Ransomware News-  Úvod  2019  2018  0  1  2  3 

Update 11.02.2019 18:43:58  Úvod  Ransomware  Jak útoèí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj  Ransomware Articles

 

Ransom News

Datum

Název

Obrázek

Popis

8.12.19 New Zeppelin Ransomware Zeppelin Michael Gillespie noticed that the new Zeppelin ransomware pays homage to Led Zeppelin in its musical file marker. Also appends the .[3 hex]-[3 hex]-[3 hex] extension to encrypted files and drops a ransom note named readme.txt.
8.12.19 New b1 Paradise Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Paradise Ransomware variant that appends the .b1 extension. This variant is not decryptable.
8.12.19 Ransomware Writes Drama at Shakespeare Theatre Výsledek obrázku pro ransomware A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area.
8.12.19 U.S. Data Center Provider Hit by Ransomware Attack Výsledek obrázku pro ransomware CyrusOne, a large data center provider in the U.S., announced on Thursday that some of its systems were affected by a ransomware attack.
8.12.19 New BlackHeart ransomware variant BlackHeart S!Ri found a new variant of the BlackHeart Ransomware.
8.12.19 New Righ Stop Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP ransomware variant that appends the .righ extension.
8.12.19 New RedRum Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new ransomware that appends the .redrum extension and drops a ransom note named decryption.txt. They obviously like Stephen King.
8.12.19 Analysis of LooCipher, a New Ransomware Family Observed This Year Výsledek obrázku pro ransomware The McAfee ATR team has now analyzed a new ransomware family with some special features we would like to showcase. LooCipher represents how a new actor in an early stage of development used the same techniques of distribution as other players in the ransomware landscape. The design of the ransomware note reminded us of the old times of Cerber ransomware, a very well impacted design to force the user to pay the rescue.
8.12.19 Ryuk Ransomware Is Making Victims Left and Right Výsledek obrázku pro ransomware While doing some open-source intelligence (OSINT), a security researcher discovered that a provider of end-to-end solutions for emergency care facilities in the U.S. fell victim to Ryuk ransomware.
8.12.19 The history of Ransomware: A supervillain 30 years in the making Výsledek obrázku pro ransomware Unlike other supervillains, Ransomware had no defining life event which set him on a path of evil and criminality. On the contrary, Ransomware was a bad actor from the very moment he was conceived…
8.12.19 Clop Ransomware asks you not to use Gmail Clop Ransom Note MalwareHunterTeam noticed that the CryptoMix Clop Ransomware is now telling users not to use Gmail as it goes into the spam folder.
8.12.19 New Bitx and IMI Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found new Dharma Ransomware variants that append the .bitx or .IMI extensions to encrypted files.
8.12.19 Dutch Govt Warns of 3 Ransomware Infecting 1,800 Businesses Výsledek obrázku pro ransomware A confidential report from the National Cyber Security Centre (NCSC) in the Netherlands informs that at least 1,800 companies are affected by ransomware across the world.
8.12.19 Ransomware Locks Medical Records at Great Plains Health Výsledek obrázku pro ransomware Great Plains Health medical center is recovering from a ransomware incident that hit its computer network at the beginning of the week and forced switching to pen and paper to maintain activity.
8.12.19 Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network Výsledek obrázku pro ransomware In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.
8.12.19 New Roger Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .ROGER extension to encrypted files.
8.12.19 New DeathRansom Ransomware Begins to Make a Name for Itself DeathRansom A new ransomware called DeathRansom began with a rocky start, but has now resolved it's issues and has begun to infect victims and encrypt their data.
8.12.19 New Crypto Scarab Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new variant of the Scarab Ransomware that appends the .crypto extension and drops a ransom note named !!! RETURN YOUR FILES !!!.TXT.
8.12.19 New Rote STOP Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new variant of the STOP ransomware that appends the .rote extension.
8.12.19 Livingston School District in New Jersey Hit With Ransomware Výsledek obrázku pro ransomware Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from.

24.11.19

Emsisoft Decryptor for TurkStatik Výsledek obrázku pro ransomware Now that was fast! Emsisoft released a decryptor for the TurkStatik Ransomware: The TurkStatik ransomware targets Turkish victims and encrypts their files using Rijndael 256. It appends the ".ciphered" extension to the encrypted files.

24.11.19

New TurkStatik Ransomware discovered Výsledek obrázku pro ransomware Jack found a new ransomware called TurkStatik that appends the .ciphered extension to encrypted files and drops a Turkish language ransom note named README_DONT_DELETE.txt.

24.11.19

New HiddenTear Ransomware found HiddenTear MalwareHunterTeam found a new HiddenTear Ransomware variant.

24.11.19

FBI Warns of Cyber Attacks Targeting US Automotive Industry Výsledek obrázku pro ransomware The U.S. Federal Bureau of Investigation (FBI) Cyber Division warned private industry partners of incoming cyberattacks against the US automotive industry targeting sensitive corporate and enterprise data.

24.11.19

Clop Ransomware Tries to Disable Windows Defender, Malwarebytes Clop Ransom Note In order to successfully encrypt a victim's data, the Clop CryptoMix Ransomware is now attempting to disable Windows Defender as well as remove the Microsoft Security Essentials and Malwarebytes' standalone Anti-Ransomware programs.

24.11.19

Emsisoft releases a new decryptor for Hakbit ransomware Výsledek obrázku pro ransomware We just released a new free decryption tool for the Hakbit ransomware strain. Hakbit has multiple confirmed victims, including home users and businesses in the United States and Europe.

24.11.19

VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth Výsledek obrázku pro ransomware McAfee's John Fokker and Alexandre Mundo Alguacil publish their in-depth analysis of the GandCrab Ransomware as a Service.

24.11.19

Emsisoft releases a new decryptor for Hakbit ransomware Výsledek obrázku pro ransomware We just released a new free decryption tool for the Hakbit ransomware strain. Hakbit has multiple confirmed victims, including home users and businesses in the United States and Europe.

24.11.19

VB2019 paper: Different ways to cook a crab: GandCrab ransomware-as-a-service (RaaS) analysed in depth Výsledek obrázku pro ransomware McAfee's John Fokker and Alexandre Mundo Alguacil publish their in-depth analysis of the GandCrab Ransomware as a Service.

24.11.19

New RIPlace Bypass Evades Windows 10, AV Ransomware Protection RIPlace A new ransomware bypass technique called RIPlace requires only a few lines of code to bypass ransomware protection features built into many security products and Windows 10.​​​

24.11.19

Allied Universal Breached by Maze Ransomware, Stolen Data Leaked Výsledek obrázku pro ransomware After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from security staffing firm Allied Universal. We are told this is only 10% of the total files stolen and the rest will be released if a payment is not made.

24.11.19

New French Jigsaw Ransomware discovered Jigsaw Ransomware Michael Gillespie found a new Jigsaw Ransomware targeting French users and appending the .fun extension.

24.11.19

Ransomware Gangs Adopt APT Tactics in Targeted Attacks Výsledek obrázku pro ransomware Ransomware operators are moving away from mass volume attacks and partnering with specialists who use APT techniques to provide stealthy infiltration and network-wide encryption capabilities.

24.11.19

Microsoft Warns Customers of DoppelPaymer Ransomware Threat Výsledek obrázku pro ransomware The Microsoft Security Response Center (MSRC) warned customers of the threat behind ongoing DoppelPaymer ransomware attacks and reminded them about misleading info on how it spreads.

24.11.19

Emsisoft releases new decryptor for Jigsaw ransomware Výsledek obrázku pro ransomware Emsisoft released a new decryptor for the Jigsaw Ransomware.

24.11.19

New DeathRansom Ransomware DeathRansom GrujaRS found the new DeathRansom ransomware that appends the .wctc extension and drops a ransom note named read_me.txt email.

24.11.19

New Kharma Dharma Ransomware variant Výsledek obrázku pro ransomware Raby found a new variant of the Dharma Ransomware that appends the .kharma extension to encrypted files.

24.11.19

Shade Ransomware Is the Most Actively Distributed Malware via Email Výsledek obrázku pro ransomware During the first half of 2019, the Shade Ransomware (also known as Troldesh) was the most actively distributed malware via malicious email phishing campaigns according to Singapore-based Group-IB security outfit.

24.11.19

Critical Windows Update Spam Fails at Delivering Ransomware Výsledek obrázku pro ransomware A new spam campaign pretending to be a 'Critical Microsoft Windows Update' has been discovered that attempts to deliver the Cyborg Ransomware, but turns out to be an utter failure.

24.11.19

Jigsaw variant found in 1.4K hard-coded SMTP creds Výsledek obrázku pro ransomware Germany's DFN-CERT found a Jigsaw Ransomware variant with 1.4K hardcoded SMTP credentials.

24.11.19

New SpartCript Ransomware SpartCript Ransom Note S!Ri found the new SpartCript ransomware that appends the .spartcrypt extension to encrypted files. They should decide on a spelling.

24.11.19

New MBED and KODG Stop Djvu variants Výsledek obrázku pro ransomware Michael Gillespie found new Stop Djvu ransomware variants that append the .mbed or .kodg extensions to encrypted files.

24.11.19

Buran Ransomware Infects PCs via Microsoft Excel Web Queries Buran email A new spam campaign has been spotted distributing the Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victim's computer.

24.11.19

Louisiana Government Suffers Outage Due to Ransomware Attack Výsledek obrázku pro ransomware The state government of Louisiana was hit by a ransomware attack today that impacted numerous state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development.

17.11.19

New SySS Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma ransomware that appends the .SySS extension to encrypted files.

17.11.19

New NextCry Ransomware Encrypts Data on NextCloud Linux Servers NextCry A new ransomware has been found in the wild that is currently undetected by antivirus engines on public scanning platforms. Its name is NextCry due to the extension appended to encrypted files and that it targets clients of the NextCloud file sync and share service.

17.11.19

How the most damaging ransomware evades IT security Výsledek obrázku pro ransomware Ransomware has been around for decades, yet it remains a common and lucrative cyberthreat. We decided to take a closer look at the behaviour of ransomware once it is inside a victim system, and how the various tools and techniques observed are used by the most prevalent ransomware families, from WannaCry, Matrix and GandCrab to Ryuk, SamSam, MegaCortex, and more. This article is a summary of a report we’re releasing today, How Ransomware Attacks: What defenders should know about the most prevalent and persistent ransomware families.

17.11.19

New Clop Ransomware variant has a message for the CEO Výsledek obrázku pro ransomware MalwareHunterTeam noticed that a new Clop CryptoMix ransomware variant has added a line to the ransom note saying that they will only decrypt entire networks and that this message should be sent to the CEO.

17.11.19

What Happened? Details about the RPS 205 Ransomware and Tech Outage Výsledek obrázku pro ransomware I looked at our server files and saw they had been encrypted. We knew immediately it was ransomware. In every place a file was encrypted, a ransom note was dropped in. We had millions of encrypted files – and the threat actors started encrypting our backups. In hindsight, my military background helped me prepare for this. My telecommunications work started in the U.S. Army. I served two tours of Iraq and spent time in Korea. I'm trained to keep a level head and problem solve one issue at a time. Of course it's a different type of battleground, but I knew this would be reconnaissance.

17.11.19

New Grod STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .grod extension.

17.11.19

PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS PureLocker Cybercriminals have developed ransomware that can be ported to all major operating systems and is currently used in targeted attacks against production servers.

17.11.19

Strange AnteFrigus Ransomware Only Targets Specific Drives Výsledek obrázku pro ransomware A new and strange ransomware called AnteFrigus is now being distributed through malvertising that redirects users to the the RIG exploit kit. Unlike other ransomware, AnteFrigus does not target the C: drive, but only other drives commonly associated with removable devices and mapped network drives.

17.11.19

New JesusCrypt Ransomware Jesus Ransomware MalwareHunterTeam found a ransomware called JesusCrypt that appends the .jc extension.

17.11.19

New Peet STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .peet extension.

17.11.19

OMGLOL Ransomware discovered OMGLOL S!Ri found a new ransomware called OMGLOL. Most likely trollware.

17.11.19

New Ninja Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma ransomware that appends the .ninja extension to encrypted files.

17.11.19

Mexico's Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded Pemex Instructions Mexico's state-owned oil company, Pemex, has suffered a DoppelPaymer ransomware attack that demanded $4.9 million USD in order to decrypt their files.

17.11.19

If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware Výsledek obrázku pro ransomware A data recovery company is dubiously claiming it has cracked decryption of Dharma ransomware – despite there being no known method of unscrambling its files.

17.11.19

New KR Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma ransomware that appends the .kr extension to encrypted files.

