Ransomware News-  Úvod  2019  2018

Update 11.02.2019 18:43:58

Úvod  Ransomware  Jak útoèí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj  Ransomware Articles

 

Ransom News

Datum

Název

Obrázek

Popis

17.8.19 Emsisoft's Aurora Decryptor updated Výsledek obrázku pro ransomware Emsisoft's Aurora decryptor was updated to support the Dragon Ransomware with the locked extension.
17.8.19 New Pedro STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .pedro extension.
17.8.19 New Dragon Ransomware Aurora variant Dragon Ransomware Jack discovered a new variant of the Aurora ransomware that appends the .locked extension and drops a ransom note named #DECRYPT_MY_FILES#.txt.
17.8.19 New LuckyJoe GonnaCry variant LuckyJoe Amigo-A discovered a new GonnaCry variant called LuckyJoe that appends the .GNNCRY extension and drops a ransom note named GNNCRY_Readme.
17.8.19 New Plague17 Dont Worry Ransomware variant Výsledek obrázku pro ransomware Alex Svirid discovered a new Dont_Worry Ransomware variant called Plague17 that changes the file name to [16 hex digit]>.PLAGUE17-[16 hex digits] extension and drops a ransom note named PLAGUE17.txt.
17.8.19 They Stole Your Files, You Don’t Have to Pay the Ransom Výsledek obrázku pro ransomware Lack of public awareness may be one reason that victims of ransomware in the United States are often willing to pay their attackers in order to regain control of their files and computer systems. In June alone, two cities in Florida — Riviera Beach and Lake City — agreed to make Bitcoin ransom payments worth roughly $600,000 and $460,000, respectively. In both cities, most of the payments will be covered by their insurers.
17.8.19 New Nacro STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nacro extension.
17.8.19 New Coharos Stop DJvu variant Výsledek obrázku pro ransomware M. Shahpasandi found a new STOP Djvu variant that appends the .coharos extension to encrypted files.
17.8.19 Interview With Fabian Wosar – Emsisoft Výsledek obrázku pro ransomware Safety Detective’s Aviva Zacks learned all about how a young child, fascinated by computer viruses, became a cybersecurity superstar. Read our interview with Fabian Wosar, Emsisoft’s CTO.
17.8.19 New Nasoh STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nasoh extension.
17.8.19 STOP Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated the STOP Decryptor to support the offline keys for the .cosakos, .nvetud, .kovasoh, .brusaf, .londec, and .krusop extension.
17.8.19 New Krusop and Mtogas STOP Djvu variants STOP Michael Gillespie found new STOP Djvu Ransomware variants that append the .krusop or .mtogas extensions.
17.8.19 New Relock Ransomware variant Relock Amigo-A found a new variant of the Relock Ransomware that drops ransom notes named FIX_Instructions.txt and FIX_Instructions.hta.
17.8.19 New Cry36/Nemesis variant Cry36 M. Shahpasandi found a new Cry36/Nemesis variant that appends the .id_*********_.WECANHELP extension and drops a ransom note named _RESTORE FILES_.txt.
17.8.19 Canon DSLR Camera Infected with Ransomware Over the Air Canon DSLR Ransomware Vulnerabilities in the image transfer protocol used in digital cameras enabled a security researcher to infect with ransomware a Canon EOS 80D DSLR over a rogue WiFi connection.
10.8.19 New SkidPatrol Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam found a new ransomware called SkidPatrol.
10.8.19 New Londec STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP DJvu variant that appends the .londec extension to encrypted file names.
10.8.19 How Reverse Engineering (and Cyber-Criminals’ Mistakes) Can Help You When You’ve Been a Ransomware Victim Výsledek obrázku pro ransomware Luckily for us, ransomware developers are not always as professional as they wish and sometimes, they make mistakes that allow us to recover the kidnapped files without having to pay the ransom. That’s exactly what happened with a ransomware called Whiterose.
10.8.19 Emsisoft Decryptor for JSWorm 4.0 Výsledek obrázku pro ransomware JSWorm 4.0 is a ransomware written in C++ that uses a modified version of AES-256 to encrypt files, and adds the extension ".[ID-][].JSWRM to files.
10.8.19 US Accounts for More than Half of World's Ransomware Attacks Stats The threat of ransomware is more prevalent in the U.S., with more than half of the global detections originating from this country, a new report informs
10.8.19 New Help Phobos Ransomware variant Výsledek obrázku pro ransomware Raby found a new variant of the Phobos Ransomware that appends the .help extension to encrypted file names.
10.8.19 New MegaCortex variant Výsledek obrázku pro ransomware Vitali Kremez found a new variant of the MegaCortex Ransomware that users the MEGA-G6= marker.
10.8.19 Arsium Ransomware Builder released Arsium Ransomware Builder Jan discovered the new Arsium Ransomware Builder being prompted on malware forums.
10.8.19 STOP Djvu Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Djvu decryptor to support the offline keys for the .nelasod, .mogranos, .lotej, .prandel, .zatrov, .masok extensions.
10.8.19 New Brusaf STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP DJvu variant that appends the .brusaf extension to encrypted file names.
10.8.19 New Lord Exploit Kit Pushes njRAT and ERIS Ransomware Výsledek obrázku pro ransomware A new kit for web-based attacks calling itself Lord EK has been spotted at the beginning of the month as part of a malvertising chain that uses the PopCash ad network.
10.8.19 New STOP DJvu variants Výsledek obrázku pro ransomware Michael Gillespie found two new STOP DJvu variants that append the .zatrov or .prandel extensions to encrypted file names.
10.8.19 SODINOKIBI: THE CROWN PRINCE OF RANSOMWARE Výsledek obrázku pro ransomware In April of 2019, the Cybereason Nocturnus team encountered and analyzed a new type of ransomware dubbed Sodinokibi. Sobinokibi is highly evasive, and takes many measures to prevent its detection by antivirus and other means.
10.8.19 New version of MegaCortex targets business disruption Výsledek obrázku pro ransomware iDefense engineers have identified and analyzed a recently updated version of the dangerous ransomware MegaCortex, which is known to have previously caused costly incidents across various industries in Europe and North America.
10.8.19 New Paradise Team Ransomware Výsledek obrázku pro ransomware Alex Svirid found a new ransomware called Paradise Team and appending the .junior extension to encrypted files.
10.8.19 ECh0raix Ransomware Decryptor Restores QNAP Files For Free Decryptor A decryptor for the eCh0raix Ransomware, or QNAPCrypt, has been released that allows victims to recover encrypted files on their QNAP NAS devices.
10.8.19 GermanWiper Ransomware Erases Data, Still Asks for Ransom Výsledek obrázku pro ransomware Multiple German companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware targeted them and asked for a ransom. This wiper is being named GermanWiper due to its targeting of German victims and it being a destructive wiper rather than a ransomware.
10.8.19 New Q1G Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma ransomware that appends the .Q1G extension to encrypted file names.
4.8.19 New MegaCortex variant Výsledek obrázku pro ransomware Vitali Kremez found a new variant of the MegaCortex ransomware that uses MEGA-F8= file marker.
4.8.19 New Lotej and Kovasoh STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP DJvu ransomware that append the .lotej or .kovasoh extensions to encrypted files.
4.8.19 Ransom Note Replaces 2.1M Customer Records on Open MongoDB Výsledek obrázku pro ransomware Hackers on the prowl for unsecured databases found a publicly accessible MongoDB instance and replaced the almost 1.2 million sensitive records it stored with a ransom note.
4.8.19 New Syrk Ransomware Syrk Leo found the new Syrk Ransomware that appears to be in development.
4.8.19 New Nvetud and Cosakos STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP DJvu ransomware that append the .nvetud or .cosakos extensions to encrypted files.
4.8.19 Article on the Clop CryptoMix Ransomware variant Výsledek obrázku pro ransomware This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There are some variants of the Clop ransomware but in this report, we will focus on the main version and highlight part of those variations. The main goal of Clop is to encrypt all files in an enterprise and request a payment to receive a decryptor to decrypt all the affected files. To achieve this, we observed some new techniques being used by the author that we have not seen before. Clearly over the last few months we have seen more innovative techniques appearing in ransomware.
4.8.19 Updated STOP Decryptor Výsledek obrázku pro ransomware Michael Gillespie updated the STOP Djvu decrypt the offline keys for the .ndarod, .access, and .format extensions.
4.8.19 New Mogranos STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware that appends the .mogranos extension to encrypted files.
4.8.19 Aurora Decryptor updated Výsledek obrázku pro ransomware Emsisoft updated the Aurora decryptor to support the .infected extension.
4.8.19 Tflower Ransomware discovered TFlower GrujaRS found a new ransomware called TFlower that does not append an extension and uses a targeted ransom note.
4.8.19 New Scarab Ransomware variant Výsledek obrázku pro ransomware Amigo-A discovered a new Scarab Ransomware variant that appends the .rsalive extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
4.8.19 US Govt, NGOs Ask Cyber Community to Boost Ransomware Defenses Výsledek obrázku pro ransomware A joint statement published by the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) urges government partners and the cyber community to reinforce their ransomware defenses.
4.8.19 Some Govt web sites hit with ransomware Govt website Germán Fernández noticed that at one point some government web sites got hit with the Dharma and Phobos ransomware infections.
4.8.19 New Access and Format STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP Djvu ransomware that append the .access and .format extensions to encrypted files.
4.8.19 Ransomware infection takes some police car laptops offline in Georgia Výsledek obrázku pro ransomware A ransomware infection at the Georgia Department of Public Safety (DPS) has crippled laptops installed in police cars across the state.
4.8.19 The price of being a ransomware hero: Chips with Everything podcast Výsledek obrázku pro ransomware The Guardian interviews Fabian Wosar about ransomware.
4.8.19 Attackers Are Wiping Iomega NAS Devices, Leaving Ransom Notes IomegaCrypt Attackers are deleting files on publicly accessible Lenovo Iomega NAS devices and leaving ransom notes behind. These ransom notes state that the attackers will give the files back if a bitcoin ransom is paid.
4.8.19 New Android Ransomware Uses SMS Spam to Infect Its Victims Android SMS ransomware A new ransomware family targeting Android devices spreads to other victims by sending text messages containing malicious links to the entire contact list found on already infected targets.
4.8.19 New MegaCortex variant discovered Výsledek obrázku pro ransomware Vitali Kremez found a new variant of the MegaCortex ransomware that uses MEGA-F3= file marker.
4.8.19 New EXE Xorist variant Výsledek obrázku pro ransomware Amigo-A found a new Xorist variant that appends the .exe extension and drops a ransom note named HOW-TO-DECRYPT-FILES.HTM.
4.8.19 New Nqix Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .nqix extension.
4.8.19 Clop CryptoMix variant is back Clop MalwareHunterTeam noted that the Clop CryptoMix Ransomware variant is back from an extended absence.
28.7.19 New Scarab Ransomware variant Scarab Amigo-A found a new Scarab Ransomware variant that appends the .btchelp@xmpp.jp extension to encrypted files and drops a ransom note named HOW TO RECOVER - btchelp@xmpp.jp ENCRYPTED FILES.TXT.
28.7.19 New Ndarod STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .ndarod extension to encrypted files.
28.7.19 No More Ransom Success Story: Saves $108+ Million in Ransomware Payments Výsledek obrázku pro ransomware Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and researchers, the project has been able to help hundreds of thousands, if not millions, of victims get their encrypted files back for free. Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and researchers, the project has been able to help hundreds of thousands, if not millions, of victims get their encrypted files back for free.
28.7.19 Ransomware attacks four Louisville healthcare clinics Výsledek obrázku pro ransomware Four Louisville healthcare centers are infected with ransomware, according to Park DuValle Community Health Center CEO Ann Hagan-Grigsby. This is the second attack so far this year. The CEO said they contacted the FBI shortly after learning of the infected servers.
28.7.19 New Acuf2 Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .Acuf2 extension.
28.7.19 STOP DJvu Ransomware decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Decryptor to support the offline keys for the .lapoi, .todar, .dodoc, .bopador, and .novasof extensions.
28.7.19 New Ntuseg STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .ntuseg extension to encrypted files.
28.7.19 New Banjo Phobos Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Phobos Ransomware variant that appends the .banjo extension.
28.7.19 Ransomware Attack Cripples Power Company’s Entire Network Výsledek obrázku pro ransomware A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications.
28.7.19 Ransomware Attacks Prompt Louisiana to Declare State of Emergency Výsledek obrázku pro ransomware Louisiana Governor John Edwards has declared a state of emergency after a wave of ransomware attacks targeted school districts this month. This Emergency Declaration will allow Louisiana state resources and cybersecurity experts to assist local governments in securing their networks.
28.7.19 New Haven Public Schools hit by ransomware attack Výsledek obrázku pro ransomware The New Haven Public School district recently was hit by a ransomware attack, an official confirmed Wednesday.
28.7.19 DecryptIomega Ransomware discovered DecryptIomega Amigo-A found a new ransomware called DecryptIomega that is target Lenovo Iomega NAS drives. The files are hidden, or removed, so it is not know if anything is encrypted, but it does drop a ransom note named YOUR FILES ARE SAFE!!!.txt.
28.7.19 A deep dive into Phobos ransomware Výsledek obrázku pro ransomware Phobos ransomware appeared at the beginning of 2019. It has been noted that this new strain of ransomware is strongly based on the previously known family: Dharma (a.k.a. CrySis), and probably distributed by the same group as Dharma.
28.7.19 NinjaRMM Partner Used To Seed Ransomware Výsledek obrázku pro ransomware NinjaRMM said its tool was used to spread ransomware across “multiple endpoints” within the last 36 hours, and it is encouraging partners to enable two-factor authentication, which it said could have stopped the attack, according to an email it sent to partners today.
28.7.19 New STOP Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new STOP Djvu Ransomware variants that append the .novasof or .bopador extensions to encrypted files.
28.7.19 Ransomware: Most Popular Malware in Underground Forums Výsledek obrázku pro ransomware Through the analysis of over 3.9 million posts on underground hacker and malware forums, a new report illustrates the most common malware and threats being discussed.
28.7.19 Sodinokibi Ransomware Distributed by Hackers Posing as German BSI Výsledek obrázku pro ransomware BSI, the German national cybersecurity authority, has issued a warning regarding a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages.
28.7.19 Vigo County works to assess extent of malware attack Výsledek obrázku pro ransomware Vigo County officials are working today to determine what kind of attack was made on the county's computer system.
28.7.19 New ransomware taunting Emsisoft Výsledek obrázku pro ransomware A new ransomware was discovered by Petrovic that appears to be taunting Emsisoft by using the extensions .xuy and ..emsisosisoft.
28.7.19 New com2 Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .com2 extension.
28.7.19 New Dodoc STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .dodoc extension to encrypted files.
28.7.19 Technical analysis of Ryuk ransomware that targets the large organizations Výsledek obrázku pro ransomware Ryuk ransomware, a modified version of Hermes, is used by Grim Spider a cyber-criminal group, it made its first appearance in August 2018.
28.7.19 New Maoloa Ransomware variant Maoloa Ransomware GrujaRS found a new Maoloa Ransomware variant that appends the .Hades666 extension and drops a ransom note named HOW TO BACK YOUR FILES.txt.
28.7.19 New STOP Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new STOP Djvu Ransomware variants that append the .lapoi or .todar extension to encrypted files.
28.7.19 LooCipher Ransomware Decryptor Gets Your Files Back for Free Loocipher A decryptor for the LooCipher Ransomware has been released by Emsisoft that allows victims to decrypt their files for free. If you were infected with LooCipher, do not pay the ransom and instead follow the instructions below.
28.7.19 New Lucky Joe Ransomware Výsledek obrázku pro ransomware Germán Fernández found a new ransomware called Lucky Joe that appears to be a GonnaCry variant. According to pollo290987, this variant drops a ransom note named GNNCRY_Readme.txt.
28.7.19 New RotorCrypt Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new RotorCrypt Ransomware !-information-...___ingibitor366@cumallover.me___....RT4BLOCK and drops a ransom note named NEWS_INGiBiToR.txt.
28.7.19 STOP DJvu Ransomware decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Decryptor to support the offline keys for the .gusau, .madek, and .tocue extensions.
28.7.19 New Daris STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .daris extension to encrypted files.
28.7.19 New Tocue STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .tocue extension to encrypted files.
28.7.19 Haka Ransomware found Výsledek obrázku pro ransomware Michael Gillespie is looking for a ransomware that appends the extension .haka and drops a ransom note named !!!READ_ME_FIRST!!!.txt.
28.7.19 LilLocked Ransomware found Výsledek obrázku pro ransomware Michael Gillespie is looking for a ransomware that appends the extension .lilocked and drops a ransom note named #README.lilocked.
28.7.19 New Scarab Ransomware variant Výsledek obrázku pro ransomware Alex Svirid found a new Scarab Ransomware variant that appends the {Help557@cock.li}.exe extension to encrypted file names.
21.7.19 Emsisoft releases imS00rry decryptor Výsledek obrázku pro ransomware Emsisoft released a decryptor for imS00rry Ransomware.
21.7.19 SkyStars Ransomware discovered Výsledek obrázku pro ransomware Petrovic‏ found a new ransomware called SkyStars.
21.7.19 New Matrix Ransomware variant Matrix Amigo-A found a new Matrix Ransomware variant that appends the .[Kromber@tutanota.com] extension and drops a ransom note named #_#ReadMe#_#.rtf.
21.7.19 La Porte County Pays $130,000 Ransom To Ryuk Ransomware Výsledek obrázku pro ransomware Another public administration in the U.S. surrenders cybercriminal demands as La Porte County, Indiana, pays $130,000 to recover data on computer systems impacted by ransomware.
21.7.19 New 1BTC Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .1BTC extension to encrypted files.
21.7.19 New DoppelPaymer Ransomware Emerges from BitPaymer's Code Výsledek obrázku pro ransomware Malware researchers have discovered a new file-encrypting malware they dubbed DoppelPaymer that has been making victims since at least mid-June, asking hundreds of thousands of US dollars in ransom.
21.7.19 Ryuk, Sodinokibi Ransomware Responsible for Higher Average Ransoms Výsledek obrázku pro ransomware The average payment demand following a ransomware attack has almost doubled in the second quarter of the year and victims have Ryuk and Sodinokibi to blame.
21.7.19 FBI Releases Master Decryption Keys for GandCrab Ransomware Výsledek obrázku pro ransomware In an FBI Flash Alert, the FBI has released the master decryption keys for the Gandcrab Ransomware versions 4, 5, 5.0.4, 5.1, and 5.2. Using these keys, any individual or organization can create and release their very own GandCrab decryptor.
21.7.19 New Budak and Herad STOP DJvu variants Výsledek obrázku pro ransomware Michael Gillespie found a new variants of the STOP DJvu Ransomware that append the .budak or .herad extension to encrypted files.
21.7.19 New Nemesis Ransomware variant Výsledek obrázku pro ransomware M. Shahpasandi found a new variant of the Cry36/Nemesis Ransomware that appends the .id_**********_.YOUR_LAST_CHANCE extension to encrypted file names.
21.7.19 Onondaga Libraries hit by ransomware attack, locations open but some services affected Výsledek obrázku pro ransomware Libraries across Onondaga County continue to deal with service issues caused by a cyber attack discovered last Friday.
21.7.19 Lessons learned from ransomware authors’ crypto mistakes Výsledek obrázku pro ransomware Some ransomware authors get the cryptography right, but make web security mistakes that leave their command and control (C2) infrastructure vulnerable to attacks.
21.7.19 New Berosuce STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu Ransomware that appends the .berosuce extension to encrypted files.
21.7.19 STOP Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP DJvu Ransomware decryptor to support the offline keys for the .godes, .budak, .heran, and .berosuce extensions.
21.7.19 Sodinokibi Spam campaign attacking Germany Výsledek obrázku pro ransomware Karsten Hahn reported that a spam wave targeting Germany was distributing the Sodinokibi Ransomware.
21.7.19 Radio station WMNF victim of ransomware cyberattack Výsledek obrázku pro ransomware Tampa-based community radio station WMNF 88.5-FM is stepping up cybersecurity after its computer systems were hobbled by ransom-seeking hackers last month.
21.7.19 New Phobos Ransomware variant Phobos GrujaRS found a new variant of the Phobos ransomware that appends the .id[XXXXXX-2224].[zoye1596@msgden.net].actor extension and drops a ransom note named info.txt.
21.7.19 New Ouroboros Ransomware Ransomware GrujaRS found a new variant of the Ouroboros Ransomware that appends the .[id=xxxxxxx][mail=BackFileHelp@protonmail.com].limbo extension and drops a ransom note named Read-Me-Now.txt.
21.7.19 Avast Releases a GandCrab Decryptor Výsledek obrázku pro ransomware Avast Software has released their own decryptor for the GandCrab Ransomware.
21.7.19 New Gusau STOP DJvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP DJvu Ransomware that appends the .gusau, .vusad, .madek, or .gehad extensions to encrypted files.
21.7.19 STOP Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP DJvu Ransomware decryptor to support the offline keys for the .gehad extensions.
21.7.19 Ransomware attack impacting Collierville, officials say Výsledek obrázku pro ransomware City officials said the attack disrupted the town’s information technology systems. They first received reports of the disruption Thursday morning and have determined it is the Ryuk ransomware virus.
21.7.19 Elusive MegaCortex Ransomware Found - Here is What We Know MegaCortex A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer.
21.7.19 Ransomware Attacks Grow Rampant, Paying Still Not a Good Option Výsledek obrázku pro ransomware A flurry of ransomware attacks has been reported this week affecting entities in US states of Georgia, New York, Tennessee, and Florida.
21.7.19 iNSYNQ Cloud Hosting Provider Hit by Ransomware Attack Výsledek obrázku pro ransomware Cloud computing provider iNSYNQ experienced a ransomware attack which forced the company to shut down some of its servers to contain the malware infection from spreading and affecting more customer data.
21.7.19 Lawrenceville police latest victims of cyberattack Výsledek obrázku pro ransomware Lawrenceville police confirmed the FBI and private security experts have been called in to help with the cyberattack that has hijacked the department’s body camera file footage and other department files. It is also the same ransomware that attacked Henry County police, sources say.
21.7.19 New Maoloa Ransomware variant Maoloa GrujaRS found a new variant of the Maoloa Ransomware that appends .Persephone666 extension to encrypted files.
14.7.19 Monroe College Hit With Ransomware, $2 Million Demanded Výsledek obrázku pro ransomware A ransomware attack at New York City's Monroe College has shutdown the college's computer systems at campuses located in Manhattan, New Rochelle and St. Lucia. Attackers are demanding $2 million ransom to restore their files.
14.7.19 Northwest Indian College Hit with Ransomware Výsledek obrázku pro ransomware This week, the Northwest Indian College (NWIC) has been facing a cyberattack identified as the Ryuk ransomware virus. The outbreak has corrupted many internal files on our systems, including backups and legacy data.
14.7.19 New Bulba Ransomware Výsledek obrázku pro ransomware GrujaRS found a new ransomware called Bulba that appends the .Pox extension and drops a ransom note named HOW TO DECRYPT FILES.txt.
14.7.19 New Godes STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .godes extension.
14.7.19 STOP Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP DJvu decryptor to support the offline keys for the .cezor and .lokas extensions. Mayors pass resolution against paying ransomware ransoms.The U.S. Conference of Mayors has passed a resolution calling on city leaders not to pay ransoms to their cyberattackers in the event ransomware attacks.
14.7.19 New HTML Dharma variant Výsledek obrázku pro ransomware Amigo-A has discovered a new Dharma ransomware variant that appends the .HTML extension to encrypted files and drops a ransom note named HOW_TO_DECRYPT.txt/
14.7.19 Westchester Library System Attacked By Ransomware Virus Výsledek obrázku pro ransomware A ransomware virus attack on the Westchester Library System is being investigated, an IT official said on Wednesday, July 10.
14.7.19 New Nemesis Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a new Nemesis Ransomware variant that appends the YOUR_LAST_CHANCE extension to encrypted files and drops a ransom note named _RESTORE FILES_.txt.
14.7.19 Rodentia Ransomware discovered Výsledek obrázku pro ransomware MalwareHunterTeam found a new Jigsaw Ransomware variant called Rodentia Ransomware that does not encrypt anything.
14.7.19 Wanna Dead Ransomware discovered Výsledek obrázku pro ransomware MalwareHunterTeam found a new ransomware called Wanna Dead that is based off of HiddenTear and does not encrypt anything.
14.7.19 New .BKP Dharma variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma ransomware variant that appends the .BKP extension.
14.7.19 How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers Výsledek obrázku pro ransomware More eCh0raix news by Intezer who call this ransomware QNAPCrypt.
We at Intezer have detected and temporarily DoS’d the operation of a ransomware targeting Linux-based file storage systems (NAS servers).
14.7.19 New eCh0raix Ransomware Brute-Forces QNAP NAS Devices eCh0raix A new ransomware strain written in Go and dubbed eCh0raix by the Anomali Threat Research Team is being used in the wild to infect and encrypt documents on consumer and enterprise QNAP Network Attached Storage (NAS) devices used for backups and file storage.
