Ransomware News-  Úvod  2020  2019  2018  0  1  2  3 

Update 11.02.2019 18:43:58  Úvod  Ransomware  Jak útoèí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

Datum

Název

Obrázek

Popis

23.5.20 Ransomware encrypts from virtual machines to evade antivirus Výsledek obrázku pro ransomware Ragnar Locker is deploying Windows XP virtual machines to encrypt victim's files while evading detecting from security software installed on the host.
23.5.20 New Covm STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .covm ransomware.
23.5.20 Decryptor for JavaLocker released Výsledek obrázku pro ransomware Emsisoft has released a decryptor for the JavaLocker Ransomware that appends the .javalocker extension.
23.5.20 Hackers tried to use Sophos Firewall zero-day to deploy Ransomware Výsledek obrázku pro ransomware Hackers tried to exploit a zero-day in the Sophos XG firewall to distribute ransomware to Windows machines but were blocked by a hotfix issued by Sophos.
23.5.20 New Bang Dharma ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found anew variant of the Dharma Ransomware that appends the .bang extension to encrypted files.
23.5.20 Warning: Infected Cookie Consent logo delivers Ransomware Výsledek obrázku pro ransomware An immediate warning: It seems that cyber criminals has obtained an old (orphaned) Amazon AWS S3 bucked used some times ago to host a Cookie Consent solution. Now the Cookie Consent logo delivered from the Amazon CDN contains a malware/ransomware script. It seems, that thousands of website, using old code, are shipping now this malicious content. Probably it’s a ransomware attack. Here is what I’ve found out so far.
23.5.20 Snake ransomware leaks patient data from Fresenius Medical Care Výsledek obrázku pro ransomware Medical data and personally identifiable information belonging to patients at a Fresenius Medical Care unit are currently available online on a paste website.
23.5.20 Vigilante hackers target 'scammers' with ransomware, DDoS attacks MilkmanVictory ransom note A hacker has been taking justice into their own hands by targeting "scam" companies with ransomware and denial of service attacks.
23.5.20 NetWalker adjusts ransomware operation to only target enterprise Výsledek obrázku pro ransomware NetWalker ransomware group is moving away from phishing for malware distribution and has adopted a network-intrusion model focusing on huge businesses only.
23.5.20 Jigsaw Ransomware decryptor updated Výsledek obrázku pro ransomware Emsisoft has updated their Jigsaw Ransomware decryptor to support the DragonCyber (.dc) variant.
23.5.20 REvil Ransomware found buyer for Trump data, now targeting Madonna Výsledek obrázku pro ransomware The REvil ransomware group claims to have buyers ready for documents containing damaging information about US‌ President Donald Trump and is preparing to auction data on international celebrity Madonna.
23.5.20 Ransomware attack impacts Texas Department of Transportation Výsledek obrázku pro ransomware A new ransomware attack is affecting the Texas government. This time, hackers got into the network of the state’s Department of Transportation (TxDOT).
23.5.20 FBI warns of ProLock ransomware decryptor not working properly Výsledek obrázku pro ransomware Multiple actors in the ransomware business saw the new coronavirus pandemic as the perfect opportunity to focus on an already overburdened healthcare sector. ProLock is yet another threat to the list.
23.5.20 New Koti STOP Ransomware variant Výsledek obrázku pro ransomware @Amigo_A found a new variant of the STOP Ransomware that appends the .koti extension to encrypted files.
23.5.20 New Scarab Ransomware variants discovered Scarab ransomware ransom note M. Shahpasandi found new Scarab Ransomware variants that append the .rbs or .cov19 extensions to encrypted files.
23.5.20 New DragonCyberRansomware Jigsaw variant Výsledek obrázku pro ransomware GrujaRS found a new variant of the Jigsaw Ransomware that calls itself DragonCyber and appends the .dc extension to encrypted files.
17.5.20 Ransomware recruits affiliates with huge payouts, automated leaks Výsledek obrázku pro ransomware The Netwalker ransomware operation is recruiting potential affiliates with the possibility of million-dollar payouts and an auto-publishing data leak blog to help drive successful ransom payments.
17.5.20 Law firm hackers double ransom demand, threaten Donald Trump Výsledek obrázku pro ransomware The ransom demand for the secret files of a cyber-attacked lawyer to A-list stars has doubled to $42 million — as the hackers now threaten to reveal “dirty laundry” on President Donald Trump in just a week if they are not paid in full.
17.5.20 New Turkish Ransomware Turkish Ransomware dnwls0719 found a new ransomware targets people in Turkey that appends the .zeronine extension.
17.5.20 ProLock Ransomware teams up with QakBot trojan for network access Výsledek obrázku pro ransomware ProLock is a relatively new malware on the ransomware scene but has quickly attracted attention by targeting businesses and local governments and demanding huge ransoms for file decryption.
17.5.20 New Blackmoon Ransomware Blackmoon S!Ri found a new ransomware called Blackmoon that appends the .cxk extension to encrypted files.
17.5.20 Ransomware now demands extra payment to delete stolen files Výsledek obrázku pro ransomware A ransomware family has begun a new tactic of not only demanding a ransom for a decryptor but also demanding a second ransom not to publish files stolen in an attack.
17.5.20 New Mzlq STOP Ransomware variant Výsledek obrázku pro ransomware dnwls0719 found a new STOP Ransomware variant that appends the .mzlq extension to encrypted files.
17.5.20 New ransomware uses COVID-19 lure Dodged MalwareHunterTeam found a new ransomware that is being spread with a COVID-19 lure. When encrypting files it appends the .dodged extension.
17.5.20 Healthcare giant Magellan Health hit by ransomware attack Výsledek obrázku pro ransomware Fortune 500 company Magellan Health Inc announced today that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.
17.5.20 Texas Courts hit by ransomware, network disabled to limit spread Výsledek obrázku pro ransomware The Texas court system was hit by ransomware on Friday night, May 8th, which led to the branch network including websites and servers being disabled to block the malware from spreading to other systems.
17.5.20 Maze ransomware fails to encrypt Pitney Bowes, steals files Výsledek obrázku pro ransomware Global business services company Pitney Bowes recently stopped an attack from Maze ransomware operators before the encryption routine could be deployed but the actor still managed to steal some data.
17.5.20 Sodinokibi ransomware can now encrypt open and locked files Výsledek obrázku pro ransomware The Sodinokibi (REvil) ransomware has added a new feature that allows it to encrypt more of a victim's files, even those that are opened and locked by another process.
17.5.20 New Kupidon ransomware Kupidon MalwareHunterTeam found a new ransomware called Kupidon that appends the .kupidon extension to encrypted files and drops a ransom note named !KUPIDON_DECRYPT.txt.
17.5.20 GuLoader distributing HakBit Ransomware Hakbit Benkøw discovered that the GuLoader Trojan is distributing the HakBit ransomware.
17.5.20 CryLock (ex-Cryakl) 1.9.0.0 decryptor released Výsledek obrázku pro ransomware Alex Svirid released a decryptor for the CryLock (ex-Cryakl) 1.9.0.0 ransomware.