17.11.19

Sodinokibi Ransomware Targeting Asia via the RIG Exploit Kit Výsledek obrázku pro ransomware A new malvertising campaign being used on low quality web games and blogs is redirecting Asian victims to the RIG exploit kit, which is then quietly installing the Sodinokibi Ransomware.

17.11.19

New Ransomware uses 7Zip Výsledek obrázku pro ransomware GrujaRS found a new ransomware that uses 7zip to password-protection files and append the .crypted extension.

17.11.19

Major ASP.NET hosting provider infected by ransomware Výsledek obrázku pro ransomware SmarterASP.NET, an ASP.NET hosting provider with more than 440,000 customers, was hit yesterday by ransomware.

17.11.19

New Nvram Dharma variant Výsledek obrázku pro ransomware GrujaRS found a new Dharma variant that appends the .nvram extension to encrypted files.

17.11.19

New German based ransomware German Ransomware MalwareHunterTeam found a new German ransomware based on Stupid that appends the .verschlüsselt extension and has an unlock code of "deinemutter".

10.11.19

New WannaCash variant Výsledek obrázku pro ransomware Alex Svirid found a new variant of the WannaCash ransomware that changes the file name to Файл зашифрован [original_name].wannacash.zip.

10.11.19

QuikSilver and Billabong Affected by Ransomware Attack Výsledek obrázku pro ransomware Action sports giant Boardriders was hit by a ransomware attack that affected some of its subsidiaries, including QuikSilver and Billabong, and forced the company to shut down computing systems all over the world.

10.11.19

New Major Ransomware variant Major GujaRS found a new Major Ransomware variant that appends the .AIR extension and drops a ransom note named TRY_TO_READ.html.

10.11.19

New Rooster Maoloa variant Výsledek obrázku pro ransomware Raby found a new variant of the Maoloa ​​​​​​​Ransomware that appends the .Rooster865qq extension and drops a ransom note named HOW TO BACK YOUR FILES.exe.

10.11.19

New Octopus Phobos Ransomware variant Octopus Amigo-A found a new variant of the Phobos Ransomware that appendages (get it?) the .octopus extension to encrypted files and drops a ransom note named info.txt.

10.11.19

New LOKF STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Ransomware variant that appends the .lokf extension to encrypted files.

10.11.19

Seasonal ransomware highlights the need for better reporting and information sharing Výsledek obrázku pro ransomware It appears, however, that we may have been mistaken about the reason for the decrease. Data collected by the EPSRC EMPHASIS Ransomware project and shared with us by Professor David Wall of the University of Leeds shows mid-year spikes in previous years too.

10.11.19

Inside the FBI's quiet 'ransomware summit' Výsledek obrázku pro ransomware To help stem the tide of file-locking attacks, the FBI quietly convened the country’s top ransomware experts in an unprecedented, closed-door conference in September. The briefings, which occurred over two days, were a recognition by law enforcement officials that their ability to better investigate and prosecute ransomware cases hinges on the private sector sharing more data with them.

10.11.19

New MOSK STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Ransomware variant that appends the .mosk extension to encrypted files.

10.11.19

New RSA Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .rsa extension (lowercase variant) to encrypted files.

10.11.19

Ransomware Payments Rise as Public Sector is Targeted, New Variants Enter the Market Výsledek obrázku pro ransomware The total cost of a ransomware attack is a function of direct and indirect costs. Direct costs include the immediate remediation of the event, including the ransom if it must be paid. The indirect costs are the costs of business interruption associated with the attack. Business interruption costs are often 5-10x higher than direct costs. Lost revenue and long term brand damage are factors that weigh heavily on victims of ransomware who are not able to recover quickly.

10.11.19

Buran Ransomware; the Evolution of VegaLocker Výsledek obrázku pro ransomware McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware families like GandCrab, and they are willing to negotiate that rate with anyone who can guarantee an impressive level of infection with Buran. They announced in their ads that all the affiliates will have a personal arrangement with them.

10.11.19

New GodLock Ransomware GodLock GrujaRS found a new FreeMe Ransomware variant that appends the .GodLock extension and drops a ransom note named .GodLock.README.TXT.

10.11.19

New Paradise Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a new Paradise Ransomware variant that appends the .for extension and drops a ransom note named ---==%$$$OPEN_ME_UP$$$==---.txt.

10.11.19

Government of Nunavut returns to paper records and phone calls following ransomware attack Výsledek obrázku pro ransomware This past weekend’s ransomware attack on the Government of Nunavut has had far-reaching consequences, having frozen the government’s communications and operating systems and revived the use of telephone calls, paper record-taking and faxes for communication among the territory’s departments.

10.11.19

Tesorian added to the No More Ransom Project Výsledek obrázku pro ransomware Tesorion has been added a contributing partner to the No More Ransom Project for their Nemty Ransomware decryptor.

10.11.19

Brooklyn Hospital Loses Patient Data In Ransomware Attack Výsledek obrázku pro ransomware A ransomware attack hitting several computer systems at the Brooklyn Hospital Center in New York caused permanent loss of some patient's data.

10.11.19

New Megacortex Ransomware Changes Windows Passwords, Threatens to Publish Data MegaCortex Ransom Note A new version of the MegaCortex Ransomware has been discovered that not only encrypts your files, but now changes the logged in user's password and threatens to publish the victim's files if they do not pay the ransom.

10.11.19

New Meka STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends .meka.

10.11.19

New HakBit variant Výsledek obrázku pro ransomware GrujaRS found a new Hakbit Ransomware variant that uses the .crypted extension.

10.11.19

New Cyborg Ransomware Výsledek obrázku pro ransomware GrujaRS found the new Cyborg Ransomware that appends the .petra extension and drops a ransom note named Cyborg_DECRYPT.txt.

10.11.19

New Toec STOP Ransomware variant STOP Ransomware note Amigo-A found a new STOP DJvu Ransomware variant that appends the .toec extension to encrypted files.

10.11.19

Norsk Hydro Breach: Update on Insurance Coverage Výsledek obrázku pro ransomware So far, Norweigan aluminum company Norsk Hydro has received just $3.6 million from its cyber insurer to cover expenses related to the LockerGoga ransomware attack it suffered in March that led to losses of $50 million to $71 million, the company revealed in its third quarter report.

10.11.19

Nemty Ransomware Now Spreads via Trik Botnet Výsledek obrázku pro ransomware The operators of Nemty ransomware have found a new distributor for their file-encrypting malware, which now spreads via Trik, a botnet that pushes all sorts of threats.

10.11.19

Ransomware Attacks Hit Everis and Spain's Largest Radio Network Výsledek obrázku pro ransomware Everis​, an NTT DATA company and one of Spain's largest managed service providers (MSP), had its computer systems encrypted today in a ransomware attack, just as it happened to Spain's largest radio station Cadena SER (Sociedad Española de Radiodifusión).

10.11.19

New Java-based Ransomware Výsledek obrázku pro ransomware dnwls0719 found a new ransomware coded in JAVA that appends the .encrypted extension and drops a ransom note named HOWTODECRYPT.txt.

10.11.19

New VIRUS Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .VIRUS extension to encrypted files.

10.11.19

New Jamper Ransomware variant Jamper Amigo-A found a new of the Jamper Ransomware that appends the .SONIC extension and drops a ransom note named ---README---.TXT ID: XXXXXXXXXX {10 char.}.

3.11.19

New HiddenTear variant Výsledek obrázku pro ransomware MalwareHunterTeam found a new HiddenTear variant from Poland that appends the .locked extension.

3.11.19

GandCrab RaaS Was a Training Ground for Malware Distributors Výsledek obrázku pro ransomware GandCrab operators changed the ransomware business from the ground up, establishing a model that is embraced and continued by other cybercriminals.

3.11.19

New Sifreli Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new ransomware that appends the .SIFRELI or .SIFRELI_DOSYA extension and drops a ransom note named fidye-uyari.txt. This could be related to a previous found by Karsten Hahn in January 2017.

3.11.19

New MedusaLocker Ransomware variant Výsledek obrázku pro ransomware dnwls0719 found a new variant of the MedusaLocker ransomware that appends the .decrypme and drops a ransom note named HOW_TO_OPEN_FILES.html.

3.11.19

New Noblis Ransomware variant Noblis MalwareHunterTeam found a new variant of the Noblis ransomware that appends the .sorryforthis extension.

3.11.19

The count of managed service providers getting hit with ransomware mounts Výsledek obrázku pro ransomware Threat researchers at the global cloud security provider Armor have been tracking publicly-reported incidents in which MSP and cloud service providers have been hit with ransomware. Thus far, they have documented 13 such incidents this year—with 6 of them reported in the past few months.

3.11.19

New ASUS and START Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek discovered new variants of the Dharma Ransomware that append the .asus or .start extensions to encrypted files.

3.11.19

Paradise Ransomware Decryptor Gets Your Files Back for Free Výsledek obrázku pro ransomware A decryptor for the Paradise Ransomware has been released by Emsisoft that allows victims to decrypt their files for free.

3.11.19

Maze Ransomware Attacks Italy in New Email Campaign Maze maldoc The Maze Ransomware is conducting a new spam campaign that targets Italian users by pretending to be the country's Tax and Revenue Agency.

3.11.19

New NAKW STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .nakw extension.

3.11.19

Ransomware Attack Causes School 'District-Wide Shutdown' Výsledek obrázku pro ransomware A ransomware attack hitting Las Cruces Public Schools forced the district to shut down the entire computer system to contain the infection.

3.11.19

Ransomware Actor Starting Young Makes Big Money, Gets Arrested Stampado A 21-year old arrested in Indonesia is suspected to have sent phishing emails that spread ransomware. He is believed to be a lone wolf that started as a teenager and reportedly made at least 300 bitcoins from cybercriminal activities.

3.11.19

New SamSam variant pays homage to JayTHL Výsledek obrázku pro ransomware GrujaRS found a new SamSam variant that appends the .JayTHL extension to encrypted files. This variant is obviously paying homage to JayTHL.

3.11.19

New WORM Paradise Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Paradise Ransomware that appends the .worm extension.

3.11.19

Ouroboros Ransomware decryptor released Výsledek obrázku pro ransomware BitDefender released a decryptor for the Ouroboros Ransomware.

3.11.19

The Ransomware Superhero of Normal, Illinois Výsledek obrázku pro ransomware Thanks to Michael Gillespie, an obscure programmer at a Nerds on Call repair store, hundreds of thousands of ransomware victims have recovered their files for free.

3.11.19

New XDA Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek discovered a new variant of the Dharma Ransomware that appends the .xda extension to encrypted files.

3.11.19

New Nemty Revenge 2.0 version Výsledek obrázku pro ransomware Michael Gillespie noticed that the Nemty Ransomware is back, but has renamed itself "Nemty Revenge 2.0" version. Michael thinks they may have fixed their crypto flaw.

3.11.19

TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines Výsledek obrázku pro ransomware TrialWorks, one of the top-rated providers of legal case management software for law firms and attorneys, became the victim of a ransomware attack earlier this month.

3.11.19

New SEV and LM Paradise Ransomware variant Výsledek obrázku pro ransomware dnwls0719 found new variants of the Paradise Ransomwar that append the .sev or .lm extensions and drops a ransom note named —==%$$$open_me_up$$$==—.txt.

27.10.19

New Mespinoza Ransomware Výsledek obrázku pro ransomware Amigo-A found a new ransomware named Mespinoza that appends the .locked extension and drops a ransom note named Readme.README.

27.10.19

DaveSmith Ransomware DaveSmith Amigo-A found the DaveSmith Ransomware that appends the .[daves.smith@aol.com] extension and drops a ransom note named RECOVERY FILE.txt.

27.10.19

Ransomware Attack Shuts Down City of Johannesburg's Systems Výsledek obrázku pro ransomware The City of Johannesburg municipality shut down the website, its e-services platform, and the billing system (SAP ISU and CRM) following a ransomware attack that also led to unauthorized information access according to a ransom note.

27.10.19

New HDMR Ransomware HDMR GrujaRS found the HDMR Ransomware that appends the .hdmr extension and drops a ransom note named ReadMeAndContact.txt.

27.10.19

Ransomware and data breaches linked to uptick in fatal heart attacks Výsledek obrázku pro ransomware New research finds that at hospitals that experienced a data breach, the death rate among heart attack patients increased in the months and years afterward. This increased mortality doesn’t appear to be due to the perpetrators themselves — the hackers are not controlling the allocation of medications or doctors. Rather the issue may lie with how health care systems adjust their cybersecurity after an attack, according to a study published in October’s issue of Health Services Research.

27.10.19

New Coot and Derp STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP Djvu ransomware that append the .coot and .derp extensions to encrypted files.

27.10.19

New Paradise Ransomware variant Paradise Ransomware dnwls0719 found a new Paradise Ransomware variant that appends the _Support_{ID}.FC RansomNote string to encrypted files and drops a ransom note named ---==%$$$OPEN_ME_UP$$$==---.txt.

