomware sample that uses a very looooong extension.

RANSOM RANSOM

19.1.19

New GIF Dharma variant

Jakub Kroustek found a new Dharma variant that appends the .gif extension to encrypted files.

RANSOM RANSOM

19.1.19

StopDecryptor updated to support offline Djvu variants

Michael Gillespie updated his StopDecryptor to support newer .djvu variants.

RANSOM RANSOM

19.1.19

Fallout Exploit Kit is Back with New Vulnerabilities and Payloads

The Fallout exploit kit is back in business after a short downtime, with new tools under its belt such as a new Flash exploit, HTTPS support, a new landing page format and the capability to deliver payloads using Powershell. One of its payloads is GandCrab.

RANSOM RANSOM

19.1.19

New BitPaymer variant

GrujaRS found a new variant of BitPaymer that appends the .locked extension and drops a ransom note named [file_name].readme_txt

RANSOM RANSOM

19.1.19

RickRoll Locker discovered

MalwareHunterTeam discovered anew ransomware called RICKROLL LOCKER that appends the .cryptoid extension and drops ransom notes named CRYPTOID_BLOCKED.txt, CRYPTOID_HELP.txt, and CRYPTOID_MESSAGE.txt. Appears to be a Aurora offline variant.

RANSOM RANSOM

19.1.19

New James Ransomware

Leo found a new ransomware that appends the .James extension to encrypted files.

RANSOM RANSOM

19.1.19

FileCryptor Ransomware discovered

Michael Gillespie found a new ransomware that drops a ransom note named HOW TO DECRYPT FILES.txt.

RANSOM RANSOM

19.1.19

New Phobos Dharma variant

Coveware found a new variant of the Dharma ransomware that appends the .phobos extension to encrypted files.

RANSOM RANSOM

13.1.19

Batch file ransomware discovered

MalwareHunterTeam discovered a very simply ransomware that is a batch file called Encoder.bat and uses WinRar to add files to a password protected archive.

RANSOM RANSOM

13.1.19

GandCrab Operators Use Vidar Infostealer as a Forerunner

Cybercriminals behind GandCrab have added the infostealer Vidar in the process for distributing the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files.

RANSOM RANSOM

13.1.19

Bridgeport Schools computer network falls victim to cyberattack

The city school district’s computer network was attacked Friday by a virus caused by an outside entity that intended to hold district data hostage for ransom, district officials say.

RANSOM RANSOM

13.1.19

CryptoMix Ransomware Exploits Sick Children to Coerce Payments

With people becoming more aware of ransomware, criminals are coming up with some pretty low life schemes in order to coerce victims into paying ransomware. Such is the case with a CryptoMix ransomware, who pretends to represent a sick children's charity and is asking for a ransom payment as if it was a charitable donation.

RANSOM RANSOM

13.1.19

Ryuk Ransomware Attack: Rush to Attribution Misses the Point

The most likely hypothesis in the Ryuk case is that of a cybercrime operation developed from a tool kit offered by a Russian-speaking actor. From the evidence, we see sample similarities over the past several months that indicate a tool kit is being used. The actors have targeted several sectors and have asked a high ransom, 500 Bitcoin. Who is responsible? We do not know. But we do know how the malware works, how the attackers operate, and how to detect the threat. That analysis is essential because it allows us to serve our customers.

RANSOM RANSOM

13.1.19

The cyber-attack that sent an Alaskan community back in time

The BBC reports about the Ransomware attack that took out a town in Alaska. In 2018, a remote Alaskan community’s infrastructure was hit by a malware attack which forced it offline. It was only then they realised how much they depended on computers.

RANSOM RANSOM

13.1.19

Ahihi Ransomware discovered

MalwareHunterTeam found the Ahihi ransomware does not change the extension.

RANSOM RANSOM

13.1.19

Ransomware ransom note tries to phish PayPal account

MalwareHunterTeam found a new ransom note that also attempts to steal PayPal account credentials through a phishing page.

