Ransomware News- 

Úvod  Ransomware  Jak útočí  Klany  Techniky  Obrana  Popisky  Nástroje pro odstranění  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence

 

Datum

Název

Obrázek

Popis

22.9.2018New Brrr Dharma Ransomware Variant ReleasedA new variant of the Dharma Ransomware was released this week that appends the .brrr extension to encrypted files. This variant was first discovered by Jakub Kroustek who tweeted a link to the sample on VirusTotal.
22.9.2018Ransomware attack blacks out screens at Bristol AirportVýsledek obrázku pro ransomwareFlight information screens were blacked out over the weekend at the Bristol Airport in the UK. Airport officials blamed the incident on a ransomware infection that affected the computers running the airport's in-house TV screens displaying arrival and departure flight information.
22.9.2018New IT.Books ransomwareIT.Books RansomwareMalwareHunterTeam discovered a new HiddenTear variant called IT.Books Ransomware that looks like Jigsaw. Drops a ransom note named READ__IT.txt and extension of .f*cked.  See the tweet for the uncensored extension.
22.9.2018New Everbe 2.0 variantVýsledek obrázku pro ransomwareMichael Gillespie found a new variant of the Everbe 2.0 Ransomware that appends the ".[].NOT_OPEN" and drops a ransom note named "!_HOW_RECOVERY_FILES_!.txt".
22.9.2018New Matrix ransomware variantsVýsledek obrázku pro ransomwareMichael Gillespie found a new variant of the Matrix Ransomware that renames files to "[che808@protonmail.com].-.CHE808". Michael also found another variant that renames files to "[KOK08@QQ.COM].-.CHE08".
22.9.2018Xbash Malware Deletes Databases on Linux, Mines for Coins on WindowsWhat may very well be considered a cybercriminal's dream tool is now real and it is hunting Windows and Linux servers: a botnet with self-spreading capabilities that combines cryptomining and ransomware functions.
22.9.2018Database with 11 Million Email Records ExposedA huge customer database containing 11 million records that include personal details, has been discovered on Monday sitting online, unprotected.
22.9.2018No personal info lost in ransomware attack, says VON CanadaVýsledek obrázku pro ransomwareCBC reported that "VON Canada is assuring clients and staff that their information is safe after the nursing organization was the target of a ransomware incident earlier this month."
22.9.2018Allscripts files a Motion to Dismiss for the ransomware related lawsuitVýsledek obrázku pro ransomwareAllscripts was sued by customers for an outage caused by the SamSam ransomware. They have not filed a Motion to Dismiss to get the lawsuit thrown out.
22.9.2018Possible new Dcrtr Ransomware variant spottedVýsledek obrázku pro ransomwareMichael Gillespie noticed a possible new Dcrtr variant that appends the .[].parrot extension and drops a ransom note named ReadMe_Decryptor.txt.
22.9.2018New Scarab variantVýsledek obrázku pro ransomwareAmigo-A found a new variant of the Scarab Ransomware that appends the .skype extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
22.9.2018Romanian Woman Admits Involvement in Hacking Attack On Washington Police ComputersVýsledek obrázku pro ransomwareA Romanian woman admitted on Thursday her participation in a ransomware distribution scheme that ended up disabling computers used by the Washington D.C. police for surveillance.
22.9.2018Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One WeekDharma Ransom NoteThis week Jakub Kroustek found three new Dharma Ransomware variants that append either the .Gamma, .Bkp, & .Monro extensions to encrypted files.
22.9.2018NSA Codebreaker Challenge StartedNSA CodeBreaker ChallengeThe NSA CodeBreaker Challenge started today and this year has a theme revolving around ransomware.
22.9.2018Scottish brewery recovers from ransomware attackVýsledek obrázku pro ransomwareStaff at Arran Brewery were locked out of its computer systems this week following a ransomware attack.

The attack against the Isle of Arran-based Scottish beer maker appears to have been a targeted strike. Prior to the infection, adverts for an already filled finance post at the brewery were placed on recruitment sites worldwide. This, in turn, resulted in an influx of CVs.