27.10.19

FTCode Decryptor released for those with keys Výsledek obrázku pro ransomware Certego released a FTCode Decryptor for those who were able to capture the keys while being encrypted.

27.10.19

New Rapid Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Rapid Ransomware that renames files to [random].droprapid and drops a ransom note named !DECRYPT_DROPRAPID.txt.

27.10.19

Ransomware hunt for Mockba Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware sample that appends the .mockba extension and drops a ransom note named # HOW TO RECOVER YOUR DATA #.txt.

27.10.19

Ransomware Attack: Cybercriminals Hit California School District - MSSP Alert Výsledek obrázku pro ransomware California’s San Bernardino City Unified School District (SBCUSD) has discovered that cybercriminals recently used ransomware to lock access to district files. The ransomware attack was launched against SBCUSD’s computer servers, and these servers are currently inaccessible.

27.10.19

Ransomware Attack Affects Municipal Computer Systems in Johnson City, Tennessee Výsledek obrázku pro ransomware On Oct. 21, a Johnson City employee showed a ransom note left by the ransomware attackers to city IT Director Lisa Sagona. The message asked city officials to contact an email in exchange for payment instructions. Toward that end, the note claimed that the ransomware had encrypted the city government’s backups to dissuade the municipality from attempting to recover its data by any means other than paying for a decryption key.

27.10.19

New One Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .one extension to encrypted files.

27.10.19

New InfoDot Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new ransomware called InfoDot that appends the .info@mymail9[dot]com extension and uses OpenSSL AES-256 + RSA-2048.

27.10.19

New Foxy Ransomware Foxy GrujaRS found the Foxy Ransomware that appears to be in development as it does not encrypt (and probably never will). It uses a ransom note named READ_ME_IMPORTANT.txt.

27.10.19

New PBD Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .pbd extension to encrypted files.

27.10.19

MedusaLocker Ransomware Wants Its Share of Your Money Výsledek obrázku pro ransomware A new ransomware called MedusaLocker is being actively distributed and victims have been seen from all over the world. It is not known at this time, how the attacker is distributing the ransomware.

27.10.19

Billing Provider Billtrust Suffers Outage After Malware Attack Výsledek obrázku pro ransomware U.S. financial services provider Billtrust experienced an outage affecting all of its services after some of the company's computing systems were impacted by a malware attack on October 17.

27.10.19

Aurora Ransomware decryptor updated Výsledek obrázku pro ransomware Emsisoft released an updated Aurora decryptor that now supports the .masked extension.

27.10.19

New STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP Djvu ransomware that append the .werd or .nols extensions to encrypted files.

27.10.19

Tools and Tactics of the Sodinokibi Ransomware Distributors Výsledek obrázku pro ransomware Using a network of honeypots, researchers from McAfee examined the tools and tactics used by the Sodinokibi Ransomware (REvil) affiliates to infect their victims with ransomware and compromise other machines on the network.

27.10.19

New Wiki Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .wiki extension to encrypted files.

27.10.19

Jokeroo Phishing site launched Fake Jokeroo David Montenegro found a Tor site pretending to be the Jokeroo RaaS, which pulled an exit scam in May 2019. This is most likely another site trying to pull another exit scam.

27.10.19

New Lbkut Scarab Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a Scarab Ransomware variant that appends the .lbkut extension.

27.10.19

New Deadmin Locker Ransomware Výsledek obrázku pro ransomware Raby found a ransomware called Deadmin Locker that appends the .DEADMIN extension. Michael Gillespie thinks it may be Everbe 3.

27.10.19

Maze Ransomware Now Delivered by Spelevo Exploit Kit Výsledek obrázku pro ransomware The Spelevo exploit kit has been spotted by security researchers while infecting victims with Maze Ransomware payloads via a new malicious campaign that exploits a Flash Player use after free vulnerability.

27.10.19

STOP Ransomware Decryptor Released for 148 Variants Výsledek obrázku pro ransomware A decryptor for the STOP Ransomware has been released by Emsisoft and Michael Gillespie that allows you to decrypt files encrypted by 148 variants of the infection for free.

27.10.19

REvil Ransomware Affiliates Partner with Corporate Intruders Výsledek obrázku pro ransomware One access-as-a-service provider works with multiple ransomware collectives, including REvil/Sodinokibi, offering them access to large targets.

27.10.19

Maze Ransomware leaves messages for researchers Výsledek obrázku pro ransomware MalwareHunterTeam has found that the Maze Ransomware is leaving messages for various ransomware researchers in their executables.

27.10.19

New Uta Dharma Ransomware variant Výsledek obrázku pro ransomware Raby found a new Dharma Ransomware variant that appends the .uta extension to encrypted files.

27.10.19

New Bot Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .bot extension to encrypted files.

27.10.19

New Ransomware appends .sun extension Sun Ransomware Michael Gillespie found a new ransomware that appends the .sun extension and drops a ransom note named DECRYPT_INFORMATION.html.

27.10.19

New Adair Phobos Ransomware variant Phobos M. Shahpasandi found a new variant of the Phobos Ransomware that appends the .Adair extension to encrypted files.

27.10.19

New Skynet MedusaLocker variant MedusaLocker MalwareHunterTeam found a new MedusaLocker Ransomware variant that appends the .skynet extension and drops a ransom note named Readme.html.

27.10.19

Ransomware statistics for 2019: Q2 to Q3 report Výsledek obrázku pro ransomware Ransomware attacks continued to become more focused and sophisticated in Q2 and Q3 2019. In contrast to the spray-and-pray campaigns of the past, threat actors are increasingly targeting larger and more profitable targets such as businesses, schools and government organizations.

27.10.19

New oo7 Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .oo7 extension to encrypted files.

27.10.19

M6, one of France's biggest TV channels, hit by ransomware Výsledek obrázku pro ransomware The M6 Group, France's largest privately-owned multimedia group, was the victim of ransomware over the weekend, but none of the company's TV and radio channels suffered any downtime.

27.10.19

New Leto STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu ransomware that appends the .leto extension to encrypted files.

27.10.19

'Definite uptick': Global wave of ransomware attacks hitting Canadian organizations Výsledek obrázku pro ransomware When a Toronto dentist learned last week that his office's computer network had been attacked with ransomware, it felt like a "violation."

27.10.19

New Cobain Hermes837 variant Hermes837 Cobain dnwls0719 found a new variant of the Hermes837 Ransomware that appends the .cobain extension and drops a ransom note named !!!READ_ME!!!.txt.

27.10.19

New Kazkavkovkiz Ransomware Ransom Note Amigo-A found the Kazkavkovkiz Ransomware that appends an extension consisting of random numbers.

27.10.19

Sodinokibi Ransomware: Following the Affiliate Money Trail Výsledek obrázku pro ransomware After a Sodinokibi ransomware affiliate posted partial transaction IDs for ransomware payments, researchers were able to use that information to follow the money trail for affiliates and in some cases, how they spend their illicit earnings.

27.10.19

New Dishwasher Ransomware Dishwasher Background Frost found a new ransomware that appends the .clean extension to encrypted files and sets the following image as the desktop wallpaper.

27.10.19

New Matrix Ransomware variant Výsledek obrázku pro ransomware Underwood found a new Matrix Ransomware variant that appends the .tgmn extension.

27.10.19

New Crabs Scarab variant Výsledek obrázku pro ransomware Michael Gillespie found a new Scarab Ransomware variant that appends the .crabs extension.

27.10.19

New Gold Scarab variant Výsledek obrázku pro ransomware Alex Svirid found a new Scarab Ransomware variant that appends the .gold extension and drops a ransom note named Инструкция по расшифровке файлов.TXT.

27.10.19

Decrypting ransomware for good. Výsledek obrázku pro ransomware Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware. - See more at: https://thecyberwire.com/podcasts/cw-podcasts-rs-2019-10-12.html#.dpuf

13.10.19

HildaCrypt Ransomware Developer Releases Decryption Keys Výsledek obrázku pro ransomware The developer behind the HildaCrypt Ransomware has decided to release the ransomware's private decryption keys. With these keys a decryptor can be made that would allow any potential victims to recover their files for free.

13.10.19

New HackdoorCrypt3r Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam found the HackdoorCrypt3r Ransomware that appends the .hackdoor extension and drops a ransom note named !how_to_unlock_your_file.txt.

13.10.19

New OnyxLocker Ransomware Výsledek obrázku pro ransomware Alex Svirid found the OnyxLocker Ransomware that appends the .onx extension to encrypted files.

13.10.19

New Russian Aurora variant Výsledek obrázku pro ransomware MalwareHunterTeam found a new Russian Aurora offline ransomware sample that appends the .veracrypt and drops ransom notes named @@_ATTENTION_@@.txt, @@_README_@@.txt, and @@_RECOVERY_@@.txt.

13.10.19

RobbinHood Ransomware Using Street Cred to Make Victims Pay RobbinHood Ransom Note The operators behind the RobbinHood ransomware have changed their language in the ransom note, at least in one variant of the malware, to take from victims all hope of decrypting the files for free and to make them pay for the recovery.

13.10.19

Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys Výsledek obrázku pro ransomware A victim of the Muhstik Ransomware has hacked back against his attackers and released close to 3,000 decryption keys for victims along with a free decryptor to get their files back.

13.10.19

DCH Hospital Pays Ryuk Ransomware for Decryption Key Výsledek obrázku pro ransomware DCH hospitals in Alabama have decided to the pay ransom for the Ryuk Ransomware in order to receive a decryptor and get their computer systems back up and running.

13.10.19

New Scarab and GlobeImposter 2 Ransomware variants Výsledek obrázku pro ransomware Alex Svirid found a new Scarab and GlobeImposter2 Ransomware variant from the same actor that appends the .[sill@tuta.io] extension to encrypted files and drops a ransom note named help you.txt.

13.10.19

North Carolina State Bar Fights Off Spread of Ransomware Attack Výsledek obrázku pro ransomware In a statement issued on Thursday, the organization says the attack late Monday infiltrated the network through a server and began encrypting the system, server by server. A rapid response team stopped the attack from spreading, but the system had to be restored and repaired using backup data.

13.10.19

Aurora decryptor updated to support .veracrypt Výsledek obrázku pro ransomware Emsisoft has updated their Aurora decryptor to support the .veracrypt variant.

13.10.19

Muhstik Ransomware decryptor for Windows Výsledek obrázku pro ransomware Emsisoft has released a Windows decryptor for the Muhstik Ransomware.

13.10.19

New DCRTR variant Výsledek obrázku pro ransomware GrujaRS discovered a new variant of the DCRTR Ransomware that appends the .LOCK extension and drops a ransom note named HOW TO DECRYPT FILES.txt and HOW TO DECRYPT FILES.hta.

13.10.19

New Bora STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .bora extension.

13.10.19

New Phobos Ransomware variant Phobos Ransomware GrujaRS discovered a new Phobos Ransomware variant that appends the .deal extension to encrypted files.

13.10.19

CYBERCRIME IS BECOMING BOLDER WITH DATA AT THE CENTRE OF THE CRIME SCENE Výsledek obrázku pro ransomware Ransomware remains the top cybercrime threat in 2019. Even though law enforcement has witnessed a decline in the overall volume of ransomware attacks, those that do take place are more targeted, more profitable and cause greater economic damage. As long as ransomware provides relatively easy income for cybercriminals and continues to cause significant damage and financial losses, it is likely to remain the top cybercrime threat.

13.10.19

Nemty Ransomware Decryptor Released, Recover Files for Free Výsledek obrázku pro ransomware Victims of the Nemty Ransomware finally have something to be happy about as researchers have released a decryptor that allows them to recover files for free.

13.10.19

Apple Software Update Zero-Day Used by BitPaymer Ransomware Výsledek obrázku pro ransomware Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows.

13.10.19

Nemty update: decryptors for Nemty 1.5 and 1.6 Výsledek obrázku pro ransomware Last week, we published a blog post on our decryptor for the Nemty ransomware. Since we performed our analysis, two new versions of Nemty have appeared: version 1.5 and 1.6. We have analyzed both and have been working on decryptors for them. As 1.6 is the most recent version of the two, we have been focussing our efforts on this version first. We now have a working decryptor for version 1.6. Please contact Tesorion CSIRT to obtain our decryptor for free if you are a victim of Nemty 1.6. We are also finishing our decryptor for Nemty 1.5 and expect to release it soon as well. Finally, we are working with Europol to get our decryptors included in their NoMoreRansom project.