14.7.19 Crown Ransomware discovered Crown Ransomware Petrovic discovered a new ransomware called Crown that appends the .CROWN extension to encrypted files.
14.7.19 Qihoo 360 releases a GandCrab v5.2 decryption tool Výsledek obrázku pro ransomware Previously, 360 Total Security intercepted all aspects of the attack and fully supported the powerful killing of the entire series of GandCrab ransomware. Nowadays, 360 Total Security launch the decryption tool for GandCrab v5.2, which means that 360 Total Security have supported GandCrab ransomware 4.0/5.0/5.0.2/5.0.3/ 5.0.4/5.1/5.2 full range of decryption, users who have been infected can successfully decrypt the file without paying for the ransom!
14.7.19 Ransomware REvil - Sodinokibi: Technical analysis and Threat Intelligence Report Výsledek obrázku pro ransomware The authors of Sodinokibi ransomware, even if they are the first versions of their creation, seem to have a long experience in this threats of cyber-crime.
Some researchers have identified the similarities with GandCrab ransomware, whose project was shut down in beginning June. It seems that Sodinokibi ransomware is the right candidate to fill the hole left behind GandCrab.
14.7.19 Rig Exploit Kit Pushing Eris Ransomware in Drive-by Downloads ERIS The RIG exploit kit has been spotted distributing the new ERIS Ransomware as its payload. Using the RIG exploit kit, vulnerable victims will find that the ransomware is installed on their computer without their knowledge simply by visiting a web site.
14.7.19 Who’s Behind the GandCrab Ransomware? Výsledek obrázku pro ransomware The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.
14.7.19 Custom exploit kit pushing the ERIS Ransomware Azera Exploit Kit Jérôme Segura found a custom exploit called Azera pushing the ERIS Ransomware.
14.7.19 New .lokas STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu variant that appends the .lokas extension to encrypted files.
14.7.19 New GarrantyDecrypt variant Výsledek obrázku pro ransomware Michael Gillespie found a new GarrantyDecrypt Ransomware variant that appends the .popoticus extension.
14.7.19 New .kick Dharma variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma ransomware variant that appends the .kick extension.
14.7.19 New .save Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found new a Dharma variant that append the .save extension.
14.7.19 New .php and .dqb Dharma variants Výsledek obrázku pro ransomware Jakub Kroustek found new Dharma variants that append the .php and.dqb extensions.
14.7.19 A City Paid a Hefty Ransom to Hackers. But Its Pains Are Far From Over. Výsledek obrázku pro ransomware More than 100 years’ worth of municipal records, from ordinances to meeting minutes to resolutions and City Council agendas, have been locked in cyberspace for nearly a month, hijacked by unidentified hackers who encrypted the city’s computer system sand demanded more than $460,000 in ransom.
14.7.19 New Basilisque Locker discovered Basilisque Amigo-A found a new ransomware called Basilisque Locker that appends the .basilisque@protonmail_com extension and drops a ransom note named HOW_TO_DECRYPT.txt.
14.7.19 New .crash Dharma variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma ransomware variant that appends the .crash extension.
6.7.19 Eurofins Scientific: Forensic services firm paid ransom after cyber-attack Výsledek obrázku pro ransomware The UK's biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.
6.7.19 New Cezar STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .cezar extension to encrypted files.
6.7.19 New DRCTR Ransomware variant Výsledek obrázku pro ransomware Amigo-A has disovered a new DRCTR variant that appends the .CAGO extension and drops the ransom notes named DECRYPT_INFO.txt and DECRYPT_INFO.hta.
6.7.19 STOP DJvu Decryptor Updated Výsledek obrázku pro ransomware Michael Gillespie's STOP DJvu decryptor has been updated to include the offline keys for the .nusar, .litar, and .besub extensions.
6.7.19 Sodinokibi Ransomware Exploits Windows Bug to Elevate Privileges Výsledek obrázku pro ransomware The Sodinokibi ransomware is looking to increase its privileges on a victim machine by exploiting a vulnerability in the Win32k component present on Windows 7 through 10 and Server editions.
6.7.19 VirusEncoder Discovered VirusEncoder GrujaRS discovered a ransomware called VirusEncoder that appends the .boooam@cock_li extension and drops a ransom note named HOW_TO_DECRYPT_FILES.html.
6.7.19 SEON Ransomware 0.2 spotted Výsledek obrázku pro ransomware Petrovic found the 0.2 version of the SEON Ransomware.
6.7.19 Don't pay ransom payments for Cryakl CS1.6 Výsledek obrázku pro ransomware Alex Svirid explains: "If you were hit by Cryakl CS1.6 ransomware (3nity@tuta.io) before July 3 2019, this one is for you: As far as we know authorities have taken control of crook's server, that keeps private keys. Attention - attacker didn't backup any data, so you shouldn't pay him."
6.7.19 Crypto Locker Ransomware Výsledek obrázku pro ransomware Petrovic found a new ransomware that calls itself Crypto Locker and appends the .isolated extension to encrypted files.
6.7.19 CXK NMSL Ransomware Výsledek obrázku pro ransomware Petrovic found a new ransomware called CXK NMSL that is a batch file. It appends the .cxk_nmsl extension to encrypted files.
6.7.19 Georgia court system hit by ransomware attack Výsledek obrázku pro ransomware At least a portion of the digital information systems for Georgia’s court system has been taken offline by a ransomware attack after a note was found requesting contact, officials confirmed Monday.
6.7.19 New Phobos Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Phobos Ransomware variant that appends the .1500dollars extension to encrypted files.
6.7.19 Cryakl Changes its extension scheme Výsledek obrázku pro ransomware Michael Gillespie explains "Looks like Cryakl Ransomware has a new extension ".cs16" - e.g. "email-3nity@tuta.io.ver-CS 1.6.id-.fname-NEWS.RTF.cs16""
6.7.19 New Litar STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .litar extension to encrypted files.
6.7.19 New Scarab Ransomware variant Scarab Amigo-A found a new Scarab ransomware variant that appends the .alilibat extension and drops a ransom note named DECRYPT.TXT.
6.7.19 Wav_list Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .wav_list extension and drops a ransom note named HOW TO DECRYPT[].txt.
6.7.19 “We need to up our game”—DHS cybersecurity director on Iran and ransomware Výsledek obrázku pro ransomware Talking with Ars, Christopher Krebs shares the to-do list: Iran, ransomware—and elections.
6.7.19 Freezing PowerShell Ransomware Výsledek obrázku pro ransomware Petrovic found a new ransomware written in PowerShell that appends the .Freezing extension.
6.7.19 New Go Ransomware spreads via EternalBlue Výsledek obrázku pro ransomware A Shadow found a ransomware written in Go that uses the Pyexe tool to spread via EternalBlue. This ransomware appends the .locked extension.
6.7.19 STOP DJvu Decryptor Updated Výsledek obrázku pro ransomware Michael Gillespie's STOP DJvu decryptor has been updated to include the offline keys for the .truke, .dalle, and .lotep extensions.
6.7.19 Peekaboo Ransomware decryptor released Výsledek obrázku pro ransomware Emsisoft released a decryptor for the Peekaboo Ransomware.
6.7.19 New Nusar STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .nusar extension to encrypted files.
6.7.19 Hacked Ad Server Pushes SEON Ransomware, Trojans Via Malvertising SEON Ransomware The ad server for a very popular video converter site was hacked to display malvertising that loads the GreenFlash Sundown exploit kit. This exploit kit would then drop the SEON Ransomware, Pony information stealing Trojan, and miners on a vulnerable computer.
6.7.19 New PZDC Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new PZDC Ransomware variant that appends the ,pzdc extension and drops a ransom note named 1_VIRUS_SHIFROVALSHIK.txt.
6.7.19 Popotic Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .popotic extension and drops a ransom note named HOW-TO-RESTORE-FILES.txt.
6.7.19 Attackers Earn Over $1 Million in Florida Ransomware Attacks Výsledek obrázku pro ransomware Hackers launching ransomware attacks against municipalities in Florida locked earnings in excess of $1 million this month as administrators of two cities found no other way to recover files on affected systems.
6.7.19 Ransomware strain Troldesh spikes again – Avast tracks new attacks Výsledek obrázku pro ransomware This week the ransomware known as Troldesh, which made headlines early this year, spiked again in Russia, Mexico, and the U.S.
6.7.19 Craftul Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .craftul extension and drops a ransom note named FilesInfo.txt.
6.7.19 Peekaboo Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .peekaboo extension and drops a ransom note named @@_TAKE_A_LOOK_@@.txt.
6.7.19 New Zeropadypt Ransomware variant Zeropadypt Amigo-A found a new variant of the Zeropadypt Ransomware that appends the .limbo extension and drops a note named Read-Me-Now.txt.
6.7.19 New XXXX Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek discovered a new Dharma Ransomware variant that appends the .xxxx extension to encrypted files.
6.7.19 New Lotep STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .lotep extension to encrypted files.
6.7.19 Troll Ransomware Hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new rnasomware that appends the .TROLL extension and drops a ransom note named HOW TO BACK YOUR FILES.txt.
6.7.19 Sting Catches Another Ransomware Firm — Red Mosquito — Negotiating With “Hackers” Výsledek obrázku pro ransomware We recently wrote about two U.S. firms that promised high-tech ransomware solutions but instead paid the cyber-attacker. A U.K. company appears to do the same.
6.7.19 Walan Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware variant that appends the .WALAN extension and drops a ransom note named DECRYPT_INFO.txt.
6.7.19 New Phobos Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie was shown a new Phobos ransomware variant that uses the .wallet extension. This extension is best known as being used by Dharma.
6.7.19 New Litra Ransomware Litra S!Ri discovered a new ransomware that appends the .Litra extension to encrypted files.
6.7.19 New Dharma Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new Dharma variants that appends the .hccapx and .cap extensions to encrypted files.
6.7.19 New Dalle STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .dalle extension to encrypted files.
6.7.19 Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising Výsledek obrázku pro ransomware The Sodinokibi Ransomware has been spotted being distributed through malvertising that redirects to the RIG exploit kit. With the use of exploit kits, Sodinokibi is now using a wide stream of vectors to infect victims with the ransomware.
6.7.19 New Snatch Ransomware variant Výsledek obrázku pro ransomware Petrovic found a new Snatch Ransomware variant that appends the .cbs0z extension to encrypted files and drops a ransom note named RESTORE_CBS0Z_DATA.txt.
22.6.19 New [Locked] Ransomware Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the [LOCKED] extension and drops a ransom note named UNLOCK INSTRUCTIONS.txt.
22.6.19 New Hack Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .HACK extension to encrypted files.
22.6.19 New 0day Dharma Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma Ransomware variant that appends the .0Day extension to encrypted files.
22.6.19 Stop Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his Stop Decryptor to support the offline key for the .vesad extension variant.
22.6.19 Release of GandCrab 5.2 Decryptor Ends a Bad Ransomware Story GandCrab Decryptor In collaboration with law enforcement agencies around the world, Bitdefender has released an updated decryptor for the GandCrab Ransomware that can decrypt files encrypted by versions 1, 4, and 5 through 5.2.
22.6.19 New Horon STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of STOP Djvu ransomware that appends the .horon extension to encrypted files.
22.6.19 New Orion version of Major Ransomware Orion Major Ransomware Amigo-A found a new variant of the Major Ransomware that appends the .orion extension on encrypted files and drops a ransom note named READ_ME.orion.
22.6.19 WannaCash Decryptor updated Výsledek obrázku pro ransomware Alex Svirid updated his WannaCash Decryptor to support new variants.
22.6.19 New Middleman Ransomware Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .middleman2020 extension and drops a ransom note named !INSTRUCTI0NS!.TXT.
22.6.19 New Copan DCRTR Ransomware DCRTR Amigo-A found a new variant of the DCRTR Ransomware that appends the .COPAN extension and drops ransom notes named HOW TO DECRYPT FILES.txt and HOW TO DECRYPT FILES.hta.
22.6.19 Ryuk Ransomware Adds IP and Computer Name Blacklisting Ryuk Ransom Note A new variant of the Ryuk Ransomware has been discovered that adds IP address and computer blacklisting so that matching computers will not be encrypted.
22.6.19 New Neras STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of STOP Djvu ransomware that appends the .neras extension to encrypted files.
22.6.19 New Adage Phobos Ransomware variant Výsledek obrázku pro ransomware M. Shahpasandi found a new variant of the Phobos Ransomware that appends the .id[********-****].[helpteam38@protonmail.com].adage exemsion to encrypted files.
22.6.19 Florida city pays $600,000 to ransomware gang to have its data back Výsledek obrázku pro ransomware The city council for Riviera Beach, Florida, voted this week to pay more than $600,000 to a ransomware gang so city officials could recover data that has been locked and encrypted more than three weeks ago.
22.6.19 DanaBot Banking Trojan Upgraded with 'Non Ransomware' Module Non Ransomware A new malicious campaign is distributing an upgraded variant of DanaBot that comes with a new ransomware module used to target potential victims from Italy and Poland via phishing emails which deliver malware droppers. Checkpoint also released a decryptor for this ransomware.
22.6.19 Stop Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his Stop Decryptor to support the offline key for the .horon extension variant.
22.6.19 New Ransomnix Ransomware variant Ransomnix Amigo-A found a new variant of the Ransomnix Ransomware that appends the .dmo extension and drops a ransom note named HOW_TO_RETURN_FILES.txt.
22.6.19 Sodinokibi Ransomware Spreads Wide via Hacked MSPs, Sites, and Spam Sodinokibi Ransom Note With the GandCrab Ransomware operation shutting down, affiliates are looking to fill the hole left behind with other ransomware. Such is the case with the Sodinokibi Ransomware, whose affiliates are using a wide range of tactics to distribute the ransomware and earn a commission.
22.6.19 New LooCipher Ransomware Spreads Its Evil Through Spam LooCipher A new ransomware called LooCipher has been discovered that is actively being used in the wild to infect users. While it is not known exactly how this ransomware is being distributed, based on some of the files that were found, we believe it is through a spam campaign.
22.6.19 New Truke STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of STOP Djvu ransomware that appends the .truke extension to encrypted files.
22.6.19 New Bitch Ransomware Bitch Ransomware MalwareHunterTeam found a new ransomware that calls itself "Bitch Ransomware". Nuff said.
16.6.19 New Myskle and Boston STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new variants of the STOP Djvu Ransomware that append the .myskle or .boston extensions to encrypted files.
16.6.19 STOP Decryptor Updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Decryptor to contain the offline key for the .heroset variant.
16.6.19 New Zoh Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .zoh extension to encrypted files.
16.6.19 JSWorm Ransomware 3.1 Released JSWorm 3.1 Amigo-A discovered JSWorm Ransomware 3.1 that uses a new ransom note named JSWORM-DECRYPT.hta. Still uses the .jsworm extension.
16.6.19 New Muslat STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .muslat extension to encrypted files.
16.6.19 Food Bank Hit By Ransomware, Needs Your Charity to Rebuild Výsledek obrázku pro ransomware Ransomware attacks hit indiscriminately and sometimes they may affect charitable organizations that can’t afford to surrender to the demand. Auburn Food Bank in King County, Washington, fell victim to a ransomware strain known as GlobeImposter 2.0, which encrypted all computers on their network.
16.6.19 How Cybercriminals Recruited Young Romanian Woman Výsledek obrázku pro ransomware In this excerpt from Kate Fazzini’s “Kingdom of Lies,” one former Romanian hacker tells how she got into the biz.
16.6.19 New Gerosan STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .gerosan extension to encrypted files.
16.6.19 New Html Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .html extension to encrypted files.
16.6.19 Bisquilla Ransomware discovered Bisquilla Ransomware Jack found the Bisquilla Ransomware, which appears to be in dev as it does not encrypt.
16.6.19 New Cephalo Ransomware discovered Výsledek obrázku pro ransomware Daniel Gallagher discovered a ransomware being distributed through a LNK file that contains a PowerShell command.
16.6.19 Ransomware identification for the judicious analyst Výsledek obrázku pro ransomware Malware detection is a simple yes- or no-answer to the question: Is this file malicious?
Or in case of ransomware detection: Is this file ransomware? Identification on the other hand will provide an aswer to the question: Which malware or ransomware family is this?
16.6.19 Ransomware halts production for days at major airplane parts manufacturer Výsledek obrázku pro ransomware ASCO, one of the world's largest suppliers of airplane parts, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium.
16.6.19 New SD 1.1 Ransomware SD 1.1 Ransomware A new ransomware called SD 1.1 was posted on the BleepingComputer forums and was identified by Amigo-A, The ransomware appends the .[Unlock11@protonmail.com].enc extension.
16.6.19 pyLocky Decryptor Released by French Authorities Výsledek obrázku pro ransomware A decryptor for pyLocky Ransomware versions 1 and 2 has been released by French authorities that allows victim to decrypt their files for free.
16.6.19 New Vesad STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .vesad extension to encrypted files.
16.6.19 STOP Decryptor Updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Decryptor to contain the offline key for the .boston, .muslat, and .gerosan extension.
16.6.19 New Harma Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .harma extension to encrypted files.
16.6.19 Armageddon Ransomware Discovered Armageddon Ransomware S!Ri discovered the Armageddon Ransomware. This ransomware does not encrypt all files on the PC.
16.6.19 New Poop Ransomware? Ransomware Petrovic found a new ransomware that appends the .poop extension to encrypted files. It is quite ugly too.
16.6.19 GandCrab is covering up their tracks GandCrab cleaning up CapsLo0ck noticed that the Gandcrab devs have asked Exploit.in to delete their posts on the site.
9.6.19 GandCrab Ransomware Shutting Down After Claiming to Earn $2.5 Billion GandCrab Post After almost a year and a half, the operators behind the GandCrab Ransomware are shutting down their operation and affiliates are being told to stop distributing the ransomware.
9.6.19 Dodger Ransomware discovered Dodger Ransomware MalwareHunterTeam discovered a new ransomware called Dodger that appends the .dodger extension and shows this not very nice screen.
9.6.19 New Lanset and Redmat Stop Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP Djvu Ransomware that appends the .lanset and .redmat extensions to encrypted files.
9.6.19 New BSC Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .bsc extension to encrypted files.
9.6.19 Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA Výsledek obrázku pro ransomware Sodinokibi ransomware was known so far for being installed via Oracle WebLogic exploit (see Talos' article). A new campaign uses spam emails with attached MS Office Word document to download Sokinokibi to the target system. JamesWT found the first sample, Sculabs another one[1]. The email pretends to be a warning letter from the fee collection center of public-law broadcasting institutions in the Federal Public of Germany and demands 213.50 EUR payment.
9.6.19 Baltimore ransomware perp pinky-swears he didn’t use NSA exploit Výsledek obrázku pro ransomware Over the past few weeks, a Twitter account that has since been confirmed by researchers to be that of the operator of the ransomware that took down Baltimore City's networks May 4 has posted taunts of Baltimore City officials and documents demonstrating that at least some data was stolen from a city server. Those documents were posted in response to interactions I had with the ransomware operator in an attempt to confirm that the account was not a prank.
9.6.19 New Davda Stop Ransomware found Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .davda extension to encrypted files.
9.6.19 Baltimore’s bill for ransomware: Over $18 million, so far Výsledek obrázku pro ransomware It has been a month since the City of Baltimore's networks were brought to a standstill by ransomware. On Tuesday, Mayor Bernard "Jack" Young and his cabinet briefed press on the status of the cleanup, which the city's director of finance has estimated will cost Baltimore $10 million—not including $8 million lost because of deferred or lost revenue while the city was unable to process payments. The recovery remains in its early stages, with less than a third of city employees issued new log-in credentials thus far and many city business functions restricted to paper-based workarounds.
9.6.19 New Pidom and Poret Stop Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP Djvu Ransomware that appends the .pidom and .poret extensions to encrypted files.
9.6.19 New Kjh Dharma Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Dharma Ransomware that appends the .kjh extension to encrypted files.
9.6.19 New Wannacash Ransomware variant Výsledek obrázku pro ransomware Alex Svirid found a new WannaCash Ransomware variant that changes an encrypted file's name to "файл зашифрован (original_filename) .punisher"
9.6.19 The RIG Exploit Kit is Now Pushing the Buran Ransomware Buran Ransom Note The RIG exploit kit is now infecting victim's computers with a new ransomware variant called Buran. This ransomware is a variant of the Vega ransomware that was previously being distributed through Russian malvertising campaigns.
9.6.19 New Heroset Stop Ransomware found Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .heroset extension to encrypted files.
9.6.19 STOP Djvu Decryptor udpated Výsledek obrázku pro ransomware Michael Gillespie has updated his STOP Djvu decrypter to include the offline keys for the .stone, .lanset, .davda, .poret, .pidon extensions.
9.6.19 New GlobeImposter 2 variant Výsledek obrázku pro ransomware Michael Gillespie found a new GlobeImposter 2 variant that appends the .{dresdent@protonmail.com}DDT extension to encrypted files.
9.6.19 New Euclid Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new ransomware called Euclid uploaded to ID Ransomware that appends the .euclid extension and drops a ransom note named how to recovery.txt.
9.6.19 Hackers Won’t Let Up in Their Attack on U.S. Cities Výsledek obrázku pro ransomware WSJ reports that there were two intrusions in Baltimore city networks; one by an actor that used EternalBlue to move around the network and the other was the one who installed RobbinHood and did not use EternalBlue."Local governments across the country are facing a growing threat of cyberattacks and escalating ransom demands, as an attack in this city has crippled thousands of computers for a month."
2.6.19 In-dev GottaCry Ransomware GottaCry MalwareHunterTeam found a new ransomware called GottaCry that is in-development.
2.6.19 SysFrog Ransomware discovered Výsledek obrázku pro ransomware Michael Gillespie spotted a ransomware that appends the .sysfrog extension to encrypted files and drops a ransom note named how_to_decrypt.txt.
2.6.19 New QBX Dharma Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie spotted a new Dharma Ransomware variant that appends the .qbx extension to encrypted files.
2.6.19 New Mogera STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .mogera extension to encrypted files.
2.6.19 New ZOH Dharma Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie spotted a new Dharma Ransomware variant that appends the .zoh extension to encrypted files.
2.6.19 New BEETS Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek spotted a new Dharma Ransomware variant that appends the .beets extension to encrypted files.
2.6.19 New Rezuc STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .rezuc extension to encrypted files.
2.6.19 New Eric Ransomware Výsledek obrázku pro ransomware Michael Gillespie spotted a new ransomware that appends the .ERIS extension and drops a ransom note named @ READ ME TO RECOVER FILES @.txt.
2.6.19 New GlobeImposter variant Výsledek obrázku pro ransomware GrujaRS found a new GlobeImposter variant that appends the .LotR extension and drops a ransom note named NEW_WAVE.html.
2.6.19 MBR-based NMoreira Boot Ransomware NoMeira Boot variant Dave Logue found a variant of the NMoreira Ransomware that appears to be targeting the MBR.
2.6.19 Fake WannaCry Ransomware WannaCry MalwareHunterTeam found a fake WannaCry Ransomware that looks like it was made a joke, school assignment, or for "fun".
2.6.19 New Harma Dharma Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie spotted a new Dharma Ransomware variant that appends the .harma extension to encrypted files.
2.6.19 STOP Ransomware Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Djvu Ransomware decryptor to support the offline keys for the .skymap, .mogera, and .rezuc variants.
2.6.19 New Buran Ransomware spotted Výsledek obrázku pro ransomware Michael Gillespie spotted a new ransomware on ID-Ransomware that utilizes what looks like a GUID for the extension. For example, .3674AD9F-5958-4F2A-5CB7-F0F56A8885EA. It also drops a ransom note named !!! YOUR FILES ARE ENCRYPTED !!!.TXT.
2.6.19 Sodinokibi Ransomware Pushed via Foreclosure Warning Spam Sodinokibi Ransomware A malspam campaign targeting potential German victims is actively distributing Sodinokibi ransomware via spam emails disguised as foreclosure notifications with malicious attachments which pose as foreclosure notifications.
2.6.19 Maze Ransomware Says Computer Type Determines Ransom Amount Maze Ransomware A variant of the Maze Ransomware, otherwise known as the ChaCha Ransomware, has been spotted being distributed by the Fallout exploit kit. An interesting feature of this ransomware is that it says the ransom amount will be different depending on whether the victim is a home computer, server, or workstation.
2.6.19 New Stone STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .stone extension to encrypted files.
2.6.19 New RotorCrypt Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new RotorCrypt Ransomware variant that appends the !__prontos@cumallover.me__.bak extension.