RANSOM RANSOM

13.1.19

Possible new STOP/Djvu variant

Michael Gillespie is searching for a new Ransomware that appends the .pdff extension and drops a note named _openme.txt.

RANSOM RANSOM

13.1.19

Del Rio City Hall Forced to Use Paper After Ransomware Attack

The City Hall of Del Rio, Texas was hit by a ransomware attack on Thursday, which led to multiple computers on the network being turned off and disconnected from the Internet to contain and analyze the malware.

RANSOM RANSOM

13.1.19

Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks

New research now indicates that the Ryuk actors may be renting other malware as an Access-as-a-Service to gain entrance to a network.

RANSOM RANSOM

13.1.19

New STOP variants

Michael Gillespie noticed two new STOP variant that was uploaded to ID Ransomware and appends the .tfude or the .tro extensions to encrypted file names.

RANSOM RANSOM

5.1.19

New MindSystemNotRansomware variant discovered

MalwareHunterTeam found a new MindSystemNotRansomWare variant that uses a new and interesting wallpaper.

RANSOM RANSOM

5.1.19

New SeonRansomware distributed through Exploit kits

Vigilantbeluga discovered a new ransomware called SeonRansomware that is being distributed through Malvertising and the GreenFlashSundown exploit kit. This ransomware appends the .FIXT extension and drops a ransom note named YOUR_FILES_ARE_ENCRYPTED.txt and readme.hta.

RANSOM RANSOM

5.1.19

Master Decryption Key Released for FilesLocker Ransomware

On December 29th, a Pastbin post was created that contains the master RSA decryption key for the FilesLocker Ransomware. The release of this key has allowed a decryptor to be created that can recover victim's files for free.

RANSOM RANSOM

5.1.19

How to Decrypt the FilesLocker Ransomware with FilesLockerDecrypter

On December 29th, an unknown user released the master RSA decryption key for FilesLocker v1 and v2. This allowed Michael Gillespie to release a decryptor for files encrypted by the FilesLocker Ransomware that have the .[fileslocker@pm.me] extension appended to file names.

RANSOM RANSOM

5.1.19

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

According to Brian Krebs:
Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.

RANSOM RANSOM

5.1.19

Irish Rail Operator Gets Ransom Note on Its Website

The website of Luas.ie, the tram rail system operator in Dublin, Ireland, has been taken offline today after someone replaced its content with a ransom note demanding one bitcoin not to publish customer data.

RANSOM RANSOM

5.1.19

FilesLocker 2.1 Released

MalwareHunterTeam discovered that FilesLocker v2.1 ransomware was released. This variant comes with a new RSA key, so it is no longer decryptable.

RANSOM RANSOM

5.1.19

New decryptable ransomware discovered

MalwareHunterTeam discovered a ransomware that appends the .recovery_email_[retmydata@protonmail.com]_ID_[FCFABBBE].aes256 and is decryptable. If you are infected with this ransomware you can contact Michael Gillespie.

RANSOM RANSOM

5.1.19

New B2DR Ransomware variant

Michael Gillespie.found a new variant of the B2DR Ransomware that appends the .artilkilin@tuta.io.wq2k extension to encrypted files.

RANSOM RANSOM

5.1.19

How to Decrypt the Aurora Ransomware with AuroraDecrypter

The good news is that the variants of this ransomware family can be decrypted for free using a decryptor created by Michael Gillespie. In order to use the decryptor a victim just needs to have two encrypted files of a certain file type, which will be described later in the guide.

RANSOM RANSOM

5.1.19

Another new Paradise Ransomware variant

MalwareHunterTeam found a new variant of the Paradise Ransomware that appends the "_%ID%_{alexbanan@tuta.io}.CORP" extension to encrypted files.

RANSOM RANSOM

5.1.19

New Indrik Ransomware

Michael Gillespie found a new ransomware uploaded to ID Ransomware that appends the ".INDRIK" and drops a ransom note named "# HOW TO DECRYPT YOUR FILES #.html".

RANSOM RANSOM

5.1.19

Boom Ransomware discovered

MalwareHunterTeam found the Boom Ransomware that tells you to contact a person on Facebook to get a PIN to decrypt the files. This is basically a front end to the Xorist ransomware.