13.10.19

Don't trust the ransomware to tell you its real name Výsledek obrázku pro ransomware Joe describes online redirect scams, URL encoding and the clever combination of the two. Dave shares delightful satire about Russian brides and Nigerian princes, together at last. The catch of the day involves a student getting the best of scammers, getting them to send him money. Our guest is Fabian Wosar from Emsisoft, well-known for decrypting ransomware. - See more at: https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-10-10.html#.dpuf

13.10.19

Muhstik Decryptor released in Python Výsledek obrázku pro ransomware Michael Gillespie released a Muhstik Decryptor in Python for those who would find that more useful.

13.10.19

New Odveta Ouroboros variant can't be decrypted Výsledek obrázku pro ransomware The makers of the of Ouroboros Ransomware released a new variant that appends the .odveta extension. This variant can no longer be decrypted for free unfortunately as they fixed a weakness in their encryption algorithm.

13.10.19

Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit Nemty 1.6 Ransom Note The RIG exploit kit is now pushing a cocktail of malware that includes a new variant of the Nemty Ransomware.

13.10.19

New Krab Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek discovered a new variant of the Dharma Ransomware that appends the .Krab extension to encrypted files.

6.10.19

New RobbinHood Sample

RobbinHood

Joakim Kennedy found a new RobbinHood Ransomware variant that has an interesting ransom note.

6.10.19

BGUU Ransomware discovered

BGUU

MalwareHunterTeam found a new HiddenTear variant called BGUU that uses a great wallpaper :)

6.10.19

New Sapphire Stupid Ransomware variant

Výsledek obrázku pro ransomware

MalwareHunterTeam found a new Stupid Ransomware variant called "Sapphire Ransomware" that appends the .sapphire extension and has a decryption key of "sapphire_is_a_good_color".
 

6.10.19

New ABAT Matrix Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Matrix Ransomware variant that appends the .ABAT extension and drops a ransom note named !ABAT_INFO!.rtf.

6.10.19

New Mike HildaCrypt Ransomware variant

Výsledek obrázku pro ransomware

GrujaRS found a new HildaCrypt ransomware variant that appends the .mike extension to encrypted files.

6.10.19

New Xoza STOP Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP ransomware variant that appends the .xoza extension to encrypted files.

6.10.19

New Cash Dharma Ransomware variant

Výsledek obrázku pro ransomware

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .CASH extension to encrypted file names.

6.10.19

Phobos now uses PowerSploit Injector

Výsledek obrázku pro ransomware

Kyle Hanslovan spotted a Phobos Ransomware variant with the .calix extension also using the PowerSploit Injector technique.

6.10.19

New AepCrypt Ransomware

AepCrypt

Amigo-A found a new ransomware name AepCrypt that appends .aep extension and drops a ransom note named #READ ME - YOUR FILES ARE LOCKED#.rtf

6.10.19

Pay it or Lose it Ransomware

Pay it or Lose It Ransomware

MalwareHunterTeam discovered a new ransomware titled "Pay it or Lose it".

6.10.19

D00mEd Virus Ransomware

DoomedVirus

MalwareHunterTeam discovered a new ransomware named D00mEd Virus that appends the .D00mEd extension to encrypted files.

6.10.19

Emsisoft releases free decryptor for GalactiCrypter ransomware

Výsledek obrázku pro ransomware

We just released a new free decryption tool for the GalactiCrypter ransomware strain.

6.10.19

FTCode PowerShell Ransomware Resurfaces in Spam Campaign

Encrypted Files

An old PowerShell ransomware has resurfaced with a vengeance in a spam distribution aimed at Italian recipients. This ransomware is called FTCode and is completely PowerShell based, which means it can encrypt the computer without downloading any additional components.

6.10.19

'Lost Files' Data Wiper Poses as a Windows Security Scanner

Lost Files

A Windows Security Scanner that states it encrypted your files is being distributed by spam, but whether by bug or design, it instead corrupts binary data in a victim's files. 

6.10.19

Esemani  Ransomware variant

Výsledek obrázku pro ransomware

GrujaRS found a new ransomware called Esemani that does not add an extension and drops a ransom note named @_READ_TO_RECOVER_FILES_@.txt.

6.10.19

New Noos STOP Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP ransomware variant that appends the .noos extension to encrypted files.

6.10.19

Fake Browser Updates Infect Enterprises with Ransomware, Bankers

Výsledek obrázku pro ransomware

Attackers are utilizing hacked web sites that promote fake browser updates to infect targets with banking trojans. In some cases, post exploitation toolkits are later executed to encrypt the compromised network with ransomware.

6.10.19

FBI Warns U.S. Organizations About High Impact Ransomware

Výsledek obrázku pro ransomware

The U.S. Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issued a public service announcement today regarding the increasing number of high-impact ransomware attacks against public and private U.S. organizations.

6.10.19

Sodinokibi Ransomware Builds An All-Star Team of Affiliates

Výsledek obrázku pro ransomware

The Sodinokibi Ransomware (REvil) has been making news lately as they target the enterprise, MSPs, and government entities through their hand-picked team of all-star affiliates. These affiliates appear to have had a prior history with the GandCrab RaaS and use similar distribution methods.

6.10.19

New Angus Ouroboros variant

Výsledek obrázku pro ransomware

GrujaRS found a new Ouroboros variant that appends the .Angus extension to encrypted files.

6.10.19

State of Ransomware in the U.S.: 2019 Report for Q1 to Q3

Výsledek obrázku pro ransomware

In the first nine months of 2019, at least 621 government entities, healthcare service providers and school districts, colleges and universities were affected by ransomware. The attacks have caused massive disruption: municipal and emergency services have been interrupted, medical practices have permanently closed, ER patients have been diverted, property transactions halted, the collection of property taxes and water bills delayed, medical procedures canceled, schools closed and data lost.

6.10.19

New BadDay GlobeImposter 2.0 variant

Výsledek obrázku pro ransomware

Raby found a new variant of the GlobeImposter 2.0 Ransomware that appends the .badday extension and drops a ransom note named how_to_back_files.html.

6.10.19

New Kuub STOP Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP ransomware variant that appends the .kuub extension to encrypted files.

6.10.19

U.S. and Australian Hospitals Targeted by New Ransomware Attacks

Výsledek obrázku pro ransomware

Several hospitals and health service providers from the U.S. and Australia were forced to completely close down or shut down some of their systems after being hit by ransomware attacks that affected and disrupted their IT systems.

6.10.19

Dharma seen using PowerSploit injector

Výsledek obrázku pro ransomware

Kyle Hanslovan notes that the vbox Dharma Ransomware variant was seen using the same PowerSploit injector that is commonly seen in Sodinokibi/Revil MSP attacks.

6.10.19

Ransomware incident to cost Danish company a whopping $95 million

Výsledek obrázku pro ransomware

Demant, one of the world's largest manufacturers of hearing aids, expects to incur losses of up to $95 million following what appears to be a ransomware infection that hit the company at the start of the month

6.10.19

New QNAPCrypt Ransomware

QnapCrypt

Amigo-A found a new variant of the QNAPCrypt Ransomware that appends the .muhstik extension and drops a ransom note named README_FOR_DECRYPT.txt.

6.10.19

New MegaCortex variant

Výsledek obrázku pro ransomware

MalwareHunterTeam found a new found a new MegaCortex Ransomware variant that was reverse engineered by Vitali Kremez to show that it uses the M3GA-S2= marker.

6.10.19

New Bwall in-dev Ransomware

BWall

MalwareHunterTeam found an in-dev ransomware named BWall that appends the .bwall extension to encrypted files.
 

6.10.19

New RansomwareWin10 found

Výsledek obrázku pro ransomware

MalwareHunterTeam found the RansomwareWin10 that appends the .RANSOMED extension and drops a ransom note named DECRYPT_INSTRUCTION_%TARGET_ID%.txt.

6.10.19

New Phobos Ransomware variant
 

Výsledek obrázku pro ransomware

M. Shahpasandi found a new Phobos Ransomware variant that appends the .deal extension to encrypted files.

6.10.19

Joke Ransomware called FBI-Ware

FBI-ware

MalwareHunterTeam found a new joke ransomware called FBI-Ware.

6.10.19

New GalactiCrypter Ransomware

GalactiCrypter

MalwareHunterTeam found a new ransomware called GalactiCrypter.

6.10.19

New Polish Ransomware

Výsledek obrázku pro ransomware

MalwareHunterTeam found a new ransomware targeting Polish users that appends the .proced extension to encrypted files.

6.10.19

New Boot STOP Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP ransomware variant that appends the .boot extension to encrypted files.

29.9.19 New Vival Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Krouste found a new Dharma Ransomware variant that appends the .VIVAL extension to encrypted files.
29.9.19 New AES Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam found a new ransomware variant that appends the .aes extension to encrypted files and drops a ransom note named Instruction.txt.

29.9.19

Another Jigsaw Ransomware variant Jigsaw MalwareHunterTeam found another Jigsaw Ransomware variant that appends the .LOCKED_PAY
29.9.19 New Jigsaw Ransomware variant Výsledek obrázku pro ransomware MalwareHunterTeam found a new Jigsaw Ransomware variant that claims to be from the "Badut Clowns".

29.9.19

New Scarab Ransomware variant Výsledek obrázku pro ransomware dnwls0719 found a new variant of the Scarab Ransomware that appends the .local extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
29.9.19 FTCode Ransomware possibly distribute by Gootkit FTCode TG Soft found that GootKit may be distributing tht FTCode ransomware on victims machines. This is a fairly old ransomware that appends the .ftcode extension to encrypted files.

29.9.19

People are still paying the WannaCry ransom Výsledek obrázku pro ransomware Vess points out that people are still paying the WannaCry ransom. Go figure.
29.9.19 Some crappy ransomware discovered Crappy Leo found some little crappy ransomware. Not much to it then a screen.

29.9.19

Avest Ransomware decryptor released Výsledek obrázku pro ransomware Emsisoft released a decryptor for the Avest Ransomware, which uses the extension .ckey().email().pack14.
29.9.19 Why are cybercriminals disguising wipers as ransomware? Výsledek obrázku pro ransomware There’s a new spam campaign in town. Disguised as a job application from a person named “Eva Richter”, the campaign aims to infect German-speaking users with a strain of malware known as Ordinypt.

29.9.19

REvil (Sodinokibi) Ransomware Targets Chinese Users with DHL Spam Výsledek obrázku pro ransomware A new spam campaign is underway that is targeting Chinese recipients to trick them into installing the REvil (Sodinokibi) Ransomware.
29.9.19 New Caley Phobos Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a new Phobos Ransomware variant that appends the .Caley extension to encryped files.

29.9.19

New Avest Ransomware discovered Avest GrujaRS discovered the Avest Ransomware that appends the .pack14 extension and drops a ransom note named !!!Readme!!!Help!!!.txt.
29.9.19 New Hidden Tear variant Výsledek obrázku pro ransomware Raby found a new Hidden Tear variant that appends the .shade8 extension. Can be decrypted with the HiddenTear Decryptor.

29.9.19

Ransomware Decryptors Released for Yatron, WannaCryFake, & FortuneCrypt Výsledek obrázku pro ransomware Security vendors released decryptors for three ransomware infections today that allow victims to recover their files for free. These decryptors are for the WannaCryFake, Yatron, and FortuneCrypt Ransomware infections.
29.9.19 New Scarab Ransomware variant Scarab GrujaRS found a new variant of the Scarab Ransomware that appends the .li extension to encrypted files and drops the DECRYPT YOUR FILES.TXT ransom note.

29.9.19

New Kronos Zeropadypt variant Zeropadypt Amigo-A found a new variant of the Zeropadypt Ransomware that appends the .KRONOS bextension to encrypted files.
29.9.19 Shared Code Links Sodinokibi to GandCrab, Minus the Fun & Games Výsledek obrázku pro ransomware Hints of a connection between the defunct GandCrab and the Sodinokibi ransomware get stronger as researchers find code-level similarities and artifacts suggesting continued operations.

29.9.19

New MegaCortex variant found Výsledek obrázku pro ransomware Raby found a new variant of the MegaCortex Ransomware that appends the .m3gac0rtx extension.
29.9.19 New Matrix Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Matrix Ransomware variant that appends the .DECP extension to encrypted files and drops a ransom note named #DECP_README#.rtf.

29.9.19

New Nesa STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Ransomware variant that appends the .nesa extension to encrypted files.
29.9.19 New LonleyCrypt Ransomware LonleyCrypt GrujaRS found the new LonleyCrypt Ransomware that appends the .LonleyEncryptedFile extension to encrypted files.
29.9.19 New Karl STOP Djvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Ransomware variant that appends the .karl extension to encrypted files.

21.9.19

New in-development GoRansom Výsledek obrázku pro ransomware JAMESWT found the new in-development GoRansom that appends the .gore extension and drops a ransom note named GoRansom.txt.