15.9.2018New Brr Dharma variantJakub Kroustek discovered a new variant of the Dharma ransomware that appends the .brrr extension and drops a ransom note named Info.hta
15.9.2018MVP Ransomware discoveredMVP RansomwareSiri discovered a new ransomware that is appending the .mvp extension to encrypted files.
15.9.2018New Scarab Ransomware variantAmigo-A found a new variant of the variant Scarab-DiskDoctor ransomware that uses the .mammon extension for encrypted files. Emmanuel_ADC-Soft shared the ransom note below. Other new Scarab variants found this week append the extensions : .omerta and .bomber.
15.9.2018Mongo Lock Attack Ransoming Deleted MongoDB DatabasesVýsledek obrázku pro ransomwareAn attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, encrypting them, and then demanding a ransom in order to get the contents back. 
15.9.2018New Matrix Ransomware variantVýsledek obrázku pro ransomwareMichael Gillespie found a new Matrix Ransomware variant that uses appends the .ITLOCK extension to encrypted files and drops a ransom note named !ITLOCK_README!.rtf.
15.9.2018StorageCrypter still aliveVýsledek obrázku pro ransomwareMichael Gillespie noticed numerous submissions to ID Ransomware from South Korea for the StorageCrypter ransomware. This version is using a new ransom note named read_me_for_recover_your_files.txt.
15.9.2018Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security ProgramEncrypted FilesThe Kraken Cryptor Ransomware is a newer ransomware that was released in August 2018. A new version, called Kraken Cryptor 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it.
15.9.2018Fallout Exploit Kit Pushing the SAVEfiles RansomwareRansom NoteLast week the Fallout Exploit kit was distributing the GandCrab ransomware. This week, it has started to distribute a new ransomware called SAVEfiles, for lack of a better name, through malvertising campaigns.
15.9.2018New Rektware ransomwareRektwareGrujaRS discovered a new ransomware called Rektware that appends the .CQScSFy extension.
14.9.2018Kraken RansomwareThe Kraken Ransomware is a newer ransomware that was released in August 2018. A new version, called Kraken 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it.
12.9.2018Barack Obama's Blackmail Virus Ransomware Only Encrypts .EXE FilesEvery once in a while you come across a really strange malware and such is the case with a new ransomware that only encrypts .EXE files on a computer. It then displays a screen with a picture of President Obama that asks for a "tip" to decrypt the files.
12.9.2018Locdoor Ransomware discoveredLocdoorLeo discovered a new ransomware called Locdoor/DryCry. May be bugger or in development as it does not encrypt all files. When it does encrypt, it will append the .door[random number] extension to encrypted files.
12.9.2018New PyLocky variantCyberSecurity found a new PyLocky variant that appends the .lockedfile and .lockymap extension to encrypted files and drops a ransom note named LOCKY-README.txt.
12.9.2018New Ransomware targeting serversA new ransomware has been discovered by dave that appears to be targeting web servers. It is unknown what extension, if any, is appended to encrypted files.
12.9.2018New Matrix Ransomware variantVýsledek obrázku pro ransomwareMichael Gillespie found a new Matrix Ransomware variant that appends the .FASTBOB extension and drops a ransom note named #_#FASTBOB_README#_#.rtf. Michael discovered another variant that appends the .NEWRAR extension and drops a note named #NEWRAR_README.rtf.
12.9.2018New Shiva Ransomware variantMalwareHunterTeam found a new Shiva variant with active victims that appends the .good extension and drops a ransom note named HOW_TO_RECOVER_FILES.txt.