26.5.19

New ransomware discovered Výsledek obrázku pro ransomware Michael Gillespie found a new ransomware that appends the .[epta.mcold@gmail.com] and drops a ransom note named !INSTRUCTI0NS!.TXT,
26.5.19 New in-dev EZDZ Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam found a new in-dev ransomware called EZDZ that utilizes the .EZDZ extension and drops a ransom note named HELP_PC.EZDZ-REMOVE.txt.
26.5.19 New Radman STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .radman extension.
26.5.19 New Ferosas STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .ferosas extension.
26.5.19 New TOR13 Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .TOR13 extension to encrypted files.

26.5.19

Cryptocurrent scam pushing ransomware Výsledek obrázku pro ransomware Frost found an Ether scam distributing a new ransomware.
26.5.19 JSWorm 2.0 Ransomware Decryptor Gets Your Files Back For Free JSWorm Decryptor A decryptor for the JSWorm 2.0 Ransomware has been released by Emsisoft this week that allows victims to decrypt their files for free. If you become infected with JSWorm 2.0, do not pay the ransom and instead follow the instructions below.
26.5.19 Louisville Regional Airport Authority hit by 'ransomware' attack Výsledek obrázku pro ransomware WDRB reports: "The Louisville Regional Airport Authority said it fell victim to ransomware Monday morning."
26.5.19 GetCrypt Ransomware Brute Forces Credentials, Decryptor Released GetCrypt A new ransomware called GetCrypt is being installed through malvertising campaigns that redirect victims to the RIG exploit kit. Once installed, GetCrypt will encrypt all of the files on a computer and then demand a ransom payment to decrypt the files.
26.5.19 Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next Výsledek obrázku pro ransomware A NY Times article by Niraj Chokshi covering Baltimore being hit by the RobbinHood ransomware. Also includes a quote from your favorite ransomware information site :)

26.5.19

New Rectot STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .rectot extension.
26.5.19 New Les Scarab Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Scarab Ransomware variant that appends the .les# extension and drops a ransom note named как расшифровать файлы les#.TXT.
26.5.19 Wiper disguised as ransomware distributed via email Výsledek obrázku pro ransomware honkone found an email pushing a malicious executable. Bart analyzed and determined it was a ransomware, but Michael Gillespie stated it was actually a wiper. The fun of malware.
26.5.19 STOP Djvu Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated the STOP Djvu decryptor to support the offline IDs for .ferosas, .rectot, and .INFOWAIT variants.  
26.5.19 Sodinokibi Ransomware Poised to Impact Larger Enterprises Výsledek obrázku pro ransomware Coveware states:"Given the sophisticated attack vector and the investment the developers of Sodinokibi have made to their payment TOR site, this variant seems to be poised to become a popular choice among ransomware distributors."
26.5.19 New Good Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .GOOD extension to encrypted files.
26.5.19 NordFox Ransomware discovered Nordfox GrujaRS discovered the NordFox Ransomware, which appends the .legacy extension to encrypted files and drops a ransom note named READ_ME.txt.
26.5.19 New Skymap STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .skymap extension.