21.9.19

Meet Stop Ransomware: The Most Active Ransomware Nobody Talks About Výsledek obrázku pro ransomware Have you ever heard of the STOP Ransomware? Probably not, as few write about it, most researchers don't cover it, and for the most part it targets consumers through cracked software, adware bundles, and shady sites.

21.9.19

Ransomware attack against Ava, Mo. School District fails, prompts strengthening of network Výsledek obrázku pro ransomware It's been happening all across the country and now it's happened here in the Ozarks. Scammers are hacking into the computer servers of school districts and cities, holding their data for ransom

21.9.19

The WannaCry hangover Výsledek obrázku pro ransomware More than two years on, modified WannaCry variants still cause headaches for IT admins and security analysts

21.9.19

New Alco Ransomware variant Alco onion found a new variant of the Alco ransomware that appends the .Artemis865-20 extension.

21.9.19

New Sherminator Ransomware discovered Sherminator GrujaRS found the Sherminator Ransomware that appends the .[ID]XXXXXXXXX[ID] extension and drops a ransom note named Decoder.hta.

21.9.19

TFlower Ransomware - The Latest Attack Targeting Businesses Výsledek obrázku pro ransomware The latest ransomware targeting corporate environments is called TFlower and is being installed on networks after attackers hack into exposed Remote Desktop services.

21.9.19

New Phobos Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a new Phobos Ransomware variant that appends the .WannaCry extension and drops a ransom note named info.hta.

21.9.19

New WannaCash variant Výsledek obrázku pro ransomware Alex Svirid found a new WannaCash Ransomware variant that changes the filename to файл зашифрован (original_name).zip and drops a ransom note named как расшифровать файлы.txt.

21.9.19

New Phobos Ransomware variant Phobos Ransomware GrujaRS found a new Phobos Ransomware variant that appends the .WannaCry extension and drops a ransom note named info.hta.

21.9.19

New Matrix Ransomware Variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Matrix Ransomware that appends the .YDHM and drops a ransom note named !YDHM_INFO!.rtf.

21.9.19

New Domn STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .domn extension to encrypted files.

21.9.19

New Kvag STOP Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new variant of the STOP Ransomware that appends the .kvag extension to encrypted files.

21.9.19

Ransomware using victim's number as extension Výsledek obrázku pro ransomware A new ransomware was discovered by Amigo-A that uses the victim's phone number as the extension. This has been going on since the middle of August.

21.9.19

New Ebola Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .ebola extension to encrypted files.

21.9.19

How to Enable Ransomware Protection in Windows 10 Výsledek obrázku pro ransomware Windows Defender includes a security feature called "Ransomware Protection" that allows you to enable various protections against ransomware infections. This feature is disabled by default in Windows 10, but with ransomware running rampant, it is important to enable this feature in order to get the most protection you can for your computer.

21.9.19

Irish government admits ransomware breach Výsledek obrázku pro ransomware The Department of Communications, Climate Action and the Environment, which is responsible for protecting the state against cyber-attacks, has admitted its IT systems were breached in a ransomware attack last year.

21.9.19

New HildaCrypt Ransomware variant HildaCrypt GrujaRS found a new GlobeImposter variant that appends the .HCY and drops a ransom note named HILDACRYPTReadMe.html.

21.9.19

Destructive Ordinypt Malware Hitting Germany in New Spam Campaign Výsledek obrázku pro ransomware A new spam campaign is underway that pretends to be a job application from "Eva Richter" who is sending her photo and resume. This resume, though, is actually an executable masquerading as a PDF file that destroys a victim's files by installing the Ordinypt Wiper.
21.9.19 Nemty Ransomware Update Lets It Kill Processes and Services Výsledek obrázku pro ransomware Nemty ransomware is under active development, although its version number may not show it. Its authors are clearly making efforts to make it a more efficient and sophisticated malware and it begins wider distribution.

15.9.19

New RSA Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .RSA extension to encrypted files.
15.9.19 Giant Entercom Radio Network Deals with Ransomware-Like Incident Výsledek obrázku pro ransomware Entercom Communications, one of the largest radio station owners in the U.S. has been dealing with a cyber attack that looks very much like a ransomware incident. The issue occurred over the past weekend and affects all offices the company has across the country.
15.9.19 New GarrantyDecrypt or Outside variant Výsledek obrázku pro ransomware Amigo-A found a new variant of the GarrantyDecrypt or Outsider Ransomware that appends the .guarded and drops a ransom note named GUARDED-README.txt.
15.9.19 The New Target That Enables Ransomware Hackers to Paralyze Dozens of Towns and Businesses at Once Výsledek obrázku pro ransomware Cybercriminals are zeroing in on the managed service providers that handle computer systems for local governments and medical clinics.

15.9.19

New Hermes837 Ransomware spotted Výsledek obrázku pro ransomware GrujaRS found a new ransomware that appends the .hermes837 extension and drops a ransom note named !!!READ_ME!!!.txt.
15.9.19 Ryuk Related Malware Steals Confidential Military, Financial Files Výsledek obrázku pro ransomware A new malware with strange associations to the Ryuk Ransomware has been discovered to look for and steal confidential financial, military, and law enforcement files.
15.9.19 New Meds Stop Ransomware variant STOP Ransomware note Amigo-A found a new variant of the STOP Ransomware that appends the .meds extension.
15.9.19 New Barak Phobos Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new variant of the Phobos Ransomware that appends the .barak or .Barak extension to encrypted files.

15.9.19

New PyLock Ransomware PyLock GrujaRS found the PyLock Ransomware that appends the .locked extension.
15.9.19 Exploit Kits Target Windows Users with Ransomware and Trojans Výsledek obrázku pro ransomware Over the weekend and into today, four different malvertising campaigns have been redirecting users to exploit kits that install password stealing Trojans, ransomware, and clipboard hijackers.
15.9.19 New GlobeImposter variant GlobeImposter GrujaRS found a new GlobeImposter variant that appends the .Erenahen extension to encrypted files. Has an updated and nice looking ransom note named How_to_open_files.html.
15.9.19 New InfinityLock Ransomware InfinityLock GrujaRS found a new ransomware called InfinityLock that appends a long id as an extension.
15.9.19 Fake PayPal Site Spreads Nemty Ransomware Výsledek obrázku pro ransomware A web page pretending to offer an official application from PayPal is currently spreading a new variant of Nemty ransomware to unsuspecting users.

8.9.19

'Coordinated Ransomware Attack' in Texas Hits 23 Local Governments Výsledek obrázku pro ransomware Texas is currently fighting an unprecedented wave of ransomware attacks that has targeted local government entities in the state, with at least 23 impacted by the attacks.

8.9.19

New STOP Djvu Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie spotted new STOP Djvu variants that append the .nuksus and .vesrato extension.
8.9.19 New STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie spotted a new STOP Djvu variant that append the .masodas extension.
8.9.19 STOP Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Decryptor to support the offline keys for the .mtogas, .nasoh, .nacro, .pedro, .vesrato, and .masodas extension.
8.9.19 Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks Výsledek obrázku pro ransomware The threat actor that hit multiple Texas local governments with file-encrypting malware last week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says.
8.9.19 New Nemty Ransomware discovered Nemty Ransom Note S!Ri found a new ransomware called Nemty that appends the .nemty extension and drops a ransom note named NEMTY-DECRYPT.txt.

8.9.19

Backups backups backups. Výsledek obrázku pro ransomware Joe describes a primitive (but effective) phishing scheme being tracked by Bleeping Computer. Dave shares news from a Black Hat presentation on phishing stats from Google. The catch of the day is a friendly invitation from Hawaii. Our guest is Michael Gillespie from Emsisoft describing the ID Ransomware project.

8.9.19

New Stare STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie spotted a new STOP Djvu variant that appends the .stare extension.
8.9.19 New SGuard Ransomware Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .sguard extension and drops a ransom note named SGUARD-README.TXT.

8.9.19

New DOM Scarab Ransomware variant Výsledek obrázku pro ransomware M. Shahpasandi found a new Scarab Ransomware variant that appends the .dom extension to encrypted files and drops a ransom note named How to decrypt files.txt.

8.9.19

New GlobeImposter variant Výsledek obrázku pro ransomware M. Shahpasandi found a new GlobeImposter2 variant that appends the .makkonahi extension to encrypted files.
8.9.19 New Nemty Ransomware May Spread via Compromised RDP Connections Nemty A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. The researchers call it Nemty.
8.9.19 New STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie spotted new STOP Djvu variants that append the .carote, .gero, or .hese extensions.
8.9.19 New PDF Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .pdf extension.
8.9.19 Syrk Decryptor released by Emsisoft Výsledek obrázku pro ransomware Emsisoft released a decryptor for the Syrk Ransomware that pretended to be a Fortnite cheat.

8.9.19

New Scarab Bomber variant Výsledek obrázku pro ransomware Amigo-A found a new Scarab ransomware variant that .lbiaf6c8 and drops a ransom note named КАК РАСШИФРОВАТЬ ФАЙЛЫ.TXT.

8.9.19

The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks Výsledek obrázku pro ransomware Ransomware is proliferating across America, disabling computer systems of corporations, city governments, schools and police departments. This month, attackers seeking millions of dollars encrypted the files of 22 Texas municipalities. Overlooked in the ransomware spree is the role of an industry that is both fueling and benefiting from it: insurance. In recent years, cyber insurance sold by domestic and foreign companies has grown into an estimated $7 billion to $8 billion-a-year market in the U.S. alone, according to Fred Eslami, an associate director at AM Best, a credit rating agency that focuses on the insurance industry. While insurers do not release information about ransom payments, ProPublica has found that they often accommodate attackers’ demands, even when alternatives such as saved backup files may be available.
8.9.19 Putting an end to Retadup: A malicious worm that infected hundreds of thousands Výsledek obrázku pro ransomware Retadup is a malicious worm affecting Windows machines throughout Latin America. Its objective is to achieve persistence on its victims’ computers, to spread itself far and wide and to install additional malware payloads on infected machines. In the vast majority of cases, the installed payload is a piece of malware mining cryptocurrency on the malware authors’ behalf. However, in some cases, we have also observed Retadup distributing the Stop ransomware and the Arkei password stealer.

8.9.19

New Geno STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie spotted a new STOP Djvu variant that appends the .geno extension.

8.9.19

Sodinokibi Ransomware Encrypts Records of Hundreds of Dental Practices Výsledek obrázku pro ransomware A ransomware attack hit a remote data backup service and encrypted files from dental practices in the U.S. Hundreds of customers relying on the backup solution had their data locked by the Sodinokibi file-encrypting malware.
8.9.19 New Good Ransomware Good Leo found a new ransomware variant that appends the .good extension to encrypted files. What makes it interesting is that this "one actually tells you that other decryption services would only act as intermediaries so you should contact them instead for a lower price (which is sadly the truth in many cases)"
8.9.19 A Look Inside the Highly Profitable Sodinokibi Ransomware Business Výsledek obrázku pro ransomware Relatively new on the ransomware scene, Sodinokibi has already made impressive profits for its administrators and affiliates, some victims paying as much as $240,000, while a network infection netted $150,000 on average.
8.9.19 STOP Djvu Ransomware Decryptor will no longer be updated Výsledek obrázku pro ransomware Michael Gillespie has announced that his STOP Djvu Ransomware decryptor will no longer be updated as the ransomware developers changed the decryption method. This prevents the decryptor from working.This last version adds the offline keys for the .nuksus, .cetori, .stare, .carote extensions.
8.9.19 New CMD Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .cmd extension.

8.9.19

New HorseLiker Phobos variant HorseLiker Rmy discovered a new variant of the Phobos Ransomware that appends the .HorseLiker extension to encrypted files.

8.9.19

New HildaCrypt v1.0 Ransomware HildaCrypt GrujaRS found a new GlobeImposter variant that appends the .HILDA and drops a ransom note named READ_IT.txt.
8.9.19 New Apollon865 GlobeImposter variant GlobeImposter GrujaRS found a new GlobeImposter variant that appends the .Apollon865 and drops a ransom note named HOW TO BACK YOUR FILES.exe.

8.9.19

Sodinokibi Ransomware Spreads via Fake Forums on Hacked Sites Sodin fake forum A distributor for the Sodinokibi Ransomware is hacking into WordPress sites and injecting JavaScript that displays a fake Q & A forum post over the content of the original site. This fake post contains an "answer" from the site's "admin" that contains a link to the ransomware installer.

8.9.19

New Seto STOP Djvu variant Výsledek obrázku pro ransomware M. Shahpasandi found a new STOP Djvu variant that appends the .seto extension to encrypted files.
8.9.19 Nemty Ransomware Gets Distribution from RIG Exploit Kit Výsledek obrázku pro ransomware The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits.
8.9.19 New STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie spotted new STOP Djvu variants that append the .shariz or .peta extensions.
8.9.19 New MGS Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .MGS extension.
8.9.19 New Group Dharma Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new Dharma Ransomware variant that appends the .group extension and drops a ransom note named RETURN FILES.txt.