12.9.2018New CryptoJoker variantVýsledek obrázku pro ransomwareMichael Gillespie found the decrypter for a new CryptoJoker variant that uses the .partially.cryptolocker and .fully.cryptolocker.
12.9.2018YARA Rule created for Shrug2Výsledek obrázku pro ransomwareMarc Rivero López created a new YARA rule that detects the Shrug2 ransomware based on an article from Quick Heal.
12.9.2018New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPsA new exploit kit called Fallout is being used to distribute the GandCrab ransomware, malware downloading Trojans, and other potentially unwanted programs (PUPs).
12.9.2018New yyy0 RansomwareVýsledek obrázku pro ransomwareMichael Gillespie found a new ransomware that appends the .davilarita@mail.com.yyy0 extensio and drops a ransom note named help.txt.
12.9.2018New Bandarchor variant adds .pipJakub Kroustek found a new Bandarchor ransomware variant that appends the .id-%ID%-[shivamana@seznam.cz].pip extension to encrypted files.
12.9.2018New Matrix Ransomware variantVýsledek obrázku pro ransomwareMichael Gillespie saw a new Matrix Ransomware variant uploaded to ID Ransomware tha uses the .KOK08 extension and the ransom note #KOK08_README#.rtf.
12.9.2018New EOEO AutoIt ransomwareMalwareHunterTeam has found the EOEO AutoIt ransomware that appends the .eoeo extension to encrypted files.
12.9.2018New 5H311 1NJ3C706 RansomwareMichael Gillespie found a new ransomware called 5H311 1NJ3C706 that acts more like a screenlocker, but does have encryption code that adds the extension .5H11 1NJ3C706, but does not appear to be working. . The password to the screenlocker is 666HackerThn.
12.9.2018New Suri RansomwareMalwareHunterTeam found a new ransomware called Suri that appends the .SLAV extension. It is based on Stupid Ransomware.
4.9.2018CreamPie Ransomware discoveredJakub Kroustek found what appears to be an in-dev version of the CreamPie Ransomware. It does not currently display a ransom note, but does encrypt files and appends the .[backdata@cock.li].CreamPie extension to them.
4.9.2018Jeff the RansomwareJeff the RansomwareLeo discovered the Jeff the Ransomware variant. Looks to be in-development as it does not encrypt.
4.9.2018New Matrix Ransomware variantVýsledek obrázku pro ransomwareMichael Gillespie found a new Matrix Ransomware variant that renames files in the format "[KOK8@protonmail.com].-.KOK8" and drops a ransom note named #KOK8_README#.rtf.
4.9.2018New Cassetto RansomwareMichael Gillespie saw an encrypted file uploaded to ID Ransomware that appends the .cassetto extension and drops a ransom note named IMPORTANT ABOUT DECRYPT.txt.
4.9.2018Acroware ScreenlockerLeo discovered a screenlocker that calls itself Acroware Cryptolocker Ransomware. It does not encrypt.
4.9.2018Termite Ransomware discoveredBen Hunter discovered a new ransomware called Termite Ransomware. When encrypting a computer it will append the .aaaaaa extension to encrypted files.
4.9.2018New LockCrypt VariantMalwareHunterTeam found a new LockCrypt variant that appends the .BadNews extension to encrypted files and drops a ransom note named How To Decode Files.hta.
4.9.2018CryptoNar RansomwareMalwareHunterTeam found a new CryptoJoker variant called CryptoNar that appends either the .fully.cryptoNar or .partially.cryptoNar extension to encrypted files and drops a ransom note named CRYPTONAR RECOVERY INFORMATION.txt. Michael Gillespie created a decryptor for this variant.
4.9.2018New Pico RansomwareS!Ri found a new Thanatos Ransomware variant called PICO Ransomware. This ransomware will append the .PICO extension to encrypted files and drop a ransom note named README.txt.
4.9.2018CryptoNar Ransomware Discovered and Quickly DecryptedThis week a new CryptoJoker ransomware variant was discovered called CryptoNar that has infected victims. The good news, is that a free decryptor was quickly released so that these victims can get their files back for free.