18.5.19

New STOP Djvu variant discovered Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu variant that adds the .codnat extension to encrypted files.
18.5.19 New Dharma variants released Výsledek obrázku pro ransomware Jakub Kroustek found new variants of the Dharma Ransomware that append the .qbtex and the .yG extension to encrypted files.
18.5.19 New STOP Djvu variant discovered Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu variant that adds the .codnat1 extension to encrypted files.
18.5.19 WannaCry still present on 1.7 million machines Výsledek obrázku pro ransomware 2 years after WannaCry and there’s still 1.7M machines with SMB exposed to the Internet!
18.5.19 New DrWeb Dharma variant released Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .drweb extension to encrypted files.
18.5.19 New STOP Djvu variant discovered Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu variant that adds the .bufas extension to encrypted files.
18.5.19 Wesker Encrypter discovered Wesker Michael Gillespie found the Wesker Encrypter that does not add an extension but drops ransom notes name !!!INSTRUCTION_RNSMW!!!.txt.

18.5.19

New ChaCha Ransomware variant ChaCha Michael Gillespie found a new ChaCha Ransomware variant that appends a random 6-7 char extension and drops a ransom note named DECRYPT-FILES.html.
18.5.19 Non Ransomware discovered Non Ransomware GrujaRS found the Non Ransomware that appends the .non extension and drops a ransom note named HowToBackFiles.txt. Possibly in-dev as the ransom note does not include an email address.
18.5.19 New Dharma variants released Výsledek obrázku pro ransomware Jakub Kroustek found new variants of the Dharma Ransomware that append the .jack and .PLUT extensions to encrypted files.
18.5.19 JSWorm Ransomware sends a shoutout to researchers Shoutout The JSWorm Ransomware sent a shoutout in its code to MalwareHunterTeam, S!Ri, and Amigo-A.
18.5.19 Possible new Desktop Ransomware variant Desktop Ransomware GrujaRS found a new ransomware that could be a variant of the Desktop Ransomware. This ransomware prepends the Locked. string to encrypted file's names.
18.5.19 THE TRADE SECRET: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers Výsledek obrázku pro ransomware As ransomware attacks crippled businesses and law enforcement agencies, two U.S. data recovery firms claimed to offer an ethical way out. Instead, they typically paid the ransom and charged victims extra.
18.5.19 New DDOS Dharma variant released Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .DDOS extension to encrypted files.

18.5.19

New Oops Scarab Ransomware variant Scarab Ransom Note Amigo-A found a new Scarab Ransomware variant that appends the .Oops extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
18.5.19 New Mamba Phobos Ransomware variant Phobos Mamba variant GrujaRS found a new Phobos Ransomware variant that appends the .mamba extension to encrypted files.
18.5.19 New Cry Dharma variant released Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .cry extension to encrypted files.
18.5.19 New STOP Djvu variant discovered Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu variant that adds the .dotmap extension to encrypted files.
18.5.19 The Reality Of Ransomware Výsledek obrázku pro ransomware "About 1.5 million ransomware attacks occur annually, putting individuals and corporations in a no-win situation. ProPublica technology reporter Renee Dudley joins host Krys Boyd to explain how these attacks work, how firms can sometimes recover the stolen data, and how sometimes the solution is just to pay up.Her recent story on the topic is a joint investigation with The Guardian."
18.5.19 New Ge0l0Gic Ransomware Geologic Ransomware GrujaRS found the Ge0l0Gic Ransomware that appends the .ge0l0gic extension and drops a ransom note named .ge0l0gic_readme.txt.
18.5.19 ZQ Ransomware decryptor updated Výsledek obrázku pro ransomware Emsisoft has updated their ZQ Ransomware decryptor to support the w_unblock24@qq.com].ws variant.
18.5.19 New 4k Dharma variant released Výsledek obrázku pro ransomware Jakub Kroustek found a variant of the Dharma Ransomware that appends the .4k extension to encrypted files.
18.5.19 Baltimore Ransomware still affecting city services Baltimore services Catalin Cimpanu states "A list of what's still down, almost 2 weeks after the attack:"
18.5.19 STOP Djvu Decrypter updated Výsledek obrázku pro ransomware Michael Gillespie released an update for his STOP Decrypter to support the offline IDs for the .shadow, .fordan, .codnat, and .dotmap extensions.

11.5.19

New MegaCortex Ransomware Found Targeting Business Networks

MegaCortex Ransom Note

A new ransomware has been discovered called MegaCortex that is targeting corporate networks and the workstations on them. Once a network is penetrated, the attackers infect the entire network by distributing the ransomware using Windows domain controllers.

11.5.19

New STOP Ransomware variant

Výsledek obrázku pro ransomware

Amigo-A found a new STOP Djvu Ransomware variant that appends the .sarut extension to encrypted files.

11.5.19

New Navi Scarab Ransomware variant

Výsledek obrázku pro ransomware

Alex Svirid found a new Scarab Ransomware variant that appends the .Navi extension to encrypted files.

11.5.19

New BAT Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new Dharma ransomware variant that appends the .bat extension to encrypted files.

11.5.19

New Scarab Ransomware variant

Scarab Ransom Note

Amigo-A found a new Scarab Ransomware variant that appends the kes$ extension and drops a ransom nte named Инструкция по расшифровке.TXT.

11.5.19

New Scarab Ransomware variant

Zorro Ransom Note

Amigo-A found a new Scarab Ransomware variant that appends the .zoro extension and drops a ransom nte named !!! RESTORE DATA !!!.TXT.

11.5.19

New Dharma variants

Výsledek obrázku pro ransomware

Jakub Kroustek found a bunch of new Dharma ransomware variants that append the ,qbix, .aa1, and .wal extension to encrypted files.

11.5.19

Yara rules created for the MegaCortex Ransomware

Výsledek obrázku pro ransomware

Marc Rivero López created Yara rules to detect the MegaCortex ransomware and the Rietspoof loader. This MegaCortex rule is posted here and the Rietspoof rule is here.

11.5.19

New STOP Ransomware variant

STOP Ransom Note

Amigo-A found a new STOP Djvu Ransomware variant that appends the .fedasot extension to encrypted files and drops a ransom note named _readme.txt.

11.5.19

New KBK GlobeImposter 2.0 variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new GlobeImposter 2.0 Ransomware variant that appends the .{Killback@protonmail.com}KBK extension.

11.5.19

Ransomware hunt for the Recry Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a ransomware that appends the .recry1 extension and drops a ransom note named decryption_help.txt.

11.5.19

New STOP Ransomware variants

Výsledek obrázku pro ransomware

Michael Gillespie found new STOP Djvu Ransomware variants that appends the .forasom or .berost extensions to encrypted files.

11.5.19

Local Authorities in Texas and Maryland Hit by Ransomware

Výsledek obrázku pro ransomware

The servers of Baltimore City Hall and Amarillo, TX, Potter County were hit by ransomware attacks, with the former having shut down most servers while the latter already got some of its computing systems back online.

11.5.19

STOP Decryptor offline keys updated

Výsledek obrázku pro ransomware

Michael Gillespie updated STOP Decryptor with the offline keys for .roldat, .dutan, .sarut, .berost, and .forasom.

11.5.19

Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims

Encrypted files

A new Dharma ransomware strain is using ESET AV Remover installations as a "smoke screen" technique designed to distract victims while their files are encrypted in the background as detailed by Trend Micro.

11.5.19

New MERS Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new Dharma ransomware variant that appends the .MERS extension to encrypted files.

11.5.19

New Blitzkrieg Ransomware

Výsledek obrázku pro ransomware

Amigo-A found the new Blitzkrieg Ransomware that appends the .bkc extension and drops a ransom note named HowToBackFiles.txt.

11.5.19

Imperial County officials to invest in rebuilding network following cyber attack

Výsledek obrázku pro ransomware

The hacker made a ransom demand of $1.2 million dollars in bitcoin to restore the network, a demand Imperial County decided not to pay.

11.5.19

Jokeroo Ransomware as a Service Pulls an Exit Scam

Jokeroo Exit scam

Since May 7th, 2019, the Tor sites for the Jokeroo Ransomware as a Service (RaaS) have started displaying a notice stating that their server was seized by the Royal Thai Police in conjunction with the Dutch National Police and Europol. It turns out that this notice is fake and the RaaS is performing an exit scam.

11.5.19

New BKC GlobeImposter 2.0 variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new GlobeImposter 2.0 Ransomware variant that appends the [blellockr@godzym.me].bkc extension.