8.9.19

New Banks Phobos Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new Phobos Ransomware variant that appends the .BANKS extension.

8.9.19

Is ransomware driving up the price of Bitcoin? Výsledek obrázku pro ransomware Cybercriminals may be partially responsible for driving up the price of Bitcoin.
8.9.19 Koko Ransomware discovered Koko GrujaRS found a new ransomware called Koko that appends the mailto[kokoklock@cock.li].1be018 extension and drops a ransom note named 1BE018-Readme.txt.
8.9.19 Students Rejoice: School District Closed by Ransomware Attack Výsledek obrázku pro ransomware The summer school holiday has not ended for students in Flagstaff, Arizona, as a ransomware attack hitting the School District computers forces the decision to cancel classes for today. The schedule for tomorrow is uncertain.

8.9.19

Ransomware Adopts DoppelPaymer Name Given by Researchers DoppelPaymer Whether it be malware devs contacting us about our stories or commenting in our forums, we all know that the ransomware developers monitor researchers and technology sites for information about their programs. Nothing shows this better, than a ransomware that recently decided to adopt the name given to it by researchers.

8.9.19

Hackers Ask for $5.3 Million Ransom, Turn Down $400k, Get Nothing Výsledek obrázku pro ransomware Hackers infecting the computer systems of the city of New Bedford, Massachusetts, with ransomware wouldn't settle for anything less that than $5.3 million to decrypt the data. The ransom was too high and they got a big fat nothing in return.
8.9.19 New Moka STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie spotted a new STOP Djvu variant that appends the .moka extension.
8.9.19 Lilocked Ransomware Actively Targeting Servers and Web Sites Lilocked A relatively new ransomware named Lilocked by researchers and Lilu by the developers is actively targeting servers and encrypting the data located on them. All of the known infected servers are web sites, which is causing the encrypted files to show up in Google search results.
8.9.19 School gets hit ransomware in July and this week Výsledek obrázku pro ransomware Another US school hit by #Ryuk today, this one is different in that they were previously hit by Ryuk in July as well. First time I have seen them hitting the same target twice.
17.8.19 Emsisoft's Aurora Decryptor updated Výsledek obrázku pro ransomware Emsisoft's Aurora decryptor was updated to support the Dragon Ransomware with the locked extension.
17.8.19 New Pedro STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .pedro extension.
17.8.19 New Dragon Ransomware Aurora variant Dragon Ransomware Jack discovered a new variant of the Aurora ransomware that appends the .locked extension and drops a ransom note named #DECRYPT_MY_FILES#.txt.
17.8.19 New LuckyJoe GonnaCry variant LuckyJoe Amigo-A discovered a new GonnaCry variant called LuckyJoe that appends the .GNNCRY extension and drops a ransom note named GNNCRY_Readme.
17.8.19 New Plague17 Dont Worry Ransomware variant Výsledek obrázku pro ransomware Alex Svirid discovered a new Dont_Worry Ransomware variant called Plague17 that changes the file name to [16 hex digit]>.PLAGUE17-[16 hex digits] extension and drops a ransom note named PLAGUE17.txt.
17.8.19 They Stole Your Files, You Don’t Have to Pay the Ransom Výsledek obrázku pro ransomware Lack of public awareness may be one reason that victims of ransomware in the United States are often willing to pay their attackers in order to regain control of their files and computer systems. In June alone, two cities in Florida — Riviera Beach and Lake City — agreed to make Bitcoin ransom payments worth roughly $600,000 and $460,000, respectively. In both cities, most of the payments will be covered by their insurers.
17.8.19 New Nacro STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nacro extension.
17.8.19 New Coharos Stop DJvu variant Výsledek obrázku pro ransomware M. Shahpasandi found a new STOP Djvu variant that appends the .coharos extension to encrypted files.
17.8.19 Interview With Fabian Wosar – Emsisoft Výsledek obrázku pro ransomware Safety Detective’s Aviva Zacks learned all about how a young child, fascinated by computer viruses, became a cybersecurity superstar. Read our interview with Fabian Wosar, Emsisoft’s CTO.
17.8.19 New Nasoh STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nasoh extension.
17.8.19 STOP Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated the STOP Decryptor to support the offline keys for the .cosakos, .nvetud, .kovasoh, .brusaf, .londec, and .krusop extension.
17.8.19 New Krusop and Mtogas STOP Djvu variants STOP Michael Gillespie found new STOP Djvu Ransomware variants that append the .krusop or .mtogas extensions.
17.8.19 New Relock Ransomware variant Relock Amigo-A found a new variant of the Relock Ransomware that drops ransom notes named FIX_Instructions.txt and FIX_Instructions.hta.
17.8.19 New Cry36/Nemesis variant Cry36 M. Shahpasandi found a new Cry36/Nemesis variant that appends the .id_*********_.WECANHELP extension and drops a ransom note named _RESTORE FILES_.txt.
17.8.19 Canon DSLR Camera Infected with Ransomware Over the Air Canon DSLR Ransomware Vulnerabilities in the image transfer protocol used in digital cameras enabled a security researcher to infect with ransomware a Canon EOS 80D DSLR over a rogue WiFi connection.
10.8.19 New SkidPatrol Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam found a new ransomware called SkidPatrol.
10.8.19 New Londec STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP DJvu variant that appends the .londec extension to encrypted file names.
10.8.19 How Reverse Engineering (and Cyber-Criminals’ Mistakes) Can Help You When You’ve Been a Ransomware Victim Výsledek obrázku pro ransomware Luckily for us, ransomware developers are not always as professional as they wish and sometimes, they make mistakes that allow us to recover the kidnapped files without having to pay the ransom. That’s exactly what happened with a ransomware called Whiterose.
10.8.19 Emsisoft Decryptor for JSWorm 4.0 Výsledek obrázku pro ransomware JSWorm 4.0 is a ransomware written in C++ that uses a modified version of AES-256 to encrypt files, and adds the extension ".[ID-][].JSWRM to files.
10.8.19 US Accounts for More than Half of World's Ransomware Attacks Stats The threat of ransomware is more prevalent in the U.S., with more than half of the global detections originating from this country, a new report informs
10.8.19 New Help Phobos Ransomware variant Výsledek obrázku pro ransomware Raby found a new variant of the Phobos Ransomware that appends the .help extension to encrypted file names.
10.8.19 New MegaCortex variant Výsledek obrázku pro ransomware Vitali Kremez found a new variant of the MegaCortex Ransomware that users the MEGA-G6= marker.
10.8.19 Arsium Ransomware Builder released Arsium Ransomware Builder Jan discovered the new Arsium Ransomware Builder being prompted on malware forums.
10.8.19 STOP Djvu Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Djvu decryptor to support the offline keys for the .nelasod, .mogranos, .lotej, .prandel, .zatrov, .masok extensions.
10.8.19 New Brusaf STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP DJvu variant that appends the .brusaf extension to encrypted file names.
10.8.19 New Lord Exploit Kit Pushes njRAT and ERIS Ransomware Výsledek obrázku pro ransomware A new kit for web-based attacks calling itself Lord EK has been spotted at the beginning of the month as part of a malvertising chain that uses the PopCash ad network.
10.8.19 New STOP DJvu variants Výsledek obrázku pro ransomware Michael Gillespie found two new STOP DJvu variants that append the .zatrov or .prandel extensions to encrypted file names.
10.8.19 SODINOKIBI: THE CROWN PRINCE OF RANSOMWARE Výsledek obrázku pro ransomware In April of 2019, the Cybereason Nocturnus team encountered and analyzed a new type of ransomware dubbed Sodinokibi. Sobinokibi is highly evasive, and takes many measures to prevent its detection by antivirus and other means.
10.8.19 New version of MegaCortex targets business disruption Výsledek obrázku pro ransomware iDefense engineers have identified and analyzed a recently updated version of the dangerous ransomware MegaCortex, which is known to have previously caused costly incidents across various industries in Europe and North America.
10.8.19 New Paradise Team Ransomware Výsledek obrázku pro ransomware Alex Svirid found a new ransomware called Paradise Team and appending the .junior extension to encrypted files.
10.8.19 ECh0raix Ransomware Decryptor Restores QNAP Files For Free Decryptor A decryptor for the eCh0raix Ransomware, or QNAPCrypt, has been released that allows victims to recover encrypted files on their QNAP NAS devices.
10.8.19 GermanWiper Ransomware Erases Data, Still Asks for Ransom Výsledek obrázku pro ransomware Multiple German companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware targeted them and asked for a ransom. This wiper is being named GermanWiper due to its targeting of German victims and it being a destructive wiper rather than a ransomware.
10.8.19 New Q1G Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma ransomware that appends the .Q1G extension to encrypted file names.
4.8.19 New MegaCortex variant Výsledek obrázku pro ransomware Vitali Kremez found a new variant of the MegaCortex ransomware that uses MEGA-F8= file marker.
4.8.19 New Lotej and Kovasoh STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP DJvu ransomware that append the .lotej or .kovasoh extensions to encrypted files.
4.8.19 Ransom Note Replaces 2.1M Customer Records on Open MongoDB Výsledek obrázku pro ransomware Hackers on the prowl for unsecured databases found a publicly accessible MongoDB instance and replaced the almost 1.2 million sensitive records it stored with a ransom note.
4.8.19 New Syrk Ransomware Syrk Leo found the new Syrk Ransomware that appears to be in development.
4.8.19 New Nvetud and Cosakos STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP DJvu ransomware that append the .nvetud or .cosakos extensions to encrypted files.
4.8.19 Article on the Clop CryptoMix Ransomware variant Výsledek obrázku pro ransomware This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There are some variants of the Clop ransomware but in this report, we will focus on the main version and highlight part of those variations. The main goal of Clop is to encrypt all files in an enterprise and request a payment to receive a decryptor to decrypt all the affected files. To achieve this, we observed some new techniques being used by the author that we have not seen before. Clearly over the last few months we have seen more innovative techniques appearing in ransomware.
4.8.19 Updated STOP Decryptor Výsledek obrázku pro ransomware Michael Gillespie updated the STOP Djvu decrypt the offline keys for the .ndarod, .access, and .format extensions.
4.8.19 New Mogranos STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware that appends the .mogranos extension to encrypted files.
4.8.19 Aurora Decryptor updated Výsledek obrázku pro ransomware Emsisoft updated the Aurora decryptor to support the .infected extension.
4.8.19 Tflower Ransomware discovered TFlower GrujaRS found a new ransomware called TFlower that does not append an extension and uses a targeted ransom note.
4.8.19 New Scarab Ransomware variant Výsledek obrázku pro ransomware Amigo-A discovered a new Scarab Ransomware variant that appends the .rsalive extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
4.8.19 US Govt, NGOs Ask Cyber Community to Boost Ransomware Defenses Výsledek obrázku pro ransomware A joint statement published by the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) urges government partners and the cyber community to reinforce their ransomware defenses.
4.8.19 Some Govt web sites hit with ransomware Govt website Germán Fernández noticed that at one point some government web sites got hit with the Dharma and Phobos ransomware infections.
4.8.19 New Access and Format STOP Djvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP Djvu ransomware that append the .access and .format extensions to encrypted files.
4.8.19 Ransomware infection takes some police car laptops offline in Georgia Výsledek obrázku pro ransomware A ransomware infection at the Georgia Department of Public Safety (DPS) has crippled laptops installed in police cars across the state.
4.8.19 The price of being a ransomware hero: Chips with Everything podcast Výsledek obrázku pro ransomware The Guardian interviews Fabian Wosar about ransomware.
4.8.19 Attackers Are Wiping Iomega NAS Devices, Leaving Ransom Notes IomegaCrypt Attackers are deleting files on publicly accessible Lenovo Iomega NAS devices and leaving ransom notes behind. These ransom notes state that the attackers will give the files back if a bitcoin ransom is paid.
4.8.19 New Android Ransomware Uses SMS Spam to Infect Its Victims Android SMS ransomware A new ransomware family targeting Android devices spreads to other victims by sending text messages containing malicious links to the entire contact list found on already infected targets.
4.8.19 New MegaCortex variant discovered Výsledek obrázku pro ransomware Vitali Kremez found a new variant of the MegaCortex ransomware that uses MEGA-F3= file marker.
4.8.19 New EXE Xorist variant Výsledek obrázku pro ransomware Amigo-A found a new Xorist variant that appends the .exe extension and drops a ransom note named HOW-TO-DECRYPT-FILES.HTM.
4.8.19 New Nqix Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .nqix extension.