29.8.2018AZORult Trojan Serving Aurora Ransomware by MalActor OktropysVýsledek obrázku pro ransomwareTowards the end of July 2018, we saw a new version of the AZORult trojan being used in malware campaigns targeting computers globally. In this article, we will dive into the malware and analyze its execution flow and payloads.
29.8.2018Beware of Spam with Fake Invoices Pushing Hermes 2.1 Ransomware and AZORultA malspam campaign is underway that pretends to be an invoice for an outstanding payment. When these invoices are opened they install the AZORult information stealing Trojan and the Hermes 2.1 Ransomware onto the recipient's computer.
29.8.2018New Fox Ransomware Matrix Variant Tries Its Best to Close All File HandlesA new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting. Thankfully, this also makes its encryption process very slow so it could be easier to detect.
29.8.2018New TorchWood Ransomware VariantAmigo-A found a new variant of the Russian TorchWood ransomware that uses the .TRCHWD extension for encrypted files and is installed over RDP.
29.8.2018New NinjaLock RansomwareMalwareHunterTeam found a new ransomware called NinjaLock. Jack shared the image and stated it does not encrypt.
29.8.2018New Creeper Ransomware variantAmigo-A found a new variant of the Creeper Ransomware variant that appends the .crypton extension and drops a ransom note named DECRIPT_FILES.txt.
29.8.2018New Jigsaw variant with new backgroundMichael Gillespie found a new Jigsaw Ransomware variant that uses the .fun extension and the following background image.
29.8.2018New Scarab Ransomware variantVýsledek obrázku pro ransomwareMichael Gillespie found a new Scarab Ransomware variant that utilizes the .CYBERGOD extension and another that uses the .rent extension.
29.8.2018Ryuk Ransomware Crew Makes $640,000 in Recent Activity SurgeA new ransomware strain named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin.
29.8.2018New RotorCrypt RansomwareVýsledek obrázku pro ransomwareMichael Gillespie found a new RotorCrypt Ransomware variant that appends the !@#$_(decryp in the EMail)____nautilus369alarm@gmail.com____$#@..AlfaBlock extension to encrypted files.
29.8.2018New Rapid Ransomware v1 VariantMalwareHunterTeam found a new Rapid v1 Ransomware variant that now uses the .no_more_ransom extension on encrypted files.
29.8.2018New Xorist variant discoveredMichael Gillespie found a new Xorist Ransomware variant that uses the extensions .PrOtOnIs and .PrOtOnIs.VaNdElIs.
29.8.2018New n1n1n1 ransomware variantVýsledek obrázku pro ransomwareMichael Gillespie noticed a new n1n1n1 variant uploaded to ID Ransomware that uses the "jpa." prefix on files and drops a ransom note named why files renamed jpa..txt.
29.8.2018New Why Ransomware discoveredVýsledek obrázku pro ransomwareMichael Gillespie noticed a new ransomware variant uploaded to ID Ransomware that uses the .WHY extension and drops a ransom note named !!!WHY_MY_FILES_NOT_OPEN!!!.txt.
29.8.2018New TotalWipeOut ransomwareMalwareHunterTeam found a new ransomware called TotalWipeOut.
29.8.2018New PyLocky variantMalwareHunterTeam found a new PyLocky variant that appends the .lockedfile extension to encrypted files.
29.8.2018New Oni Ransomware variantMalwareHunterTeam found a new Oni Ransomware variant that drops ransom notes named RESTORE_ONI_FILES.txt and renamed files to the "%original file name (incl. extension) converted to hex%.ONI" format.
29.8.2018New Jigsaw Ransomware variantVýsledek obrázku pro ransomwareMichael Gillespie found a new Polish Jigsaw Ransomware variant that appends the extension .#__EnCrYpTED_BY_dzikusssT3AM_ransomware!__#.
23.8.2018Ryuk RansomwareRyuk ransomware