11.5.19 New STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .fordan extension to encrypted files.
11.5.19 MegaCortex, deconstructed: mysteries mount as analysis continues Výsledek obrázku pro ransomware It’s been a week since we published our initial research on the ransomware calling itself MegaCortex. Our initial post was written over about a day and a half, as we started to observe an early outbreak on May 1. We have a lot of new information to share today.
11.5.19 New Matrix Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Matrix Ransomware variant that appends the .QH24 extension and drops a ransom note named !QH24_INFO!.rtf.
11.5.19 New FLKR Ransomware variant Výsledek obrázku pro ransomware Alex Svirid found a new FLKR Ransomware variant that appends the .+jabber-theone@safetyjabber.com extension to encrypted files.
4.5.19 Russian Legion Ransomware found Výsledek obrázku pro ransomware MalwareHunterTeam found a new HiddenTear variant called Russian Legion
4.5.19 Sodinokibi Ransomware found Ransom Note GrujaRS found the Sodinokibi Ransomware that assigned a random extension to each victim.
4.5.19 BellevueInject Ransomware Bellevue Inject MalwareHunterTeam found the BellevueInject CryptoWire variant that appears to target Bellevue College. Looks in-dev.
4.5.19 STOP Djvu Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated the STOP Djvu decryptor to include the offline IDs for .etols, .guvara, .norvas, .moresa, .verasto, and .hrosas.
4.5.19 New Fredd Dharma variant Výsledek obrázku pro ransomware Michael Gillespie spotted a new Dharma Ransomware variant that appends the .FREDD extension.
4.5.19 BigBobRoss Ransomware decrypted updated Výsledek obrázku pro ransomware Emsisoft has updated their decryptor for the BigBobRoss Ransomware to support the .cheetah variant.
4.5.19 New Prodecryptor Ransomware ProdeCryptor GrujaRS found a new ransomware named Prodecryptor that appends the .Prodecryptor extension and drops a ransom note named ReadME-Prodecryptor@gmail.com.txt.
4.5.19 New STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu variant that appends the .todarius extension to encrypted files.
4.5.19 LockerGoga Ransomware Family Used in Targeted Attacks Výsledek obrázku pro ransomware Once again, we have seen a significant new ransomware family in the news. LockerGoga, which adds new features to the tried and true formula of encrypting victims’ files and asking for payment to decrypt them, has gained notoriety for the targets it has affected.
4.5.19 Sodinokibi Ransomware Being Installed on Exploited WebLogic Servers Sodinokibi Ransomware payment site Attackers are exploiting a recently disclosed WebLogic vulnerability to install a new ransomware called Sodinokibi. As this vulnerability is trivial to exploit, it is important that server admins install the patch immediately in order to prevent infections or unauthorized access.
4.5.19 GitHub-Hosted Malware Targets Accountants With Ransomware Výsledek obrázku pro ransomware Threat actors ran a malvertising campaign on the Russian Yandex.Direct advertising network starting October 2018 to disseminate a malware cocktail designed to encrypt victims' data and steal cryptocurrency.
4.5.19 New STOP Djvu ransomware variants Výsledek obrázku pro ransomware Michael Gillespie has found new STOP Djvu variants that append the .roldat or .hofos extensions to encrypted files.
4.5.19 New .TXT Dharma Variant Výsledek obrázku pro ransomware Michael Gillespie has spotted a new variant of the Dharma ransomware that uses the .txt extension for encrypted files. This going to confuse as a lot of people.
4.5.19 Windows Server hosting provider still down a week after ransomware attack Výsledek obrázku pro ransomware A ransomware infection has crippled the operations of a US-based web hosting provider for almost eight days now, several of the company's disgruntled customers have told ZDNet today.
4.5.19 New Video Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma ransomware that appends the .video extension to encrypted files.
4.5.19 New Zeropadypt Ransomware Zeropadypt Ransomware Amigo_A_ found a new ransomware that fills "files with zeros".
4.5.19 Emsisoft releases a decryptor for the ZQ Ransomware Výsledek obrázku pro ransomware Emsisoft has released a decryptor for the ZQ Ransomware.
4.5.19 New WannaOof Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam found a new ransomware called WannaOof that appends the .oof extension to encrypted files.
4.5.19 STOP decryptor updated with further offline keys Výsledek obrázku pro ransomware Michael Gillespie has updated his STOP decryptor with the offline keys for .kiratos and .todarius.
4.5.19 Decryptor for MegaLocker and NamPoHyu Virus Ransomware Released MegaLocker Decryptor Emsisoft has released a decryptor for the MegaLocker and NamPoHyu Virus ransomware that has been targeting exposed Samba servers. Victims can now use this decryptor to recover their files for free.
4.5.19 New Wal Dharma variant Výsledek obrázku pro ransomware Michael Gillespie has found a new Dharma variant that appends the .wal extension to encrypted files.
4.5.19 New STOP Djvu ransomware variant Výsledek obrázku pro ransomware Michael Gillespie has found a new STOP Djvu variant that append the .dutan extension to encrypted files.
4.5.19 “MegaCortex” ransomware wants to be The One Mega Cortex Ransom Note A new ransomware that calls itself MegaCortex got a jolt of life on Wednesday as we detected a spike in the number of attacks against Sophos customers around the world, including in Italy, the United States, Canada, the Netherlands, Ireland, and France. The attackers delivering this new malware campaign employed sophisticated techiques in the attempt to infect victims.
27.4.19 New STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu ransomware variant that appends the .moresa extension to encrypted files.
27.4.19 New Scarab Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Scarab Ransomware that appends the .croc and drops a ransom note named HELP_BY_CROC.TXT.
27.4.19 New Paradise Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Paradise Ransomware variant that appends the .sambo extension and drops a ransom note named Instructions with your files.txt.
27.4.19 New LDPR Dharma variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma Ransomware that appends the .LDPR extension to encrypted files.
27.4.19 Someone made a payment to a WannaCry Ransomware wallet Výsledek obrázku pro ransomware Someone just paid 0.0584 BTC ($309.26 USD) to a bitcoin wallet tied to #WannaCry ransomware.
27.4.19 New Colorit Ransomware Výsledek obrázku pro ransomware Michael Gillespie spotted a new ransomware that appends the .COLORIT on ID Ransomware.
27.4.19 ST04: Ransomware Trends with Raj Samani and John Fokker Výsledek obrázku pro ransomware Raj Samani, Chief Scientist and McAfee Fellow, and John Fokker, Head of Cyber Investigations for McAfee Advanced Threat Research, discuss various ransomware attacks and how it’s evolving.
27.4.19 New STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new version of the STOP Djvu ransomware that appends the .verasto extension to encrypted files.
27.4.19 New Scarab Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new variant of the Scarab Ransomware that appends the .vally extension.
27.4.19 New Major Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Major Ransomware that appends the .mars extesion and drops a ransom note named READ_ME.mars.
27.4.19 Over 500% Increase in Ransomware Attacks Against Businesses Výsledek obrázku pro ransomware Cybercriminals have started focusing their efforts on businesses during Q1 2019, with consumer threat detections decreasing by roughly 24% year over year while businesses have seen a 235% increase in the number of cyber attacks against their computing systems.
27.4.19 New BigBobRoss Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new BigBobRoss variant that appends the .cheetah extension that drops a ransom note named How to recover your files.txt.
27.4.19 New STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .hrosas extension to encrypted files.
27.4.19 New Scarab Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Scarab Ransomware variant that appends the .[zoro4747@gmx.de].zoro and drops a ransom note named !!! RESTORE DATA !!!.TXT.
27.4.19 New JSWorm variant discovered with a message for ID-Ransomware JSWorm S!Ri found a new variant of the JSWorm that has a message for ID Ransomware.
27.4.19 New GlobeImposter variant GlobeImposter GrujaRS found a new GlobeImposter variant that appends the .DOCM and drops a ransom note named Restore-My-Files.txt.
27.4.19 Vulnerable Confluence Servers Get Infected with Ransomware, Trojans Výsledek obrázku pro ransomware A critical Atlassian Confluence Server vulnerability is being remotely exploited by attackers to compromise both Linux and Windows servers, allowing them to drop GandCrab ransomware and the Dofloo (aka AES.DDoS, Mr. Black) Trojan.
27.4.19 Snatch Ransomware discovered Výsledek obrázku pro ransomware GrujaRS found the Snatch Ransomware that appends the .hceem extension and drops a ransom note named RESTORE_HCEEM_DATA.txt.
27.4.19 Signed Hermes Ransomware variant spotted Výsledek obrázku pro ransomware MalwareHunterTeam found a signed Hermes Ransomware variant.
27.4.19 New Kiratos Stop Djvu Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new STOP Djvu ransomware variant that appends the .kiratos extension to encrypted files.
27.4.19 A Closer Look at the RobbinHood Ransomware End of encryption message The RobbinHood Ransomware is the latest player in the ransomware scene that is targeting companies and the computers on their network. This ransomware is not being distributed through spam but rather through other methods, which could include hacked remote desktop services or other Trojans that provide access to the attackers.
20.4.19 RobbinHood Ransomware Claims It's Protecting Your Privacy RobbinHood Ransomware A new ransomware is in play called RobbinHood that is targeting entire networks and then encrypting all computers that they can gain access to. They then request a certain amount of bitcoins to decrypt a single computer or a larger amount to decrypt the entire network.
20.4.19 New Locked Ransomware Locked Ransomware Petrovic found a new ransomware that appends the .locked extension and drops a ransom note named README[number].txt. Below is an image supplied by GrujaRS of this infection.
20.4.19 New Proyecto X Ransomware Proyecto X MalwareHunterTeam found a ransomware called Proyecto X that appends the .robinhood extension to encrypted files.
20.4.19 Android Sauron Locker Ransomware discovered Sauron Locker Lukas Stefanko found a new Android ransomware called Sauron Locker that locks device and replaces background wallpaper for ransom note.
20.4.19 Ransom amounts rise 90% in Q1 as Ryuk increases Výsledek obrázku pro ransomware Coveware's Q1 Ransomware Marketplace report aggregates anonymized ransomware data from cases handled and resolved by Coveware’s Incident Response Team. Unlike surveys, which rely on sentiment, this report is created solely from a standardized set of data collected from every case. By aggregating and sharing this data we believe large and small enterprises can better protect themselves from the persistent and ever-evolving ransomware threat.
20.4.19 'NamPoHyu Virus' Ransomware Targets Remote Samba Servers Ransom Note A new ransomware family called NamPoHyu Virus or MegaLocker Virus is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim's computer, the attacker is running the ransomware locally and having it remotely encrypt accessible Samba servers.
20.4.19 New Phoenix Phobos Ransomware variant Phoenix Phobos GrujaRS found a new variant of the Phobos Ransomware that appends the .phoenix extension to encrypted files and drops a ransom note named info.txt.
20.4.19 New Exploit Paradise Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new Paradise Ransomware variant that appends the .exploit extension to encrypted files.
20.4.19 New Burn Scarab Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Scarab Ransomware variant that appends the .burn extension to encrypted files.
20.4.19 Cube Ransomware Hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .cube extension and drops a ransom note named READ_ME.cube.
20.4.19 New CRABSLKT Scarab Ransomware variant Scarab Ransomware Amigo-A found a new Scarab Ransomware variant that appends the .CRABSLKT and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
20.4.19 Cyber-security firm Verint hit by ransomware Výsledek obrázku pro ransomware The Israel offices of US cyber-security firm Verint have been hit by ransomware, according to a screenshot taken by a Verint employee that started circulating online earlier today.
20.4.19 DLL Cryptomix Ransomware Variant Installed Via Remote Desktop CryptoMix Ransom Note The CryptoMix ransomware is still alive and kicking as a new variant has been spotted being spread in the wild. This new version appends the .DLL extension to encrypted files and is said to be installed through hacked remote desktop services.
20.4.19 New norvas STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .norvas extension to encrypted files.
20.4.19 Weekly Ransomware Market Share from Coveware Weekly Ransomware Market Share Coveware notes that Ryuk attacks have continued to decline in prevalence since last week. New Variants of Dharma and Phobos continue to hit smaller enterprises via RDP in the US. A slew of GandCrab attacks hit enterprises in Western Europe via CVE’s that allow remote code execution
20.4.19 Jokeroo jokers modify a GandCrab executable? Jokeroo GandCrab Jakub Kroustek discovered an unpacked GandCrab 5.3 executable that contains strings from the Jokeroo RaaS. It is not known if it's the GandCrab devleopers poking fun at another ransomware developers or the jokers behind Jokeroo playing with GandCrab.
13.4.19 Genesee County, Michigan Recovering from Ransomware Attack Výsledek obrázku pro ransomware Genesee County, Michigan was hit with a ransomware attack on Tuesday and the county has been working non-stop to get their systems back online. Unfortunately, this process turned out to be more difficult than expected and system are still down.
13.4.19 Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware Výsledek obrázku pro ransomware Recently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out of character due to FIN6’s historical targeting of payment card data. The intent of the intrusion was initially unclear because the customer did not have or process payment card data. Fortunately, every investigation conducted by Managed Defense or Mandiant includes analysts from our FireEye Advanced Practices team who help correlate activity observed in our hundreds of investigations and voluminous threat intelligence holdings. Our team quickly linked this activity with some recent Mandiant investigations and enabled us to determine that FIN6 has expanded their criminal enterprise to deploy ransomware in an attempt to further monetize their access to compromised entities.
13.4.19 New .btix Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek discovered a new variant of the Dharma ransomware that appends the .btix extension to encrypted files.
13.4.19 New raldug STOP Djvu variant Výsledek obrázku pro ransomware Amigo-A found a new variant of the STOP Djvu ransomware that appends the .raldug extension to encrypted file names.
13.4.19 AsuraHTTP Bot with Ransomware capabilities AsuraHTTP MalwareHunterTeam discovered a LiteHTTP Bot renamed as AsuraHTTP with some Ransomware code added to it.
13.4.19 Planetary Ransomware Decryptor Gets Your Files Back For Free Planetary Decryptor A decryptor for the Planetary Ransomware family was released by Emsisoft this week that allows victims to decrypt their files for free. This ransomware family is named Planetary because it commonly uses the names of planets for the extensions added to encrypted file's names.
13.4.19 Anubis Android Trojan Spotted with Almost Functional Ransomware Module Výsledek obrázku pro ransomware An Android application which steals PayPal credentials, encrypts files from the device's external storage, and locks the screen using a black screen was spotted in the Google Play Store by ESET malware researcher Lukas Stefanko.
13.4.19 GET YOUR DATA BACK WITHOUT PAYING RANSOM Výsledek obrázku pro ransomware "We reached out to three battle-weary ransomware knights — Wosar (whose day job is at Emsisoft), Lawrence Abrams from Bleeping Computer (a computer help site started in 2004) and Michael Gillespie, who founded the free ID Ransomware service three years ago — for tips on how individuals and businesses can thwart the thievery. They all had surprisingly similar advice"
13.4.19 Turkish Aurora offline variant Aurora MalwareHunterTeam discovered a new Turkish Aurora offline variant that adds the .cryptoid extension to encrypted files.
13.4.19 GoRansom pushed by maldoc Výsledek obrázku pro ransomware enSilo found a ransomware written in Go that is being pushed by a malicious Word document. Appears to be a research project.
13.4.19 Distributor of the Reveton Police Ransomware Jailed by UK's NCA Reveton A key member of a crime group behind the notorious Reveton Police Trojan that locked users out of Windows unless they paid a ransom has now found himself locked up in jail.
13.4.19 How did a teenager become the UK’s biggest cyber criminal? Výsledek obrázku pro ransomware BBC radio discusses:
Zain Qaiser made hundreds of thousands blackmailing porn users from his parents’ house.
13.4.19 STOP Djvu Decryptor updated STOP Decryptor Michael Gillespie updated his STOP Djvu decryptor to support the offline IDs for the .grovat, .raldug, and .roland variants.
13.4.19 New Extortion Email Threatens to Install WannaCry and DDoS Your Network Výsledek obrázku pro ransomware A new extortion email scam campaign is underway that states that your computer was hacked and that it was discovered you were hiding your taxes. The alleged hackers then demand 2 bitcoins or they will notify the "Tax Department", DDoS your network, and then install the WannaCry ransomware.
13.4.19 How to Save Ransomware Encrypted Files for Decryption Výsledek obrázku pro ransomware Coveware writes: When ransomware strikes and restoring from backups is not an option, a victim often feels that paying the ransom is the only option. Often, victims realize that they can indeed live without the data that has been encrypted, and are able to wait for a potential free decryption solution to be published. Given how unpredictable the release of free decryptor tools is, how should ransomware victims plan their recovery? What can they do to increase their chances of a full recovery?
13.4.19 New Bitcoin666 Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam found a new ransomware that appends the .bitcoin666@cock.li.word extension to encrypted files.
13.4.19 New .gate Dharma variant Výsledek obrázku pro ransomware Michael Gillespie spotted a new Dharma variant that uses the .gate extension.
13.4.19 New langolier Scarab variant Výsledek obrázku pro ransomware Amigo-A found a new Scarab variant that appends the .langolier extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
13.4.19 New guvara and etols STOP Djvu Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP Djvu Ransomware that append the .guvara and .etols extensions.
13.4.19 Emsisoft released a decryptor for the CryptoPokemon Výsledek obrázku pro ransomware Emsisoft released a decryptor for the CryptoPokemon Ransomware that appends the .CRYPTOPOKEMON extension.
13.4.19 New fuchsia Scarab Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new Scarab variant that appends the .fuchsia extension and drops a ransom note named DECRYPT FILES.TXT.
13.4.19 New Love Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma ransomware that appends the .LOVE extension.
13.4.19 New Tokog Scarab Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new Scarab variant that appends the .tokog extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
13.4.19 SadComputer Ransomware discovered SadComputer MalwareHunterTeam found the SadComputer ransomware which appends the .sad extension and drops a ransom note named sadcomputer_note.txt.
13.4.19 Weekly Ransomware Market Share from Coveware Weekly Ransomware Market Share According to Coveware, Ryuk cases have slowed a bit, though are still a substantial portion of new cases. GandCrab v5.2 has picked up slightly in April. Phobos and Dharma continue to hold the largest share of attacks affecting enterprises.
13.4.19 New browec STOP Djvu Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .browec extension.

6.4.19

New Plant Matrix Ransomware variant Výsledek obrázku pro ransomware Stephen DeLucia discovered a new Matrix Ransomware variant that appends the .Plant extension.

6.4.19

RobLocker X discovered Roblocker-x GrujaRS found a new ransomware called RobLocker X.

6.4.19

vxCrypter Is the First Ransomware to Delete Duplicate Files vxCrypter The vxCrypter Ransomware could be the first ransomware infection that not only encrypts a victim's data, but also tidy's up their computer by deleting duplicate files.

6.4.19

New York Albany Capital Hit by Ransomware Attack Výsledek obrázku pro ransomware The City of Albany, the capital of the U.S. state of New York, was hit by a ransomware attack on March 30, with city officials working over the weekend to respond to the incident.

6.4.19

Mira Ransomware decryptor released Výsledek obrázku pro ransomware F-secure released a decryptor for the Planetary ransomware variant that appends the .Mira extension.

6.4.19

Pacman Ransomware Pacman Ransomware MalwareHunterTeam found a new ransomware called.... Pacman. This ransomware prepends encrypted before the original extension.

6.4.19

Aurora decryptor released Výsledek obrázku pro ransomware Emsisoft released a decryptor for the Aurora ransomware.

6.4.19

New STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .grovat extension to encrypted files.

6.4.19

Cyber Criminals Increasingly Target Small and Midsize Businesses Výsledek obrázku pro ransomware A report by Chubbs "examines the emergence of new #ransomware and #malware strains, including Emotet, Ryuk, and Credential Stuffing".

6.4.19

Norsk Hydro releases a documentary-like video on their LockerGoga cyberattack Výsledek obrázku pro ransomware In a unprecedented move, Norsk Hydro created a documentary-like video about the employees who discovered they were infected by LockerGoga.

6.4.19

New STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .roland extension to encrypted files.

6.4.19

Arizona Beverages knocked offline by ransomware attack Výsledek obrázku pro ransomware Arizona Beverages, one of the largest beverage suppliers in the U.S., is recovering after a massive ransomware attack last month, TechCrunch has learned.

6.4.19

MR.Z3B1 Jigsaw variant Jigsaw MalwareHunterTeam found a new Jigsaw Ransomware variant that appends the Contact onlineservices1@usa.com Hacked by Z3b1 your ID [MI0985547KE] .locked extension to encrypted files.

6.4.19

New hunt for Ransomware that appends ._Crypted Výsledek obrázku pro ransomware Michael Gillespie is looking for a ransomware sample that appends the ._Crypted extension and drops a ransom note named _CRYPTED_README.html.

6.4.19

Seon Ransoware ver 0.2 found Seon Ransomware ver 0.2 JAMESWT found a new variant of the Seon Ransomware that brings it to "ver 0.2" and appends the .FIXT extension.

6.4.19

New ms13 Dharma variant Výsledek obrázku pro ransomware safety found a new variant of the Dharma ransomware that appends the .ms13 extension to encrypted files.

6.4.19

New Xwo Web Scanner Helps MongoLock Ransomware Find Victims Výsledek obrázku pro ransomware Code and infrastructure from two known malware families have been observed with a new threat named Xwo, which helps operators of the MongoLock ransomware discover unprotected web services reachable over the internet.

6.4.19

Planetary Ransomware decryptor released Výsledek obrázku pro ransomware Emsisoft has released a new decryptor for the Planetary Ransomware. This decryptor will target ransomware variants that append the .mira, .yum, .Neptune, or .Pluto extension.

6.4.19

New ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for ransomware samples that append the .bmps@tutanota.com.major or .bmps@tutanota.com.major extension.

6.4.19

New STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .refols extension to encrypted files.

6.4.19

FIN6 Group Diversifies Activity, Uses LockerGoga and Ryuk Ransomware Výsledek obrázku pro ransomware FIN6 cybercrime group has taken a step toward increased monetization of their intrusions and added ransomware to its portfolio, choosing LockerGoga and Ryuk file encryption malware for the extortion jobs.

6.4.19

New Phobos Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Phobos variant that appends the .phoenix extension.
6.4.19 New .carcn Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma ransomware that appends the .carcn extension.

30.3.19

New STOP Djvu Ransomware variants

Výsledek obrázku pro ransomware

Michael Gillespie found a new variants of the STOP Djvu Ransomware that append the .chech or .luceq extensions to encrypted files.

30.3.19

New .bk666 Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .bk666 extension to encrypted files.

30.3.19

Emsisoft has Released a Decryptor for the Hacked Ransomware

Výsledek obrázku pro ransomware

A decryptor for the Hacked Ransomware was released today by Emsisoft that allows victims to recover their files for free. This ransomware was active in 2017 and targeted English, Turkish, Spanish, and Italian users.

30.3.19

New STOP Djvu Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found new variants of the STOP Djvu Ransomware that append the .proden or .drume extensions to encrypted files.

30.3.19

New Matrix Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found new Matrix Ransomware variants that append the .MDEN or .SDEN extensions and drops a ransom note named !MDEN_INFO!.rtf or !SDEN_INFO!.rtf.

30.3.19

Ransomware hunt for YYYYBJQOQDU

Výsledek obrázku pro ransomware

Michael Gillespie is searching for a ransomware that appends the .YYYYBJQOQDU extension and drops a ransom note named YOUR FILES ARE ENCRYPTED.TXT.

30.3.19

New Paradise Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie spotted a new Paradise Ransomware variant that appends the .securityP extension and drops a ransom note named Instructions with your files.txt.

30.3.19

STOPDecrypter Updated

STOP Decrypter

Michael Gillespie updated the STOP decrypter with offline keys for .kroput1, .charck, .kropun, .doples, .luces, .luceq, .chech, .pulsar1, .drume, .tronas, .trosak, and .grovas, and .proden.

30.3.19

New BigBobRoss variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new BigBobRoss Ransomware variant that uses the .encryptedALL and .djvu extensions.

30.3.19

New Xorist variant with long extension

Xorist

Michael Gillespie found a Xoris Ransomware variant with the .NEED-TO-MAKE-PAYMENT-OR-ALL-YOUR-FILLES-WILL-BE-DELETED-CRITICAL-SITUATION-URGENT-ATTENTION-24-HOURS-TO-PAY-OR-EVERYTHING-WILL-BE-PERMANENTLY-DELETED-FOREVER. This ransomware is decryptable.

30.3.19

Another Xorist Variant

Výsledek obrázku pro ransomware

Michael found another Xorist variant that utilizes the extension ....VeraCrypt_System_Error2019-You_need_to_make_payment_in_maxmin_24_hours_if_you_dont_the_decryptor_license_will_be_deleted_this_is_not_a_joke.

30.3.19

Analysis of LockerGoga Ransomware

Výsledek obrázku pro ransomware

F-Secure posted a technical analysis of the LockerGoga ransomware:We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs).

30.3.19

UNNAM3D Ransomware Locks Files in Protected Archives, Demands Gift Cards

Unnam3d

A new ransomware called Unnam3d R@nsomware is being distributed via email that will move a victim's files into password protected RAR archives. The ransomware then demands a $50 Amazon gift card code in order to get the archive password.