RANSOM RANSOM

5.1.19

Target777 Ransomware targeting businesses

Michael Gillespie found a new ransomware that is highly targeted as it includes a victim's name in the extension, emails, and ransom notes. The extensions also include the "777" digits. Michael thinks it may be based off of Defray.

RANSOM RANSOM

5.1.19

Lockify Ransomware discovered

An in-development ransomware called Lockify was discovered by Leo that appends the .tunca extension to encrypted files.

RANSOM RANSOM

5.1.19

New Paradise Ransomware version

Michael Gillespie found a new Paradise Ransomware variant that appends an extension with the pattern "__{}.VACv2" and drops a ransom note named "$%%! NOTE ABOUT FILES -=!-.html".

RANSOM RANSOM

5.1.19

New LockCrypt 2.0 variant

Michael Gillespie found a new variant of the LockCrypt 2.0 ransomware that appends the extension " id-.LyaS" and drops a ransom note named "How To Restore Files.hta".

RANSOM RANSOM

5.1.19

18 Months Later, WannaCry Still Lurks on Infected Computers

Eighteen months after the initial outbreak of the WannaCry Ransomware infection, the malware continues to rear its head on thousands, if not hundreds of thousands, of infected computers.

RANSOM RANSOM

5.1.19

JungleSec Ransomware Infects Victims Through IPMI Remote Consoles

A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.

RANSOM RANSOM

5.1.19

New Snatch Ransomware discovered

Michael Gillespie is looking for a sample of the Snatch Ransomware that appends the .snatch and drops a ransom note named Readme_Restore_Files.txt.

RANSOM RANSOM

5.1.19

New Crysis Ransomware variant discovered

Jakub Kroustek discovered a new Dharma Ransomware variant that appends the .bizer extension to encrypted files.

RANSOM RANSOM

5.1.19

AuroraDecryptor updated for Nano variant

Michael Gillespie updated the AuroraDecrypter to support the new .Nano variant. A guide on how to use it can be found here.

RANSOM RANSOM

5.1.19

New Hidden Tear variant asks for 200 million yen.

MalwareHunterTeam found a new Hidden Tear variant that uses the extension .locked and asks for 200 million yen.

RANSOM RANSOM

5.1.19

MMM Reborn

Michael Gillespie found a new TripleM variant called "MMM Reborn". The ransomware renames an encrypted file to hex and drops a ransom note named IF_YOU_NEED_FILES_READ_ME.html.

RANSOM RANSOM

5.1.19

New nano Scarab Ransomware

Michael Gillespie found a new Scarab Ransomware variant that uses the extension .nano. This should not be confused with the Aurora variant that uses the upper case .Nano.

RANSOM RANSOM

5.1.19

New GarrantyDecrypt variant

Michael Gillespie discovered a new variant of the GarrantyDecrypt Ransomware that appends the ".NOSTRO" or ".nostro" extensions and drops a ransom note named "#RECOVERY_FILES#.txt".

RANSOM RANSOM

5.1.19

New Project57 Ransomware

Michael Gillespie discovered the Project57 Ransomware that uses the ".[ti_kozel@lashbania.tv].костя баранин" or ".[ti_kozel@lashbania.tv].êîñòÿ áàðàíèí", if the correct code page is not installed. The ransomware also drops ransom note names "DECRYPT.HTML" and "DECRYPT.txt".

RANSOM RANSOM

5.1.19

Ryuk Ransomware Involved in Cyberattack Stopping Newspaper Distribution

A cyberattack reportedly bearing the signature of Ryuk ransomware caused disruption over the weekend in printing and delivery of major newspapers in the US from Tribune Publishing and Los Angeles Times.

RANSOM RANSOM

5.1.19

New Ransomware hunt

Michael Gillespie is looking for a ransomware that appends the ".send.ID[redacted].to.dernesatiko@mail.com.crypted"extension and drops a note named "HOW TO DECRYPT FILES.txt".

RANSOM RANSOM