At least three organizations in the United States and worldwide have been severely affected, the attackers are estimated to have already netted over $640,000 to date. The malicious code used in the attack was tracked as Ryuk ransomware, it appears connected to Hermes malware that was associated with the notorious Lazarus APT group. “Curiously, our research lead us to connect the nature of Ryuk’s campaign and some of its inner-workings to the HERMES ransomware, a malware commonly attributed to the notorious North Korean APT Lazarus Group, which was also used in massive targeted attacks.”

22.8.2018Bunch of Jigsaw Ransomware variants released. Výsledek obrázku pro ransomwareMichael Gillespie discovered a bunch of new Jigsaw Ransomware variant released this week. These variants add the .hacked.by.Snaiparul, .lockedgood, and .pleaseCallQQ. He also noticed a .fun variant that asks for amazon gift cards as a payment.
22.8.2018New FSociety Themed RansomwareMalwareHunterTeam discovered a new ransomware with a Fsociety theme that appends the .ShutUpAndDance extension to encrypted files.
22.8.2018Wise Ransomware discoveredMalwareHunterTeam discovered a ransomware named Wise Ransomware that does not encrypt anything, but rather deletes the files.
22.8.2018New SARansom Ransomware discoveredMalwareHunterTeam discovered a new in-dev ransomware called SARansom ransomware. Asks for a very aggressive amount of bitcoins. "For the low fee of 5 bitcoin"
22.8.2018Princess Evolution Ransomware is a RaaS With a Slick Payment SiteA new variant of the Princess Locker ransomware is being distributed called Princess Evolution. Like its predecessor, Princess Evolution is a Ransomware as a Service, or RaaS, that is being promoted on underground criminal forums.
22.8.2018Former Microsoft Engineer Gets 18 Months in Prison for Role in Ransomware SchemeOn Monday, a Florida judge sentenced a former Microsoft network engineer to 18 months in prison for his role in helping launder money obtained from victims of the Reveton ransomware.
22.8.2018New Jobcrypter variantFrench JobcrypterMalwareHunterTeam discovered a new JobCrypter ransomware variant that continues to target French victims, but now asks for $1000€.
22.8.2018Hermes 2.1 RaaS promoted on underground forumsHermes RaaS being promoted on underground forumsDamian1338 found Hermes 2.1 Ransomware RaaS being promoted on underground criminal forums.
22.8.2018MAFIA ransomware targeting users in KoreaMafia Ransomware NoteA new ransomware family was discovered and sent to me by MalwareHunterTeam, which we'll call MAFIA due to the extension it uses to encrypt files. The ransomware appears to target users in Korea, and may have been developed with at least knowledge of the Korean language.
22.8.2018Golden Ransomware discoveredGolden RansomwareBart found a new ransomware called Golden Ransomware. Appears to be in-dev and doesn't actually encrypt.
22.8.2018New Cmb Dharma Ransomware Variant ReleasedOn Thursday a new variant of the Dharma Ransomware was discovered that appends the .cmb extension to encrypted files.
10.8.18PooleZoor ransomware discoveredVýsledek obrázku pro ransomwareMalwareHunterTeam found a new in-development Hidden Tear variant called PooleZoor ransomware that appends the .poolezoor extension to encrypted files.
10.8.18New KeyPass Ransomware Campaign UnderwayA new distribution campaign is underway for a STOP Ransomware variant called KeyPass based on the amount of victims that have been seen. Unfortunately, how the ransomware is being distributed is unknown at this time.
9.8.18New CMB Dharma VariantVýsledek obrázku pro ransomwareMichael Gillespie found a new variant of the Dharma Ransomware that appends the .id-.[].cmb extension to encrypted files.
9.8.18Zoldon Crypter discoveredZoldon RansomwareMalwareHunterTeam found a new ransomware called ZOLDON Crypter V3.0.
8.8.18The PGA Possibly Infected With the BitPaymer RansomwareVýsledek obrázku pro ransomwareAccording to a report from GolfWeek, computers at the PGA of America’s offices have been infected with ransomware. The victims learned they were infected on Tuesday when ransom notes started appearing on their screen.
8.8.18RansomWarrior Ransomware discoveredRansomWarriorMalwareHunterTeam found a new ransomware named RansomWarrior 1.0 that renames encrypted files to the format "Encrypted%# of file%.THBEC".