30.3.19

Ransomware Hits Garage of Canadian Domain Registration Authority

Dharma

The parking garage used by employees of the Canadian Internet Registration Authority (CIRA) allowed people to park for free after computer systems were infected by ransomware.

30.3.19

New Rapid Ransomware variant

Rapid Ransomware

MalwareHunterTeam found a new Rapid Ransomware variant that uses the .GILLETTE extension and drops a ransom note named Decrypt DATA.txt.

30.3.19

New Stun Dharma Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Dharma Ransomware variant that appends the .stun extension to encrypted files.

30.3.19

New STOP Djvu Ransomware variants

Výsledek obrázku pro ransomware

Michael found new variants of the STOP Djvu ransomware that append the .tronas, .trosak, and .grovas extensions to encrypted files.

30.3.19

New Swamp RAT Ransomware

Výsledek obrázku pro ransomware

Lawrence Abrams discovered a new RAT that pretends to be a ransomware called Swamp Rat. This is in-dev and quite bizarre.

30.3.19

New Scarab Ransomware variant

Výsledek obrázku pro ransomware

JAMESWT found a new Scarab Ransomware variant that appends the .crypt000 extension to encrypted files.

30.3.19

Avast updates their BigBobRoss Decryptor

Výsledek obrázku pro ransomware

Avast has updated their BigBobRoss decryptor to decrypt victims with the .encryptedALL variant.

30.3.19

Emsisoft updates their BigBobRoss Decryptor

Výsledek obrázku pro ransomware

Not to be outdone :), Emsisoft also updated their BigBobRoss decryptor to support the .encryptedAll variant.

30.3.19

New vxCrypter Ransomware

vxCrypter

Lawrence Abrams discovered a new variant of the vxCrypter Ransomware that appends .xLck. This is in-development and deletes duplicate files on the computer.

24.3.19

New Snatch Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the Snatch Ransomware that appends the .jimm extension and drops a ransom note named Restore_JIMM_Files.txt.

24.3.19

Hated and hunted

Výsledek obrázku pro ransomware

Joe Tidy wrote an article about the life of ransomware expert Fabian Wosar:Fabian is world renowned for destroying ransomware - the viruses sent out by criminal gangs to extort money. Because of this, he lives a reclusive existence, always having to be one step ahead of the cyber criminals. He has moved to an unknown location since this interview was carried out.

24.3.19

ID Ransomware now tracks over 700 Ransomware families

Výsledek obrázku pro ransomware

Congrats to Michael Gillespie for setting up the terrific ID Ransomware service that now identifies 700 ransomware families.

24.3.19

Ransomware hunt for.L1LL Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a ransomware that appends the .L1LL extension to encrypted files.

24.3.19

New RotorCrypt Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie has found a new RotorCrypt variant that appends the !!!! prusa@rape.lol !!!.prus extension and drops a ransom note named informprus.txt.

24.3.19

New GlobeImposter2 variant uses an interesting extension

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the GlobeImposter 2.0 ransomware that adds the .{CALLMEGOAT@PROTONMAIL.COM}CMG extension to encrypted files.

24.3.19

Golden Axe Ransomware discovered

Golden Axe Ransomware

GrujaRS.discovered a new ransomware called Golden Axe that uses the .UIK1J extension for encrypted files. Unfortunately, it does not appear to be related to the classic Golden Axe video game :(

24.3.19

JNEC.a Ransomware Spread by WinRAR Ace Exploit

JNEC.a Ransomware

A new ransomware called JNEC.a spreads through an exploit for the recently reported code execution ACE vulnerability in WinRAR. After encrypting a computer, it will generate a Gmail address that victims need to create in order to receive the file decryption key once they pay the ransom.

24.3.19

New STOP Ransomware .charcl variant

Výsledek obrázku pro ransomware

Michael Gillespie found another STOP Djvu variant that appends the .charcl extension to encrypted files.

24.3.19

New Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .azero extension to encrypted files.

24.3.19

New FLKR Ransomware variant

Výsledek obrázku pro ransomware

Alex Svirid found a new variant of the FKLR Ransomware that appends the +jabber-winnipyh123@sj.ms extension to encrypted files.

24.3.19

LockerGoga Ransomware Sends Norsk Hydro Into Manual Mode

Výsledek obrázku pro ransomware

One of the largest aluminum producers in the world, Norsk Hydro, has been forced to switch to partial manual operations due to a cyber attack that is allegedly pushing LockerGoga ransomware.

24.3.19

LockerGoga variant uploaded from Norway

MalwareHunterTeam found a sample of the LockerGoga ransomware that was uploaded from Norway. Could this be the variant that affected Norsk Hydro?

24.3.19

Emsisoft releases decryptor for PewDiePie

Výsledek obrázku pro ransomware

Emsisoft has released a decryptor for the PewDiePie/PewCrypt Ransomware.

24.3.19

New variant of the Matrix Ransomware

Matrix-ransomware-variant

Kshom found a new variant of the Matrix Ransomware that appends the [BIGBOSS777@airmail.cc].[random string].CRYPTO extension.

24.3.19

Donaldjtrumpware Ransomware is Yuuuuuge

Donaldjtrumpware

MalwareHunterTeam found an old ransomware sample called donaldjtrumpware that was an in-development ransomware and did not save the decryption key.

24.3.19

Another LockerGoga variant

Lockergoga Variant

Because it's LockerGoga week, here is another variant found by GrujaRS.

24.3.19

Excellent analysis of LockerGoga

LockerGoga reversing

A thread by Lasha Khasaia offers excellent technical information on how LockerGoga works based on his reverse engineering of the sample.

24.3.19

Ransomware is not dead - a light analysis of LockerGoga

Výsledek obrázku pro ransomware

Another good technical article on LockerGoga byJoe Security.

24.3.19

New Xorist Variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Xorist Ransomware variant that appends the .Mr-X666 extension to encrypted files and drops a ransom note named HOW TO BACK YOUR FILES.txt.

24.3.19

New Doples STOP Djvu variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the STOP Ransomware that appends the .doples extension to encrypted files.

24.3.19

New GarrantyDecrypt variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the GarrantyDecrypt Ransomware that appends the .metan extension.

24.3.19

New hunt for Fox Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that appends the id [numbers][Rabbit2002@pm.me].fox extension to encrypted files and drops a ransom note named Decrypt.txt.

24.3.19

New hunt for Robbin Hood Ransomware

Robbin Hood Ransomware

Michael Gillespie found a new ransomware named Robbin Hood that appends the Encrypted_.enc_robbinhood extension and drops a ransom note named _Decryption_ReadMe.html.

24.3.19

Fake CDC Emails Warning of Flu Pandemic Push Ransomware

Spam Email

A new malspam campaign is being conducted that is pretending to be from the Centers for Disease Control and Prevention (CDC) about a new Flu pandemic. Attached to the emails are a malicious attachment that when opened will install the GandCrab v5.2 Ransomware on the target's computer.

24.3.19

Dharma ransomware recovery rates fall as ransom demands skyrocket

Výsledek obrázku pro ransomware

Coveware writes about "New Research on Dharma Ransomware: Data recovery rates decline as ransom demand skyrocket."

24.3.19

New STOP Djvu .Luces variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the STOP Djvu ransomware that appends the .luces extension to encrypted files.

24.3.19

Rabbit Ransomware discovered

Rabbit Ransomware

MalwareHunterTeam discovered the Rabbit Ransomware screenlocker. The unlock code is "RabbCompany66"

24.3.19

Police Federation in the UK have been hit with a ransomware attack

Výsledek obrázku pro ransomware

"We can confirm we have been subject to a malware attack on our computer systems. We were alerted by our own security systems on Saturday 9 March. Cyber experts rapidly reacted to isolate the malware and prevent it from spreading"

24.3.19

New Planetary Ransomware variant

Planetary Ransomware

GrujaRS found a new variant of the Planetary Ransomware that appends the .mira extension and drops a ransom note named !!!READ_IT!!!.txt.

24.3.19

Kaspersky think LockerGoga is affiliated with GrimSpider

Výsledek obrázku pro ransomware

Ivan Kwiatkowski has stated that his team at Kaspersky feels that LockerGoga is related to GrimSpider.

24.3.19

New GFS Scarab Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Scarab Ransomware variant that appends the .[mrpeterson@cock.li].GFS extension to encrypted files.

24.3.19

New Suffer Scarab Ransomware variant

Scarab Ransomware

Amigo-A found a new variant of the Scarab Ransomware that appends the .suffer extension to encrypted files and creates ransom notes named HOW TO RECOVER ENCRYPTED FILES.TXT.

16.3.19

Ransomware Attack on Jackson County Gets Cybercriminals $400,000

Výsledek obrázku pro ransomware

A ransomware attack hit the computers of Jackson County, Georgia, reducing government activity to a crawl until officials decided to pay cybercriminals $400,000 in exchange for the file decryption key.

16.3.19

Emsisoft Decrypter for BigBobRoss

Výsledek obrázku pro ransomware

Emsisoft has released a decryptor for the BigBobRoss ransomware. It uses AES-128 ECB to encrypt files, and adds the extension ".obfuscated". Some variants also prepend the victim ID to the filename. The ransom note "Read Me.txt" asks the victim to contact "BigBobRoss@computer4u.com".

16.3.19

Avast releases a decryptor for BigBobRoss as well

Výsledek obrázku pro ransomware

Avast Threat Labs released a decryptor for BigBobRoss as well today.

16.3.19

New STOP Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found new variants of the STOP Ransomware that append the .promorad2 or .kroput extensions to encrypted files.

16.3.19

STOP Ransomware Installing Password Stealing Trojans on Victims

Výsledek obrázku pro ransomware

In addition to encrypting a victim's files, the STOP ransomware family has also started to install the Azorult password-stealing Trojan on victim's computer to steal account credentials, cryptocurrency wallets, desktop files, and more.

16.3.19

New Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new Dharma Ransomware variant that appends the .NWA extension to encrypted files.

16.3.19

Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits

Yatron Ransomware

A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours.

16.3.19

New bRcrypT Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that appends the .bRcrypT extension and drops a ransom note named FILES ENCRYPTED.txt.

16.3.19

New RotorCrypt Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie found a new RotorCrypt Ransomware variant that appends the !__help2decode@mail.com__.a800 extension and drops a ransom note named recovery.instruction.txt.

16.3.19

Updated STOPDecrypter

Výsledek obrázku pro ransomware

Michael Gillespie updated his STOPDecrypter to have more offline encryption keys. This one is for OFFLINE ID "0h7mFQcjRC3pDgsRcrWZ7K7bdAgvgDosJ24DmXt1" (.promorad2).

16.3.19

New GILLETTE Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that appends the .GILLETTE extension and drops a ransom note named Decrypt DATA.txt.

16.3.19

New Matrix Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Matrix ransomware that appends the .SCR extension to encrypted files.

16.3.19

New ransomware hunt

Výsledek obrázku pro ransomware

Michael Gillespie is search for a sample of the ransomware that appends the .yum extension and drops a ransom note named !!!READ_IT!!!.txt.

16.3.19

New Dharma Ransomware variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new Dharma Ransomware variant that appends the .com extension to encrypted files.

16.3.19

Updated STOPDecrypter

Výsledek obrázku pro ransomware

Michael Gillespie updated his STOPDecrypter to have more offline encryption keys. This one is for OFFLINE ID "upOacGl1yOz9XbrhjX9UR2M0j8i03YwVB0pXr1t1" (.kroput).

16.3.19

New Scarab variant pretends to be GandCrab

Výsledek obrázku pro ransomware

Amigo-A found a new variant of the Scarab Ransomware that pretends to be GandCrab by using the .[crab2727@gmx.de].gdcb and dropping a ransom note named GDCB-DECRYPT.TXT.

16.3.19

MegaLocker Virus discovered

MegaLocker

MalwareHunterTeam found a new ransomware called MegaLocker Virus that appends the .crypted extension to encrypted files and drops a ransom note named !DECRYPT INSTRUCTION.TXT. Appears to have encrypted a web server in the image.

16.3.19

New 0kilobypt Ransomware variant

Výsledek obrázku pro ransomware

Amigo-A discovered a new variant of the 0kilobypt Ransomware that appends the .crypt extension to encrypted files.

16.3.19

New STOP Ransomware variants

Výsledek obrázku pro ransomware

Michael Gillespie found new STOP ransomware variants that append the .kroput1, .pulsar1 or .charck extensions to encrypted files.

16.3.19

New Ransomware hunt for Scorpion Ransomware

Scorpion Ransomware

Michael Gillespie is looking for a new ransomware that appends the .Scorpion extension and drops a ransom note named About .Scorpion V4.0 unlocking instructions.txt.

16.3.19

New Ransomware hunt

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a new ransomware that appends the .[w_decrypt24@qq.com].zq extension.

16.3.19

New Paradise Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Paradise Ransomware variant that appends the _[id]_{babyfromparadise666@gmail.com}.p3rf0rm4 and drops a ransom note named Instructions with your files.txt.

16.3.19

New Jamper Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a new ransomware that appends the .jamper extension and drops a ransom note named ---README---.TXT.

16.3.19

New RotorCrypt variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new RotorCrypt variant that appends the !@#$%^&-().1c and drops a ransom note named INFO.txt.

16.3.19

New STOP Ransomware variants

Výsledek obrázku pro ransomware

Michael Gillespie found new STOP Ransomware variants that append the .kropun or .klope extensions to encrypted file's names.

9.3.19

Ransomware Pretends to Be Proton Security Team Securing Data From Hackers

GarrantyDecrypt Ransomware

A recent variant of the GarrantyDecrypt ransomware has been found that pretends to be from the security team for Proton Technologies, the company behind ProtonMail and ProtonVPN.

9.3.19

CrazyCrypt 4.1 discovered

CrazyCrypt 4.1

MalwareHunterTeam found the new 4.1 variant of CrazyCrypt 4.1 that drops a ransom note named FILES ENCRYPTED.txt.

9.3.19

New Korea Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new Dharma Ransomware variant that uses the .korea extension.

9.3.19

#OpJerusalem Targeted Israeli Windows Users with JCry Ransomware

JCry

Over the weekend, hundreds of popular Israeli sites were targeted by an attack called #OpJerusalem whose goal was to infect Windows users with the JCry ransomware. Thankfully, a mistake in the attacker's code caused the page to show a defacement rather than causing the ransomware to be distributed.

9.3.19

Annabelle 2.1 becomes a wiper

Annabelle 2.1 Ransomware

Michael Gillespie found a new variant of the Annabelle Ransomware that has become a wiper due to shoddy coding.

9.3.19

New GlobeImposter 2.0 variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new GlobeImposter 2.0 Ransomware variant that appends the .{mattpear@protonmail.com}MTP extension.

9.3.19

Neptune Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that appends the .Neptune extension. This family has been releasing variants utilizing extensions named after planets.

9.3.19

New ransomware hunt

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a ransomware that appends the .[help24decrypt@cock.li and drops a ransom note named How to decrypt.txt.

9.3.19

New Satan Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the Satan/Lucky that uses the .evopro extension and drops a ransom note named _如何解密我的文件_.txt. According xiaopao, this is a Satan variant.

9.3.19

New Seed Locker Everbe Ransomware variant

Seed Locker Ransomware

MalwareHunterTeam found a new variant of the Everbe 2.0 ransomware called Seed Locker. This infection will append the .seed extension to encrypted files and drops a ransom note named !#_How_to_decrypt_files_$!.txt.

9.3.19

CryptoMix Clop Ransomware Says It's Targeting Networks, Not Computers

Ransom Note

A new CryptoMix Ransomware variant has been discovered that appends the .CLOP or .CIOP extension to encrypted files. Of particular interest, is that this variant is now indicating that the attackers are targeting entire networks rather than individual computers.

9.3.19

Jokeroo Ransomware-as-a-Service Offers Multiple Membership Packages

Jokeroo RaaS

A new Ransomware-as-a-Service called Jokeroo is being promoted on underground hacking sites and via Twitter that allows affiliates to allegedly gain access to a fully functional ransomware and payment server.

9.3.19

New Scarab Ransomware variant

Scarab Ransomware Ransom Note

Emmanuel_ADC-Soft found a new Scarab Ransomware variant that appends the .kitty extension to encrypted files and drops a ransom note named HOW-TO-RESTORE-FILES.txt.

9.3.19

New ICP Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a new ransomware that appends the .icp extension to encrypted files and drops a ransom note named Restore_ICPICP_Files.txt.

9.3.19

New .plomb Dharma variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Dharma variant that appends the .id-[id].[plombiren@hotmail.com].plomb extension.

9.3.19

New Scarab Ransomware variant

Scarab Ransom Note

GrujaRS found a new Scarab Ransomware variant that appends the .dy8wud and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

9.3.19

New W1F1RANSOM screenlocker discovered

Výsledek obrázku pro ransomware

MalwareHunterTeam found a new screenlocker called W1F1RANSOM or W1F1SN1FF3R that uses an unlock key of 0000.

9.3.19

StopDecrypter Updated

StopDecrypter

Michael Gillespie added more OFFLINE keys to his StopDecrypter program. These are for the .promoz, .promok, .promorad, .promok variants.

2.3.19

GarrantyDecrypt Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware called GarrantyDecrypt that appends the .cammora extension.