4.8.19 Clop CryptoMix variant is back Clop MalwareHunterTeam noted that the Clop CryptoMix Ransomware variant is back from an extended absence.
28.7.19 New Scarab Ransomware variant Scarab Amigo-A found a new Scarab Ransomware variant that appends the .btchelp@xmpp.jp extension to encrypted files and drops a ransom note named HOW TO RECOVER - btchelp@xmpp.jp ENCRYPTED FILES.TXT.
28.7.19 New Ndarod STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .ndarod extension to encrypted files.
28.7.19 No More Ransom Success Story: Saves $108+ Million in Ransomware Payments Výsledek obrázku pro ransomware Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and researchers, the project has been able to help hundreds of thousands, if not millions, of victims get their encrypted files back for free. Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and researchers, the project has been able to help hundreds of thousands, if not millions, of victims get their encrypted files back for free.
28.7.19 Ransomware attacks four Louisville healthcare clinics Výsledek obrázku pro ransomware Four Louisville healthcare centers are infected with ransomware, according to Park DuValle Community Health Center CEO Ann Hagan-Grigsby. This is the second attack so far this year. The CEO said they contacted the FBI shortly after learning of the infected servers.
28.7.19 New Acuf2 Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .Acuf2 extension.
28.7.19 STOP DJvu Ransomware decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Decryptor to support the offline keys for the .lapoi, .todar, .dodoc, .bopador, and .novasof extensions.
28.7.19 New Ntuseg STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .ntuseg extension to encrypted files.
28.7.19 New Banjo Phobos Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Phobos Ransomware variant that appends the .banjo extension.
28.7.19 Ransomware Attack Cripples Power Company’s Entire Network Výsledek obrázku pro ransomware A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications.
28.7.19 Ransomware Attacks Prompt Louisiana to Declare State of Emergency Výsledek obrázku pro ransomware Louisiana Governor John Edwards has declared a state of emergency after a wave of ransomware attacks targeted school districts this month. This Emergency Declaration will allow Louisiana state resources and cybersecurity experts to assist local governments in securing their networks.
28.7.19 New Haven Public Schools hit by ransomware attack Výsledek obrázku pro ransomware The New Haven Public School district recently was hit by a ransomware attack, an official confirmed Wednesday.
28.7.19 DecryptIomega Ransomware discovered DecryptIomega Amigo-A found a new ransomware called DecryptIomega that is target Lenovo Iomega NAS drives. The files are hidden, or removed, so it is not know if anything is encrypted, but it does drop a ransom note named YOUR FILES ARE SAFE!!!.txt.
28.7.19 A deep dive into Phobos ransomware Výsledek obrázku pro ransomware Phobos ransomware appeared at the beginning of 2019. It has been noted that this new strain of ransomware is strongly based on the previously known family: Dharma (a.k.a. CrySis), and probably distributed by the same group as Dharma.
28.7.19 NinjaRMM Partner Used To Seed Ransomware Výsledek obrázku pro ransomware NinjaRMM said its tool was used to spread ransomware across “multiple endpoints” within the last 36 hours, and it is encouraging partners to enable two-factor authentication, which it said could have stopped the attack, according to an email it sent to partners today.
28.7.19 New STOP Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new STOP Djvu Ransomware variants that append the .novasof or .bopador extensions to encrypted files.
28.7.19 Ransomware: Most Popular Malware in Underground Forums Výsledek obrázku pro ransomware Through the analysis of over 3.9 million posts on underground hacker and malware forums, a new report illustrates the most common malware and threats being discussed.
28.7.19 Sodinokibi Ransomware Distributed by Hackers Posing as German BSI Výsledek obrázku pro ransomware BSI, the German national cybersecurity authority, has issued a warning regarding a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages.
28.7.19 Vigo County works to assess extent of malware attack Výsledek obrázku pro ransomware Vigo County officials are working today to determine what kind of attack was made on the county's computer system.
28.7.19 New ransomware taunting Emsisoft Výsledek obrázku pro ransomware A new ransomware was discovered by Petrovic that appears to be taunting Emsisoft by using the extensions .xuy and ..emsisosisoft.
28.7.19 New com2 Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .com2 extension.
28.7.19 New Dodoc STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .dodoc extension to encrypted files.
28.7.19 Technical analysis of Ryuk ransomware that targets the large organizations Výsledek obrázku pro ransomware Ryuk ransomware, a modified version of Hermes, is used by Grim Spider a cyber-criminal group, it made its first appearance in August 2018.
28.7.19 New Maoloa Ransomware variant Maoloa Ransomware GrujaRS found a new Maoloa Ransomware variant that appends the .Hades666 extension and drops a ransom note named HOW TO BACK YOUR FILES.txt.
28.7.19 New STOP Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new STOP Djvu Ransomware variants that append the .lapoi or .todar extension to encrypted files.
28.7.19 LooCipher Ransomware Decryptor Gets Your Files Back for Free Loocipher A decryptor for the LooCipher Ransomware has been released by Emsisoft that allows victims to decrypt their files for free. If you were infected with LooCipher, do not pay the ransom and instead follow the instructions below.
28.7.19 New Lucky Joe Ransomware Výsledek obrázku pro ransomware Germán Fernández found a new ransomware called Lucky Joe that appears to be a GonnaCry variant. According to pollo290987, this variant drops a ransom note named GNNCRY_Readme.txt.
28.7.19 New RotorCrypt Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new RotorCrypt Ransomware !-information-...___ingibitor366@cumallover.me___....RT4BLOCK and drops a ransom note named NEWS_INGiBiToR.txt.
28.7.19 STOP DJvu Ransomware decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP Decryptor to support the offline keys for the .gusau, .madek, and .tocue extensions.
28.7.19 New Daris STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .daris extension to encrypted files.
28.7.19 New Tocue STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .tocue extension to encrypted files.
28.7.19 Haka Ransomware found Výsledek obrázku pro ransomware Michael Gillespie is looking for a ransomware that appends the extension .haka and drops a ransom note named !!!READ_ME_FIRST!!!.txt.
28.7.19 LilLocked Ransomware found Výsledek obrázku pro ransomware Michael Gillespie is looking for a ransomware that appends the extension .lilocked and drops a ransom note named #README.lilocked.
28.7.19 New Scarab Ransomware variant Výsledek obrázku pro ransomware Alex Svirid found a new Scarab Ransomware variant that appends the {Help557@cock.li}.exe extension to encrypted file names.
21.7.19 Emsisoft releases imS00rry decryptor Výsledek obrázku pro ransomware Emsisoft released a decryptor for imS00rry Ransomware.
21.7.19 SkyStars Ransomware discovered Výsledek obrázku pro ransomware Petrovic‏ found a new ransomware called SkyStars.
21.7.19 New Matrix Ransomware variant Matrix Amigo-A found a new Matrix Ransomware variant that appends the .[Kromber@tutanota.com] extension and drops a ransom note named #_#ReadMe#_#.rtf.
21.7.19 La Porte County Pays $130,000 Ransom To Ryuk Ransomware Výsledek obrázku pro ransomware Another public administration in the U.S. surrenders cybercriminal demands as La Porte County, Indiana, pays $130,000 to recover data on computer systems impacted by ransomware.
21.7.19 New 1BTC Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .1BTC extension to encrypted files.
21.7.19 New DoppelPaymer Ransomware Emerges from BitPaymer's Code Výsledek obrázku pro ransomware Malware researchers have discovered a new file-encrypting malware they dubbed DoppelPaymer that has been making victims since at least mid-June, asking hundreds of thousands of US dollars in ransom.
21.7.19 Ryuk, Sodinokibi Ransomware Responsible for Higher Average Ransoms Výsledek obrázku pro ransomware The average payment demand following a ransomware attack has almost doubled in the second quarter of the year and victims have Ryuk and Sodinokibi to blame.
21.7.19 FBI Releases Master Decryption Keys for GandCrab Ransomware Výsledek obrázku pro ransomware In an FBI Flash Alert, the FBI has released the master decryption keys for the Gandcrab Ransomware versions 4, 5, 5.0.4, 5.1, and 5.2. Using these keys, any individual or organization can create and release their very own GandCrab decryptor.
21.7.19 New Budak and Herad STOP DJvu variants Výsledek obrázku pro ransomware Michael Gillespie found a new variants of the STOP DJvu Ransomware that append the .budak or .herad extension to encrypted files.
21.7.19 New Nemesis Ransomware variant Výsledek obrázku pro ransomware M. Shahpasandi found a new variant of the Cry36/Nemesis Ransomware that appends the .id_**********_.YOUR_LAST_CHANCE extension to encrypted file names.
21.7.19 Onondaga Libraries hit by ransomware attack, locations open but some services affected Výsledek obrázku pro ransomware Libraries across Onondaga County continue to deal with service issues caused by a cyber attack discovered last Friday.
21.7.19 Lessons learned from ransomware authors’ crypto mistakes Výsledek obrázku pro ransomware Some ransomware authors get the cryptography right, but make web security mistakes that leave their command and control (C2) infrastructure vulnerable to attacks.
21.7.19 New Berosuce STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu Ransomware that appends the .berosuce extension to encrypted files.
21.7.19 STOP Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP DJvu Ransomware decryptor to support the offline keys for the .godes, .budak, .heran, and .berosuce extensions.
21.7.19 Sodinokibi Spam campaign attacking Germany Výsledek obrázku pro ransomware Karsten Hahn reported that a spam wave targeting Germany was distributing the Sodinokibi Ransomware.
21.7.19 Radio station WMNF victim of ransomware cyberattack Výsledek obrázku pro ransomware Tampa-based community radio station WMNF 88.5-FM is stepping up cybersecurity after its computer systems were hobbled by ransom-seeking hackers last month.
21.7.19 New Phobos Ransomware variant Phobos GrujaRS found a new variant of the Phobos ransomware that appends the .id[XXXXXX-2224].[zoye1596@msgden.net].actor extension and drops a ransom note named info.txt.
21.7.19 New Ouroboros Ransomware Ransomware GrujaRS found a new variant of the Ouroboros Ransomware that appends the .[id=xxxxxxx][mail=BackFileHelp@protonmail.com].limbo extension and drops a ransom note named Read-Me-Now.txt.
21.7.19 Avast Releases a GandCrab Decryptor Výsledek obrázku pro ransomware Avast Software has released their own decryptor for the GandCrab Ransomware.
21.7.19 New Gusau STOP DJvu variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the STOP DJvu Ransomware that appends the .gusau, .vusad, .madek, or .gehad extensions to encrypted files.
21.7.19 STOP Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP DJvu Ransomware decryptor to support the offline keys for the .gehad extensions.
21.7.19 Ransomware attack impacting Collierville, officials say Výsledek obrázku pro ransomware City officials said the attack disrupted the town’s information technology systems. They first received reports of the disruption Thursday morning and have determined it is the Ryuk ransomware virus.
21.7.19 Elusive MegaCortex Ransomware Found - Here is What We Know MegaCortex A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer.
21.7.19 Ransomware Attacks Grow Rampant, Paying Still Not a Good Option Výsledek obrázku pro ransomware A flurry of ransomware attacks has been reported this week affecting entities in US states of Georgia, New York, Tennessee, and Florida.
21.7.19 iNSYNQ Cloud Hosting Provider Hit by Ransomware Attack Výsledek obrázku pro ransomware Cloud computing provider iNSYNQ experienced a ransomware attack which forced the company to shut down some of its servers to contain the malware infection from spreading and affecting more customer data.
21.7.19 Lawrenceville police latest victims of cyberattack Výsledek obrázku pro ransomware Lawrenceville police confirmed the FBI and private security experts have been called in to help with the cyberattack that has hijacked the department’s body camera file footage and other department files. It is also the same ransomware that attacked Henry County police, sources say.
21.7.19 New Maoloa Ransomware variant Maoloa GrujaRS found a new variant of the Maoloa Ransomware that appends .Persephone666 extension to encrypted files.
14.7.19 Monroe College Hit With Ransomware, $2 Million Demanded Výsledek obrázku pro ransomware A ransomware attack at New York City's Monroe College has shutdown the college's computer systems at campuses located in Manhattan, New Rochelle and St. Lucia. Attackers are demanding $2 million ransom to restore their files.
14.7.19 Northwest Indian College Hit with Ransomware Výsledek obrázku pro ransomware This week, the Northwest Indian College (NWIC) has been facing a cyberattack identified as the Ryuk ransomware virus. The outbreak has corrupted many internal files on our systems, including backups and legacy data.
14.7.19 New Bulba Ransomware Výsledek obrázku pro ransomware GrujaRS found a new ransomware called Bulba that appends the .Pox extension and drops a ransom note named HOW TO DECRYPT FILES.txt.