7.8.18New Dat Jigsaw Ransomware variantMichael Gillespie found a Jigsaw Ransomware variant that appends the .dat extension to encrypted files and uses the following background.
7.8.18Rapid Ransomware sold on underground forumsDamian1338 saw Rapid Ransomware RaaS being sold on underground Russian forums.
6.8.18New RewyWare RansomwareS!Ri discovered a new ransomware named RetwyWare that appends the .killrabbit extension to encrypted files.
6.8.18Strange GandCrab Vaccine program discoveredJawe found a modified version of GandCrab v4.3 that has a version of 4.4 set. According to Jawe, all it does it set the Global\885BDEB9D36E550F587C.lock mutex and then sleeps. While we are not 100% sure if it was released by the GandCrab group, knowing their sense of humor it wouldn't surprise us.
3.8.18New Everbe 2.0 variantVýsledek obrázku pro ransomwareMichael Gillespie discovered a new Everbe 2.0 Ransomware variant that uses the .[].divine extension and drops a ransom note named !=How_to_decrypt_files=!.txt.
3.8.18New Paradise Ransomware variantVýsledek obrázku pro ransomwareMichael Gillespie found a new Paradise Ransomware variant that appends the [id-].[yourencrypter@protonmail.ch].b29extension to encrypted files.
3.8.18WannacryV2 RansomwareMalwareHunterTeam found a new AutoIt ransomware called wannacryV2 that appends the .wannacryv2 extension to encrypted files and provides a decryptor.
2.8.18GandCrab Ransomware Author Bitter After Security Vendor Releases Vaccine AppVýsledek obrázku pro ransomwareThe author of the GandCrab ransomware is a little bit bitter at South Korean security vendor AhnLab after the security firm released a vaccine for the GandCrab ransomware. Due to this they decided to include an alleged zero-day for the AhnLab v3 Lite antivirus in their recent builds.
2.8.18New Scarab Ransomware variantMichael Gillespie f found a new Scarab Ransomware variant that uses the same email from a Animus attacker. This variant appends the .anonimus.mr@yahoo.com extension to encrypted files.
28.7.18WannaCash Ransomware discoveredAmigo-A discovered a new Russian ransomware called WannaCash that renamed files into the pattern "encrypted(file_name.file_extension)". A decrypter is available from Alex Svirid.
28.7.18New Animus/Aurora variantMichael Gillespie found a new variant of the Animus/Aurora ransomware that appends the .desu extension to encrypted files. It will also rename the original file name to its hex equivalent. It is still decryptable.
28.7.18GandCrab added additional languages to payment pageDamian1338 noticed that the GandCrab team added more languages to their payment page. 
28.7.18LockyBrad found a new ransomware calling itself Locky. This is not a new variant of the old ransomware of the same name, but an imposter. else been seeing this?
28.7.18SamSam Ransomware Crew Made Nearly $6 Million From Ransom PaymentsVýsledek obrázku pro ransomwareThe SamSam ransomware has earned its creator(s) more than $5.9 million in ransom payments since late 2015, according to the most comprehensive report ever published on SamSam's activity, containing information since the ransomware's launch in late 2015 and up to attacks that have happened earlier this month.
28.7.18BitPaymer Ransomware Infection Forces Alaskan Town to Use Typewriters for a WeekVýsledek obrázku pro ransomwareOn Monday, officials from Matanuska-Susitna (Mat-Su), a borough part of the Anchorage Metropolitan Statistical Area, said they are still recovering from a ransomware infection that took place last week, on July 24.
28.7.18Liviu Dragnea Ransomware discoveredMalwareHunterTeam found a new in-development ransomware that is based on Stupid Ransomware. This ransomware contains an image of Liviu Dragnea as its background. The sample does not currently encrypt, but if it did, it would use the .dragnea extension. 
28.7.18New Ann RansomwareS!Ri discovered a new ransomware called Ann that renames files to the ""[AskHelp@protonmail.com]..ANN" " pattern. 
28.7.18RECOVERYOURFILES RansomwareVýsledek obrázku pro ransomwareMichael Gillespie found a new ransomware uploaded to ID Ransomware that appends the .RECOVERYOURFILES extension and drops a ransom note named INSTRUCTIONS_RECOVER_FILES.txt.
28.7.18New Matrix Ransomware variantMichael Gillespie found a new variant of the Matrix Ransomware uploaded to ID Ransomware that renames files to "[BatHelp@protonmail.com].-.CORE" and drops a ransom note named #CORE_README#.rtf.