2.3.19

New DeltaSEC Jigsaw Ransomware

DeltaSEC

MalwareHunterTeam found a new Jigsaw Ransomware variant called DeltaSEC.

2.3.19

New Russian ransomware variant

Russian Ransomware ID44

Michael Gillespie found a new ransomware that appends the .infileshop@gmail_com_ID44 and drops a ransom note named ! ПРОЧТИ МЕНЯ !.html.

2.3.19

New Scarab Ransomware variant

Scan Ransom Note

Emmanuel_ADC-Soft found a new variant of the Scarab Ransomware that appends the .X3 extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

2.3.19

GandCrab Decrypter Available for v5.1, New 5.2 Variant Already Out

GandCrab Decryptor

A free file decryption tool is available for users whose computers got infected with the latest confirmed versions of GandCrab. It can unlock data encrypted by versions 4 through 5.1 of the malware, and some earlier releases of the threat.

2.3.19

New Ransomware pretends to be from ProtonMail

Proton Ransomware

Michael Gillespie found a new ransomware that drops a ransom note named SECURITY-ISSUE-INFO.txt and pretends to be from the security team at ProtonMail.

2.3.19

New Promos STOP variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the STOP/DJVU Ransomware that appends the .promos extension to encrypted files.

2.3.19

New Seed Locker Ransomware

Seed Ransomware

Emmanuel_ADC-Soft found a new ransomware that appends the .seed extension and drops a ransom note named !#_How_to_decrypt_files_#!.

2.3.19

Formjacking Surpasses Ransomware and Cryptojacking as Top Threat of 2018

Výsledek obrázku pro ransomware

A new year in review report from Symantec shows that formjacking accompanied by supply chain attacks were the fastest growing threats of 2018, while living-off-the-land (LotL) attacks saw a large boost in adoption from threat actors, with PowerShell scripts usage, for example, seeing a formidable 1000% increase.

2.3.19

Cekisan Ransomware discovered

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that appends the .cekisan extension and drops a ransom note named Readme_Restore_Files.txt.

2.3.19

New Aqva Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new Dharma Ransomware variant that appends the .aqva extension to encrypted files.

2.3.19

GandCrab Ransomware Affiliates Continue to Push Decryptable Versions

Výsledek obrázku pro ransomware

GandCrab Ransomware affiliates are doing their victims a favor by screwing up and distributing a version of the ransomware that can be decrypted for free.

2.3.19

New BlackPink Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie saw a new ransomware uploaded to ID Ransomware that appends the .BlackPink extension to encrypted files and has a Korean ransom note named how_to_recver_files.txt.

2.3.19

New Russian Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie found a new Russian ransomware that drops a ransom note named инструкция по оплате.txt.

2.3.19

New Ransomware appends .crazy

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that appends the .id.[id].[[emai]].crazy extension to encrypted files and drops a ransom note named FILES ENCRYPTED.txt.

2.3.19

New Matrix Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie is on fire with a new Matrix Ransomware variant that appends the .GBLOCK extension and drops a ransom note named !GBLOCK_INFO.rtf.

2.3.19

Cr1ptT0r Ransomware Infects D-Link NAS Devices, Targets Embedded Systems

Cr1pT0r Ransom Note

A new ransomware called Cr1ptT0r built for embedded systems targets network attached storage (NAS) equipment exposed to the internet to encrypt data available on it.

2.3.19

New .AYE Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .AYE extension to encrypted files.

2.3.19

Ransomware Dogge discovered

Dogge Ransomware

Dodge This Security found a new ransomware called Dogge Ransomware. Appears to be a joke ransomware.

2.3.19

B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers

B0r0nt0k Ransomware

A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.

2.3.19

New Xorist Ransomware variant

Xorist Ransomware

GrujaRS found a Xorist Ransomware sample that appends only a period as an extension and drops a ransom note named HOW TO DECRYPT FILES.txt.

2.3.19

D-Link advisory on Cr1ptT0r

Výsledek obrázku pro ransomware

D-Link issued a security advisory on the Cr1ptT0r Ransomware.

2.3.19

CrazyCrypt Ransomware discovered

CrazyCrypt

MalwareHunterTeam found a new Stupid Ransomware variant called CrazyCrypt 2.1.

2.3.19

New Artemy Scarab Ransomware variant

Artemy Ransomware

GrujaRS found a new Scarab Ransomware variant that appends the .ARTEMY extension to encrypted files.

2.3.19

New Phobos Ransomware variant

Phobos Ransomware

Jakub Kroustek found a new Phobos Ransomware variant that appends the .Frendi extension.

2.3.19

New Matrix Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Matrix Ransomware variant that appends the .SBLOCK extension and drops a ransom note named !SBLOCK_INFO!.rtf.

2.3.19

New STOP/DJVU Variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP/DJVU variant that appends the .promoz.

2.3.19

Florida ISP's service impacted by ransomware

Výsledek obrázku pro ransomware

The Tallahassee Democrat reports: A ransomware attack targeting Network Tallahassee kept customers from getting online, sending or receiving emails or accessing website domains, which were completely shutdown.

2.3.19

New RotorCrypt Sample

Výsledek obrázku pro ransomware

Michael Gillespie found a new RotorCrypt sample that appends the !_!email__ prusa@goat.si __!..PAYMAN extension and drops a ransom note named open_payman.txt.

2.3.19

CSP Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a new ransomware variant that appends the _csp extension and drops a ransom note named HOW TO DECRYPT[1T0tO].txt.

2.3.19

New STOP/DJVU variants

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the STOP/DJVU Ransomware that appends the .promorad and .promock.

16.2.19

New FCRYPT Ransomware

FCRYPT

GrujaRS found a new ransomware called FCRYPT that appends the .FCrypt extension and drops a ransom note named #HELP-DECRYPT-FCRYPT1.1#.txt to encrypted files. Michael Gillespie stated it can be decrypted.

16.2.19

New Matrix Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Matrix Ransomware variant that appends the .PLANT extension to encrypted files.

16.2.19

New Ransomware has trouble spelling planets

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware variant that tried to spell "Mercury", but used .mecury as the extension for encrypted files.

16.2.19

Ransomware Story Comic

Výsledek obrázku pro ransomware

Christiaan Beek and Hackerstrip teamed up to create a comic about ransomware.

16.2.19

New Encrypted5 ransomware

Encrypted5

GrujaRS found a new ransomware variant that appends the .Encrypted5.

16.2.19

New Matrix Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .PEDANT and drops a ransom note named !PEDANT_INFO!.rtf.

16.2.19

Ransomware Attacks Target MSPs to Mass-Infect Customers

Výsledek obrázku pro ransomware

Ransomware distributors have started to target managed service providers (MSPs) in order to mass-infect all of their clients in a single attack. Recent reports indicate that multiple MSPs have been hacked recently, which has led to hundreds, if not thousands, of clients being infected with the GandCrab Ransomware.

16.2.19

New Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new variant of the Dharma ransomware that appends the .KARLS extension to encrypted files.

16.2.19

New Snatch Ransomware variant

Jupstb

GrujaRS found a new Snatch ransomware variant appends the .jupstb extension to encrypted files.

9.2.19

New PayDay Ransomware variant

PayDay Ransomware

MalwareHunterTeam found a new variant of the PayDay Ransomware that uses a ransom note named HOW_TO_DECRYPT_MY_FILES.txt.

9.2.19

New variant of the STOP Ransomware

Výsledek obrázku pro ransomware

dis found a new variant of the STOP Ransomware that uses the .blower extension.

9.2.19

New RotorCrypt variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the RotorCrypt Ransomware that appends the "!ymayka-email@yahoo.com.cryptotes" extension.

9.2.19

New Dharma variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the Dharma Ransomware that appends the .888 extension.

9.2.19

New PennyWise Jigsaw Ransomware variant

PennyWise Jigsaw variant

MalwareHunterTeam found a new Jigsaw Ransomware that uses the .PennyWise extension for encrypted files.

9.2.19

Crypted Pony Ransomware found

Výsledek obrázku pro ransomware

Petrovic found a new ransomware that appends the .crypted_pony_test_build_xxx_xxx_xxx_xxx_xxx extension to encrypted files.

9.2.19

Cryptojacking Overtakes Ransomware, Malware-as-a-Service on the Rise

Výsledek obrázku pro ransomware

Cryptominers infected roughly ten times more organizations during 2018 than ransomware did, however only one in five security professionals knew that their company's systems have been impacted by a malware attack as reported by Check Point Research.

9.2.19

GandCrab Ransomware Helps Shady Data Recovery Firms Hide Ransom Costs

Výsledek obrázku pro ransomware

The GandCrab ransomware TOR site allows shady data recovery companies to hide the actual ransom cost from victims and it is currently being disseminated through a large assortment of distribution channels according to a Coveware report.

9.2.19

Russian ransomware with a valid cert

Russian Ransomware

MalwareHunterTeam found a Russian ransomware sample that drops a ransom note named Your files are now encrypted.txt but does not use an extension. Uses a valid certificate.

9.2.19

New Ransomware appends FileSlack

Výsledek obrázku pro ransomware

Michael Gillespie found a new Ransomware that appends the .FileSlack extension and drops a ransom note named Readme_Restore_Files.txt.

9.2.19

Looking for a sample of Pluto Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a ransomware sample that appends the .pluto extension and drops a ransom note named !!!READ_IT!!!.txt.

9.2.19

LOLSEC Jigsaw Ransomware variant

LOLSEC Jigsaw

Michael Gillespie found a new Jigsaw Ransomware variant that appends .paycoin to encrypted files and uses the following background.

9.2.19

New Dharma variant found

Výsledek obrázku pro ransomware

Jakub Kroustek found new Dharma variants that appends the .amber or .frend extension.

9.2.19

Mail Attachment Builds Ransomware Downloader from Super Mario Image

Výsledek obrázku pro ransomware

A malicious spreadsheet has been discovered that builds a PowerShell command from individual pixels in a downloaded image of Mario from Super Mario Bros. When executed, this command will download and install malware such as the GandCrab Ransomware and other malware.

9.2.19

New Clop Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that appends the .Clop extension to encrypted file names and drops a ransom note named ClopReadMe.txt.

9.2.19

Gandcrab via fake invoice using password protected zip files

Výsledek obrázku pro ransomware

My Online Security reports: It’s Friday afternoon at the end of a busy week for many people and we get yet another Gandcrab ransomware campaign. This campaign is slightly different to previous versions that I have seen. We generally see Gandcrab delivered via Office ( normally Word) documents, either Macros or possibly Equation editor or other embedded ole object exploits. Today’s version is the first time that I have seen a js file inside a zip that was password protected as the initial vector. You need the password “invoice123” to be able to open the zip file.

2.2.19

New Scarab Ransomware variant

Výsledek obrázku pro ransomware

Amgad.M found a new Scarab Ransomware variant that appends the .Crash extension to encrypted files.

2.2.19

Akron says cyberattack forced shutdown of city help line

Výsledek obrázku pro ransomware

WHIO-TV reports: Officials say a financially motivated cyberattack on computer servers forced an Ohio city to shut down its 311 call center line as it prepared to dig out from a snowstorm. The Akron Beacon Journal reports a city of Akron spokeswoman says the attack included ransomware that demanded thousands of dollars. Ransomware is malicious software that threatens to publish a target's data or block access to it.

2.2.19

New Xorist Ransomware

Výsledek obrázku pro ransomware

Petrovic discovered a new Xorist variant that appends the .mcafee extension to encrypted files.

2.2.19

Blackware Ransomware discovered

Blackware Ransomware

MalwareHunterTeam discovered the Blackware Ransomware 1.0 that is only a screenlocker. Does not encrypt.

2.2.19

Spiteful Doubletake Ransomware discovered

Spiteful Doubletake

Jakub Kroustek has discovered a ransomware written in Perl called Spiteful Doubletake that appears to be in-development or a PoC. Appends the .enc extension to encrypted files.

2.2.19

New STOP .adobee variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP Ransomware variant that appends the .adobee extension to encrypted files.

2.2.19

Gorgon Ransomware discovered

Gorgon Ransomware

Jakub Kroustek discovered the Gorgon Ransomware that appends the .[buy-decryptor@pm.me] extnesion to encrypted files.

2.2.19

Russia hit by new wave of ransomware spam

Výsledek obrázku pro ransomware

January 2019 has seen a dramatic uptick in detections of malicious JavaScript email attachments, an attack vector that mostly lay dormant throughout 2018. Among the “New Year edition” of malicious spam campaigns relying on this vector, we have detected a new wave of Russian-language spam that distributes ransomware known as Shade or Troldesh, and detected by ESET as Win32/Filecoder.Shade.

2.2.19

Unit09 Ransomware discovered

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that appends the .UNIT09 extension to encrypted files and drops a ransom note named $!READ ME.txt.

2.2.19

New .mbrcodes Xorist variant found

Výsledek obrázku pro ransomware

Michael Gillespie found a new Xoris Ransomware variant that appends the .mbrcodes extension.

2.2.19

Anti-Capitalist Jigsaw Ransomware variant found

Anti-Capitalist

MalwareHunterTeam found a new Jigsaw Ransomware variant called Anti-Capitalist that appends the .fun extension to encrypted files.

2.2.19

DESYNC Ransomware Discovered

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that appends the .DESYNC extension to encrypted files and drops a ransom note named # HOW TO DECRYPT YOUR FILES #.txt.

2.2.19

Love Letter Malspam Serves Cocktail of Malware, Heavily Targets Japan

Výsledek obrázku pro ransomware

The "Love Letter" malspam campaign which was previously detected and analyzed on January 10, has now changed its focus to Japanese targets and almost doubled the volume of malicious attachments it delivers, including GandCrab.

2.2.19

New LockerGoga Ransomware Allegedly Used in Altran Attack

Výsledek obrázku pro ransomware

Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and their own assets, Altran decided to shut down its network and applications.

2.2.19

Xorist Ransomware variant

McAfee Xorist

GrujaRS found a new Xorist variant that appends the .Mcafee extension and drops a ransom note named HOW TO DECRYPT FILES.

2.2.19

Looking Into Jaff Ransomware

Jaff ransomware was originally released in the spring of 2017, but it was largely neglected because that was the same time that WannaCry was the lead story for news agencies around the world. Since that time, Jaff ransomware has lurked in the shadows while infecting machines worldwide. In this FortiGuard Labs analysis, we will look into some of the common ransomware techniques used by this malware, and how it represents the ransomware’s infection routine in general.

2.2.19

Flurry of Dharma variant discovered

Výsledek obrázku pro ransomware

Jakub Kroustek found a few new Dharma variants that append the .qwex, .ETH, or .air extension to encrypted files.

2.2.19

New Obfuscated Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the Obfuscated Ransomware that prepends "[id=]" to encrypted files. Still decryptable.

2.2.19

Jigsaw variant discovered

Red Team Jigsaw Variant

Michael Gillespie found a Jigsaw Ransomware variant that appends the .YOLO extension to encrypted files. Possible Red Team/Blue Team exercise based on ransom message?

2.2.19

Matrix: A Low-Key Targeted Ransomware

Výsledek obrázku pro ransomware

Sophos security research Luca Nagy released an research paper on the Matrix Ransomware.

27.1.19

New AUF Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek discovered a new Dharma Ransomware variant that appends the .AUF extension to encrypted files.

27.1.19

Ransomware Attacks May Soon Require Disclosure in North Carolina

Výsledek obrázku pro ransomware

North Carolina’s Attorney General Josh Stein and Rep. Jason Saine proposed legislation designed to strengthen the state's identity theft protection law, targeting prevention and consumer protection boost in the face of breaches.

27.1.19

New Rumba STOP Ransomware Being Installed by Software Cracks

Rumba Stop Ransomware

The STOP ransomware has seen very heavy distribution over the last month using adware installers disguised as cracks. This campaign continues with a new variant released over the past few days that appends the .rumba extension to the names of encrypted files. Michael Gillespie also reported finding a variant utilizing the .shadow extension.

27.1.19

STOP Ransomware decryptor updated for offline DJVU variants

STOP Decryptor

Michael Gillespie updated his STOP Decryptor to decrypt the offline versions of the DJVU variants.

27.1.19

New Dharma variants discovered

Výsledek obrázku pro ransomware

Jakub Kroustek discovered two more Dharma variants that utilize the .USA, .xwx, and .best extensions for encrypted files.

27.1.19

New variant of Ryuk using project name of Cryptor 2.0

Výsledek obrázku pro ransomware

MalwareHunterTeam found a new Ryuk variant that uses an internal project name of "Cryptor 2.0".

27.1.19

New Matrix Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .GMBN extension and drops a ransom note named !README_GMBN!.rtf. Michael found another variant that uses the .SPCT extension.

27.1.19

New .heets Dharma variant

Výsledek obrázku pro ransomware

Coveware found a new Dharma variant that is appending the .heets extension to encrypted files.

27.1.19

New Anatova Ransomware Supports Modules for Extra Functionality

Anatova

A new ransomware family called Anatova has popped on the radar of analysts, who see it as a serious threat created by skilled authors that can turn it into a multifunctional piece of malware.

27.1.19

STOP Ransomware variant uses .adobe

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the STOP Ransomware that utilizes the .adobe variant. This extension was previously used by the Dharma ransomware.

27.1.19

New BSS Hidden Tear variant

Výsledek obrázku pro ransomware

MalwareHunterTeam found someone named Dennis playing with a Hidden Tear variant named "Ransomware by BSS".