14.7.19 New Godes STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .godes extension.
14.7.19 STOP Decryptor updated Výsledek obrázku pro ransomware Michael Gillespie updated his STOP DJvu decryptor to support the offline keys for the .cezor and .lokas extensions. Mayors pass resolution against paying ransomware ransoms.The U.S. Conference of Mayors has passed a resolution calling on city leaders not to pay ransoms to their cyberattackers in the event ransomware attacks.
14.7.19 New HTML Dharma variant Výsledek obrázku pro ransomware Amigo-A has discovered a new Dharma ransomware variant that appends the .HTML extension to encrypted files and drops a ransom note named HOW_TO_DECRYPT.txt/
14.7.19 Westchester Library System Attacked By Ransomware Virus Výsledek obrázku pro ransomware A ransomware virus attack on the Westchester Library System is being investigated, an IT official said on Wednesday, July 10.
14.7.19 New Nemesis Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a new Nemesis Ransomware variant that appends the YOUR_LAST_CHANCE extension to encrypted files and drops a ransom note named _RESTORE FILES_.txt.
14.7.19 Rodentia Ransomware discovered Výsledek obrázku pro ransomware MalwareHunterTeam found a new Jigsaw Ransomware variant called Rodentia Ransomware that does not encrypt anything.
14.7.19 Wanna Dead Ransomware discovered Výsledek obrázku pro ransomware MalwareHunterTeam found a new ransomware called Wanna Dead that is based off of HiddenTear and does not encrypt anything.
14.7.19 New .BKP Dharma variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma ransomware variant that appends the .BKP extension.
14.7.19 How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers Výsledek obrázku pro ransomware More eCh0raix news by Intezer who call this ransomware QNAPCrypt.
We at Intezer have detected and temporarily DoS’d the operation of a ransomware targeting Linux-based file storage systems (NAS servers).
14.7.19 New eCh0raix Ransomware Brute-Forces QNAP NAS Devices eCh0raix A new ransomware strain written in Go and dubbed eCh0raix by the Anomali Threat Research Team is being used in the wild to infect and encrypt documents on consumer and enterprise QNAP Network Attached Storage (NAS) devices used for backups and file storage.
14.7.19 Crown Ransomware discovered Crown Ransomware Petrovic discovered a new ransomware called Crown that appends the .CROWN extension to encrypted files.
14.7.19 Qihoo 360 releases a GandCrab v5.2 decryption tool Výsledek obrázku pro ransomware Previously, 360 Total Security intercepted all aspects of the attack and fully supported the powerful killing of the entire series of GandCrab ransomware. Nowadays, 360 Total Security launch the decryption tool for GandCrab v5.2, which means that 360 Total Security have supported GandCrab ransomware 4.0/5.0/5.0.2/5.0.3/ 5.0.4/5.1/5.2 full range of decryption, users who have been infected can successfully decrypt the file without paying for the ransom!
14.7.19 Ransomware REvil - Sodinokibi: Technical analysis and Threat Intelligence Report Výsledek obrázku pro ransomware The authors of Sodinokibi ransomware, even if they are the first versions of their creation, seem to have a long experience in this threats of cyber-crime.
Some researchers have identified the similarities with GandCrab ransomware, whose project was shut down in beginning June. It seems that Sodinokibi ransomware is the right candidate to fill the hole left behind GandCrab.
14.7.19 Rig Exploit Kit Pushing Eris Ransomware in Drive-by Downloads ERIS The RIG exploit kit has been spotted distributing the new ERIS Ransomware as its payload. Using the RIG exploit kit, vulnerable victims will find that the ransomware is installed on their computer without their knowledge simply by visiting a web site.
14.7.19 Who’s Behind the GandCrab Ransomware? Výsledek obrázku pro ransomware The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.
14.7.19 Custom exploit kit pushing the ERIS Ransomware Azera Exploit Kit Jérôme Segura found a custom exploit called Azera pushing the ERIS Ransomware.
14.7.19 New .lokas STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu variant that appends the .lokas extension to encrypted files.
14.7.19 New GarrantyDecrypt variant Výsledek obrázku pro ransomware Michael Gillespie found a new GarrantyDecrypt Ransomware variant that appends the .popoticus extension.
14.7.19 New .kick Dharma variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma ransomware variant that appends the .kick extension.
14.7.19 New .save Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found new a Dharma variant that append the .save extension.
14.7.19 New .php and .dqb Dharma variants Výsledek obrázku pro ransomware Jakub Kroustek found new Dharma variants that append the .php and.dqb extensions.
14.7.19 A City Paid a Hefty Ransom to Hackers. But Its Pains Are Far From Over. Výsledek obrázku pro ransomware More than 100 years’ worth of municipal records, from ordinances to meeting minutes to resolutions and City Council agendas, have been locked in cyberspace for nearly a month, hijacked by unidentified hackers who encrypted the city’s computer system sand demanded more than $460,000 in ransom.
14.7.19 New Basilisque Locker discovered Basilisque Amigo-A found a new ransomware called Basilisque Locker that appends the .basilisque@protonmail_com extension and drops a ransom note named HOW_TO_DECRYPT.txt.
14.7.19 New .crash Dharma variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma ransomware variant that appends the .crash extension.
6.7.19 Eurofins Scientific: Forensic services firm paid ransom after cyber-attack Výsledek obrázku pro ransomware The UK's biggest provider of forensic services has paid a ransom to criminals after its IT systems were disrupted in a cyber-attack, BBC News has learned.
6.7.19 New Cezar STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .cezar extension to encrypted files.
6.7.19 New DRCTR Ransomware variant Výsledek obrázku pro ransomware Amigo-A has disovered a new DRCTR variant that appends the .CAGO extension and drops the ransom notes named DECRYPT_INFO.txt and DECRYPT_INFO.hta.
6.7.19 STOP DJvu Decryptor Updated Výsledek obrázku pro ransomware Michael Gillespie's STOP DJvu decryptor has been updated to include the offline keys for the .nusar, .litar, and .besub extensions.
6.7.19 Sodinokibi Ransomware Exploits Windows Bug to Elevate Privileges Výsledek obrázku pro ransomware The Sodinokibi ransomware is looking to increase its privileges on a victim machine by exploiting a vulnerability in the Win32k component present on Windows 7 through 10 and Server editions.
6.7.19 VirusEncoder Discovered VirusEncoder GrujaRS discovered a ransomware called VirusEncoder that appends the .boooam@cock_li extension and drops a ransom note named HOW_TO_DECRYPT_FILES.html.
6.7.19 SEON Ransomware 0.2 spotted Výsledek obrázku pro ransomware Petrovic found the 0.2 version of the SEON Ransomware.
6.7.19 Don't pay ransom payments for Cryakl CS1.6 Výsledek obrázku pro ransomware Alex Svirid explains: "If you were hit by Cryakl CS1.6 ransomware (3nity@tuta.io) before July 3 2019, this one is for you: As far as we know authorities have taken control of crook's server, that keeps private keys. Attention - attacker didn't backup any data, so you shouldn't pay him."
6.7.19 Crypto Locker Ransomware Výsledek obrázku pro ransomware Petrovic found a new ransomware that calls itself Crypto Locker and appends the .isolated extension to encrypted files.
6.7.19 CXK NMSL Ransomware Výsledek obrázku pro ransomware Petrovic found a new ransomware called CXK NMSL that is a batch file. It appends the .cxk_nmsl extension to encrypted files.
6.7.19 Georgia court system hit by ransomware attack Výsledek obrázku pro ransomware At least a portion of the digital information systems for Georgia’s court system has been taken offline by a ransomware attack after a note was found requesting contact, officials confirmed Monday.
6.7.19 New Phobos Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Phobos Ransomware variant that appends the .1500dollars extension to encrypted files.
6.7.19 Cryakl Changes its extension scheme Výsledek obrázku pro ransomware Michael Gillespie explains "Looks like Cryakl Ransomware has a new extension ".cs16" - e.g. "email-3nity@tuta.io.ver-CS 1.6.id-.fname-NEWS.RTF.cs16""
6.7.19 New Litar STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .litar extension to encrypted files.
6.7.19 New Scarab Ransomware variant Scarab Amigo-A found a new Scarab ransomware variant that appends the .alilibat extension and drops a ransom note named DECRYPT.TXT.
6.7.19 Wav_list Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .wav_list extension and drops a ransom note named HOW TO DECRYPT[].txt.
6.7.19 “We need to up our game”—DHS cybersecurity director on Iran and ransomware Výsledek obrázku pro ransomware Talking with Ars, Christopher Krebs shares the to-do list: Iran, ransomware—and elections.
6.7.19 Freezing PowerShell Ransomware Výsledek obrázku pro ransomware Petrovic found a new ransomware written in PowerShell that appends the .Freezing extension.
6.7.19 New Go Ransomware spreads via EternalBlue Výsledek obrázku pro ransomware A Shadow found a ransomware written in Go that uses the Pyexe tool to spread via EternalBlue. This ransomware appends the .locked extension.
6.7.19 STOP DJvu Decryptor Updated Výsledek obrázku pro ransomware Michael Gillespie's STOP DJvu decryptor has been updated to include the offline keys for the .truke, .dalle, and .lotep extensions.
6.7.19 Peekaboo Ransomware decryptor released Výsledek obrázku pro ransomware Emsisoft released a decryptor for the Peekaboo Ransomware.
6.7.19 New Nusar STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .nusar extension to encrypted files.
6.7.19 Hacked Ad Server Pushes SEON Ransomware, Trojans Via Malvertising SEON Ransomware The ad server for a very popular video converter site was hacked to display malvertising that loads the GreenFlash Sundown exploit kit. This exploit kit would then drop the SEON Ransomware, Pony information stealing Trojan, and miners on a vulnerable computer.
6.7.19 New PZDC Ransomware variant Výsledek obrázku pro ransomware Amigo-A found a new PZDC Ransomware variant that appends the ,pzdc extension and drops a ransom note named 1_VIRUS_SHIFROVALSHIK.txt.
6.7.19 Popotic Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .popotic extension and drops a ransom note named HOW-TO-RESTORE-FILES.txt.
6.7.19 Attackers Earn Over $1 Million in Florida Ransomware Attacks Výsledek obrázku pro ransomware Hackers launching ransomware attacks against municipalities in Florida locked earnings in excess of $1 million this month as administrators of two cities found no other way to recover files on affected systems.
6.7.19 Ransomware strain Troldesh spikes again – Avast tracks new attacks Výsledek obrázku pro ransomware This week the ransomware known as Troldesh, which made headlines early this year, spiked again in Russia, Mexico, and the U.S.
6.7.19 Craftul Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .craftul extension and drops a ransom note named FilesInfo.txt.
6.7.19 Peekaboo Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware that appends the .peekaboo extension and drops a ransom note named @@_TAKE_A_LOOK_@@.txt.
6.7.19 New Zeropadypt Ransomware variant Zeropadypt Amigo-A found a new variant of the Zeropadypt Ransomware that appends the .limbo extension and drops a note named Read-Me-Now.txt.
6.7.19 New XXXX Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek discovered a new Dharma Ransomware variant that appends the .xxxx extension to encrypted files.
6.7.19 New Lotep STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .lotep extension to encrypted files.
6.7.19 Troll Ransomware Hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new rnasomware that appends the .TROLL extension and drops a ransom note named HOW TO BACK YOUR FILES.txt.
6.7.19 Sting Catches Another Ransomware Firm — Red Mosquito — Negotiating With “Hackers” Výsledek obrázku pro ransomware We recently wrote about two U.S. firms that promised high-tech ransomware solutions but instead paid the cyber-attacker. A U.K. company appears to do the same.
6.7.19 Walan Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie is looking for a new ransomware variant that appends the .WALAN extension and drops a ransom note named DECRYPT_INFO.txt.
6.7.19 New Phobos Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie was shown a new Phobos ransomware variant that uses the .wallet extension. This extension is best known as being used by Dharma.
6.7.19 New Litra Ransomware Litra S!Ri discovered a new ransomware that appends the .Litra extension to encrypted files.
6.7.19 New Dharma Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new Dharma variants that appends the .hccapx and .cap extensions to encrypted files.
6.7.19 New Dalle STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP DJvu ransomware family that appends the .dalle extension to encrypted files.
6.7.19 Sodinokibi Ransomware Now Pushed by Exploit Kits and Malvertising Výsledek obrázku pro ransomware The Sodinokibi Ransomware has been spotted being distributed through malvertising that redirects to the RIG exploit kit. With the use of exploit kits, Sodinokibi is now using a wide stream of vectors to infect victims with the ransomware.
6.7.19 New Snatch Ransomware variant Výsledek obrázku pro ransomware Petrovic found a new Snatch Ransomware variant that appends the .cbs0z extension to encrypted files and drops a ransom note named RESTORE_CBS0Z_DATA.txt.

0  1  2