27.1.19

New ransomware strain is locking up Bitcoin mining rigs in China

Výsledek obrázku pro ransomware

A new strain of ransomware has been observed targeting Bitcoin mining rigs. At the time of writing, most of the infections have been reported in China, the country where most of the world's cryptocurrency mining farms are located.

27.1.19

New JSWorm Ransomware

JSWorm

MalwareHunterTeam found the JSWorm Ransomware that appends the .JSWORM extension and drops a ransom note named JSWORM-DECRYPT.html.

27.1.19

Beware of Exit Map Spam Pushing GandCrab v5.1 Ransomware

Výsledek obrázku pro ransomware

A new malspam campaign pretending to be the current emergency exit map for the recipient's building is being used to install the GandCrab Ransomware. These spam emails contain malicious Word documents that download and install the infection from a remote computer.

27.1.19

New Xorist variant

Výsledek obrázku pro ransomware

Petrovic found a new Xorist variant that appends the .vaca etension to encrypted files.

27.1.19

New Cyspt ransomware

Cyspt

MalwareHunterTeam found the Cyspt ransomware that appends the .OOFNIK extension to encrypted files.

27.1.19

New Scarab Ransomware variant

Scarab

found a new Scarab Ransomware variant that appends the .GEFEST extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

27.1.19

GandCrab is not a RaaS

Forum Post

Damian has stated that according to a post at Exploit.in, the developers behind GandCrab have denied being part of a RaaS.

27.1.19

New ransomware variant

Unknown Ransomware

A new unknown ransomware was discovered by lc4m that appends the .locked extension and drops a ransom note named README-NOW.txt.

19.1.19

New Krab Scarab Ransomware variant

Krab Scarab

Amigo-A found a new variant of of the Scarab Ransomware that appends the .Krab extension to encrypted files and drops a ransom note named !!! RETURN YOUR FILES !!!.TXT.

19.1.19

New .zzzzzzzz Scarab Ransomware variant

Emmanuel_ADC-Soft found a new sleepy variant of the Scarab Ransomware that appends the .zzzzzzzz extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

19.1.19

New PPAM GlobeImposter 2 variant

Výsledek obrázku pro ransomware

Petrovic found a new variant of the GlobeImposter2 that appends the .ppam extension to encrypted file names.

19.1.19

New ransomware appends mdk4y

Unknown Ransomware

Leo found a new ransomware that appends the .mdk4y extension to encrypted file names.

19.1.19

New French Jigsaw Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new French Jigsaw Ransomware variant that appends the .data extension.

19.1.19

New Matrix Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Matrix Ransomware variant that appends the .GRHAN extension and drops a ransom note named !README_GRHAN!.rtf.

19.1.19

New TrumpHead Ransomware

TrumpHead

MalwareHunterTeam found a new ransomware called TrumpHead that contains text that sounds like, well, Trump.

19.1.19

Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles

Djvu Ransomware

In December 2018, a new ransomware called Djvu, which could be a variant of STOP, was released that has been heavily promoted through crack downloads and adware bundles. Originally, this ransomware would append a variation of the .djvu string as an extension to encrypted files, but a recent variant has switched to the .tro extension.

19.1.19

New Ransomware Bundles PayPal Phishing Into Its Ransom Note

Ransom Note

A new in-development ransomware has been discovered that not only encrypts your files, but also tries to steal your credit card information with an included PayPal phishing page.

19.1.19

New IsraBye is repeating itself

IsraBye

MalwareHunterTeam found a new IsraByte variant that seems to be repeating itself with the extension.

19.1.19

New Paradise Ransomware variant

Výsledek obrázku pro ransomware

MalwareHunterTeam found a new Paradise ransomware variant that drops a ransom note named Instructions with your files.txt and uses the extension _%ID%_{admin@prt-decrypt.xyz}.xyz,

19.1.19

New JobCrypter Ransomware variant

JobCrypter

MalwareHunterTeam found a new JobCrypter variant.

19.1.19

Looking for the Obfuscated Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a new ransomware that appends the .obfuscated extension and drops a ransom note named Read Me.txt.

19.1.19

New Anatova ransomware discovered

Anatova

Valthek discovered a new ransomware called Anatova that asks for a ransom payment in Dash.

19.1.19

New ransomware variant

Výsledek obrázku pro ransomware

Petrovic found a new ransomware variant that appends the .jundmd@cock.li!! extension to encrypted files and drops a ransom note named Help to decrypt.txt.

19.1.19

BlackRouter Ransomware Promoted as a RaaS by Iranian Developer

BlackRouter

A ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previousl distributed another ransomware called Blackheart and promotes other infections such as a RAT.

19.1.19

New 7Zip Ransomware variant

7-zip ransomware

Amigo-A found a new variant of the 7Zip Ransomware that appends the .aes extension to encrypted files and drops a ransom note named INFORMATION.hta.

19.1.19

Xcry Ransomware discovered

Xcry Ransomware

MalwareHunterTeam discovered a new ransomware called Xcry that was programmed in Nim. Xcry Ransomware will append the .xcry7684 extension to encrypted files and drop a ransom note named HOW_TO_DECRYPT_FILES.html.

19.1.19

Oscar Venom Ransomware discovered

Oscar Venom

MalwareHunterTeam discovered a new Jigsaw Ransomware variant called Oscar Venom that appends the .venom extension to encrypted files.

19.1.19

Fake Jigsaw variants

Jigsaw Mesasage

MalwareHunterTeam discovered some new fake Jigsaw Ransomware variants that do not encrypt and have a password of "1212". They then display the "RUSSIAN FEDERATION ATTACKING YOU!" message when closing the program.

19.1.19

Jigsaw Ransomware has a loooong extension

Jigsaw Extension

Michael Gillespie found a new Jigsaw Ransomware sample that uses a very looooong extension.

19.1.19

New GIF Dharma variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new Dharma variant that appends the .gif extension to encrypted files.

19.1.19

StopDecryptor updated to support offline Djvu variants

StopDecryptor

Michael Gillespie updated his StopDecryptor to support newer .djvu variants.

19.1.19

Fallout Exploit Kit is Back with New Vulnerabilities and Payloads

Výsledek obrázku pro ransomware

The Fallout exploit kit is back in business after a short downtime, with new tools under its belt such as a new Flash exploit, HTTPS support, a new landing page format and the capability to deliver payloads using Powershell. One of its payloads is GandCrab.

19.1.19

New BitPaymer variant

Bitpaymer

GrujaRS found a new variant of BitPaymer that appends the .locked extension and drops a ransom note named [file_name].readme_txt

19.1.19

RickRoll Locker discovered

RickRoll Locker Ransom Note

MalwareHunterTeam discovered anew ransomware called RICKROLL LOCKER that appends the .cryptoid extension and drops ransom notes named CRYPTOID_BLOCKED.txt, CRYPTOID_HELP.txt, and CRYPTOID_MESSAGE.txt. Appears to be a Aurora offline variant.

19.1.19

New James Ransomware

James Ransomware

Leo found a new ransomware that appends the .James extension to encrypted files.

19.1.19

FileCryptor Ransomware discovered

FileCryptor

Michael Gillespie found a new ransomware that drops a ransom note named HOW TO DECRYPT FILES.txt.

19.1.19

New Phobos Dharma variant

Výsledek obrázku pro ransomware

Coveware found a new variant of the Dharma ransomware that appends the .phobos extension to encrypted files.

13.1.19

Batch file ransomware discovered

Batch Ransomware

MalwareHunterTeam discovered a very simply ransomware that is a batch file called Encoder.bat and uses WinRar to add files to a password protected archive.

13.1.19

GandCrab Operators Use Vidar Infostealer as a Forerunner

Výsledek obrázku pro ransomware

Cybercriminals behind GandCrab have added the infostealer Vidar in the process for distributing the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files.

13.1.19

Bridgeport Schools computer network falls victim to cyberattack

Výsledek obrázku pro ransomware

The city school district’s computer network was attacked Friday by a virus caused by an outside entity that intended to hold district data hostage for ransom, district officials say.

13.1.19

CryptoMix Ransomware Exploits Sick Children to Coerce Payments

Výsledek obrázku pro ransomware

With people becoming more aware of ransomware, criminals are coming up with some pretty low life schemes in order to coerce victims into paying ransomware. Such is the case with a CryptoMix ransomware, who pretends to represent a sick children's charity and is asking for a ransom payment as if it was a charitable donation.

13.1.19

Ryuk Ransomware Attack: Rush to Attribution Misses the Point

Výsledek obrázku pro ransomware

The most likely hypothesis in the Ryuk case is that of a cybercrime operation developed from a tool kit offered by a Russian-speaking actor. From the evidence, we see sample similarities over the past several months that indicate a tool kit is being used. The actors have targeted several sectors and have asked a high ransom, 500 Bitcoin. Who is responsible? We do not know. But we do know how the malware works, how the attackers operate, and how to detect the threat. That analysis is essential because it allows us to serve our customers.

13.1.19

The cyber-attack that sent an Alaskan community back in time

Výsledek obrázku pro ransomware

The BBC reports about the Ransomware attack that took out a town in Alaska. In 2018, a remote Alaskan community’s infrastructure was hit by a malware attack which forced it offline. It was only then they realised how much they depended on computers.

13.1.19

Ahihi Ransomware discovered

Výsledek obrázku pro ransomware

MalwareHunterTeam found the Ahihi ransomware does not change the extension.

13.1.19

Ransomware ransom note tries to phish PayPal account

Výsledek obrázku pro ransomware

MalwareHunterTeam found a new ransom note that also attempts to steal PayPal account credentials through a phishing page.

13.1.19

Possible new STOP/Djvu variant

Výsledek obrázku pro ransomware

Michael Gillespie is searching for a new Ransomware that appends the .pdff extension and drops a note named _openme.txt.

13.1.19

Del Rio City Hall Forced to Use Paper After Ransomware Attack

Výsledek obrázku pro ransomware

The City Hall of Del Rio, Texas was hit by a ransomware attack on Thursday, which led to multiple computers on the network being turned off and disconnected from the Internet to contain and analyze the malware.

13.1.19

Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks

Výsledek obrázku pro ransomware

New research now indicates that the Ryuk actors may be renting other malware as an Access-as-a-Service to gain entrance to a network.

13.1.19

New STOP variants

Výsledek obrázku pro ransomware

Michael Gillespie noticed two new STOP variant that was uploaded to ID Ransomware and appends the .tfude or the .tro extensions to encrypted file names.

5.1.19

New MindSystemNotRansomware variant discovered

MindSystemNotRansomWare

MalwareHunterTeam found a new MindSystemNotRansomWare variant that uses a new and interesting wallpaper.

5.1.19

New SeonRansomware distributed through Exploit kits

SeonRansomware

Vigilantbeluga discovered a new ransomware called SeonRansomware that is being distributed through Malvertising and the GreenFlashSundown exploit kit. This ransomware appends the .FIXT extension and drops a ransom note named YOUR_FILES_ARE_ENCRYPTED.txt and readme.hta.

5.1.19

Master Decryption Key Released for FilesLocker Ransomware

Pastebin post

On December 29th, a Pastbin post was created that contains the master RSA decryption key for the FilesLocker Ransomware. The release of this key has allowed a decryptor to be created that can recover victim's files for free.

5.1.19

How to Decrypt the FilesLocker Ransomware with FilesLockerDecrypter

Výsledek obrázku pro ransomware

On December 29th, an unknown user released the master RSA decryption key for FilesLocker v1 and v2. This allowed Michael Gillespie to release a decryptor for files encrypted by the FilesLocker Ransomware that have the .[fileslocker@pm.me] extension appended to file names.

5.1.19

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Výsledek obrázku pro ransomware

According to Brian Krebs:
Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.

5.1.19

Irish Rail Operator Gets Ransom Note on Its Website

Výsledek obrázku pro ransomware

The website of Luas.ie, the tram rail system operator in Dublin, Ireland, has been taken offline today after someone replaced its content with a ransom note demanding one bitcoin not to publish customer data.

5.1.19

FilesLocker 2.1 Released

FilesLocker

MalwareHunterTeam discovered that FilesLocker v2.1 ransomware was released. This variant comes with a new RSA key, so it is no longer decryptable.

5.1.19

New decryptable ransomware discovered

Výsledek obrázku pro ransomware

MalwareHunterTeam discovered a ransomware that appends the .recovery_email_[retmydata@protonmail.com]_ID_[FCFABBBE].aes256 and is decryptable. If you are infected with this ransomware you can contact Michael Gillespie.

5.1.19

New B2DR Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie.found a new variant of the B2DR Ransomware that appends the .artilkilin@tuta.io.wq2k extension to encrypted files.

5.1.19

How to Decrypt the Aurora Ransomware with AuroraDecrypter

Aurora Decryptor

The good news is that the variants of this ransomware family can be decrypted for free using a decryptor created by Michael Gillespie. In order to use the decryptor a victim just needs to have two encrypted files of a certain file type, which will be described later in the guide.

5.1.19

Another new Paradise Ransomware variant

Paradise Ransomware

MalwareHunterTeam found a new variant of the Paradise Ransomware that appends the "_%ID%_{alexbanan@tuta.io}.CORP" extension to encrypted files.

5.1.19

New Indrik Ransomware

Indrik

Michael Gillespie found a new ransomware uploaded to ID Ransomware that appends the ".INDRIK" and drops a ransom note named "# HOW TO DECRYPT YOUR FILES #.html".

5.1.19

Boom Ransomware discovered

Boom Ransomware

MalwareHunterTeam found the Boom Ransomware that tells you to contact a person on Facebook to get a PIN to decrypt the files. This is basically a front end to the Xorist ransomware.

5.1.19

Target777 Ransomware targeting businesses

Výsledek obrázku pro ransomware

Michael Gillespie found a new ransomware that is highly targeted as it includes a victim's name in the extension, emails, and ransom notes. The extensions also include the "777" digits. Michael thinks it may be based off of Defray.

5.1.19

Lockify Ransomware discovered

Lockify

An in-development ransomware called Lockify was discovered by Leo that appends the .tunca extension to encrypted files.

5.1.19

New Paradise Ransomware version

Paradise Ransomware

Michael Gillespie found a new Paradise Ransomware variant that appends an extension with the pattern "__{}.VACv2" and drops a ransom note named "$%%! NOTE ABOUT FILES -=!-.html".

5.1.19

New LockCrypt 2.0 variant

LockCrypt 2

Michael Gillespie found a new variant of the LockCrypt 2.0 ransomware that appends the extension " id-.LyaS" and drops a ransom note named "How To Restore Files.hta".

5.1.19

18 Months Later, WannaCry Still Lurks on Infected Computers

Výsledek obrázku pro ransomware

Eighteen months after the initial outbreak of the WannaCry Ransomware infection, the malware continues to rear its head on thousands, if not hundreds of thousands, of infected computers.

5.1.19

JungleSec Ransomware Infects Victims Through IPMI Remote Consoles

JungleSec Ransom Note

A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.

5.1.19

New Snatch Ransomware discovered

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a sample of the Snatch Ransomware that appends the .snatch and drops a ransom note named Readme_Restore_Files.txt.

5.1.19

New Crysis Ransomware variant discovered

Výsledek obrázku pro ransomware

Jakub Kroustek discovered a new Dharma Ransomware variant that appends the .bizer extension to encrypted files.

5.1.19

AuroraDecryptor updated for Nano variant

Výsledek obrázku pro ransomware

Michael Gillespie updated the AuroraDecrypter to support the new .Nano variant. A guide on how to use it can be found here.

5.1.19

New Hidden Tear variant asks for 200 million yen.

HT

MalwareHunterTeam found a new Hidden Tear variant that uses the extension .locked and asks for 200 million yen.

5.1.19

MMM Reborn

TripleM

Michael Gillespie found a new TripleM variant called "MMM Reborn". The ransomware renames an encrypted file to hex and drops a ransom note named IF_YOU_NEED_FILES_READ_ME.html.

5.1.19

New nano Scarab Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie found a new Scarab Ransomware variant that uses the extension .nano. This should not be confused with the Aurora variant that uses the upper case .Nano.

5.1.19

New GarrantyDecrypt variant

Výsledek obrázku pro ransomware

Michael Gillespie discovered a new variant of the GarrantyDecrypt Ransomware that appends the ".NOSTRO" or ".nostro" extensions and drops a ransom note named "#RECOVERY_FILES#.txt".

5.1.19

New Project57 Ransomware

Project 57

Michael Gillespie discovered the Project57 Ransomware that uses the ".[ti_kozel@lashbania.tv].костя баранин" or ".[ti_kozel@lashbania.tv].êîñòÿ áàðàíèí", if the correct code page is not installed. The ransomware also drops ransom note names "DECRYPT.HTML" and "DECRYPT.txt".

5.1.19

Ryuk Ransomware Involved in Cyberattack Stopping Newspaper Distribution

Výsledek obrázku pro ransomware

A cyberattack reportedly bearing the signature of Ryuk ransomware caused disruption over the weekend in printing and delivery of major newspapers in the US from Tribune Publishing and Los Angeles Times.

5.1.19

New Ransomware hunt

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a ransomware that appends the ".send.ID[redacted].to.dernesatiko@mail.com.crypted"extension and drops a note named "HOW TO DECRYPT FILES.txt".

0  1  2