9.5.20

New NET Dharma Ransomware variant Výsledek obrázku pro ransomware dnwls0719 found a new Dharma Ransomware variant that appends the .net extension to encrypted files.

9.5.20

REvil ransomware threatens to leak A-list celebrities' legal docs Výsledek obrázku pro ransomware The Sodinokibi ransomware group threatens to release hundreds of gigabytes of legal documents from a prominent entertainment and law firm that counts dozens of international stars as their clients.

9.5.20

Sodinokibi / REvil ransomware TTPs Výsledek obrázku pro ransomware We secured forensics evidence data in the form of disk images of VPS servers used by cybercriminals behind Sodinokibi / REvil ransomware (we also found Maze ransomware there):

9.5.20

New PHP Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .PHP extension to encrypted files.

9.5.20

New SQPC Stop Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .sqpc extension to encrypted files.

9.5.20

Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents Výsledek obrázku pro ransomware Targeted ransomware incidents have brought a threat of disruptive and destructive attacks to organizations across industries and geographies. FireEye Mandiant Threat Intelligence has previously documented this threat in our investigations of trends across ransomware incidents, FIN6 activity, implications for OT networks, and other aspects of post-compromise ransomware deployment. Since November 2019, we’ve seen the MAZE ransomware being used in attacks that combine targeted ransomware use, public exposure of victim data, and an affiliate model.

9.5.20

New Nemty spam campaign targeting South Korea Nemty Anti-malware vigilante found a new spam campaign targeting people in South Korea and bundling the Vidar password-stealing along with it.

9.5.20

Targeted Ransomware Attack Hits Taiwanese Organizations Výsledek obrázku pro ransomware A new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially destructive as the ransomware appears to target databases and email servers for encryption.

9.5.20

Large scale Snake Ransomware campaign targets healthcare, more Výsledek obrázku pro ransomware The operators of the Snake Ransomware have launched a worldwide campaign of cyberattacks that have infected numerous businesses and at least one health care organization over the last few days.

9.5.20

New 0day0 Dharma variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .0day0 extension to encrypted files.

9.5.20

Toll Group hit by ransomware a second time, deliveries affected Výsledek obrázku pro ransomware The Toll Group has suffered its second ransomware cyberattack in three months, with the latest one conducted by the operators of the Nefilim Ransomware.

9.5.20

Changes in REvil ransomware version 2.2 Výsledek obrázku pro ransomware The REvil ransomware-as-a-service (RaaS) operation continues to impact businesses worldwide. The threat actors responsible for developing and maintaining the malware have released an updated ransomware, namely version 2.2. In this short blog post, we will cover the significant changes from the previous version, which we covered in detail in an earlier blog post.

9.5.20

New VCrypt Ransomware locks files in password-protected 7ZIPs VCrypt A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.

9.5.20

LockBit ransomware self-spreads to quickly encrypt 225 systems Výsledek obrázku pro ransomware A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours.

9.5.20

Shade / Troldesh Ransomware decryption tool Výsledek obrázku pro ransomware BitDefender has released a decryptor for the Shade/Troldesh Ransomware after the ransomware operators released all of the decryption keys.

9.5.20

Sodinokibi, Ryuk ransomware drive up average ransom to $111,000 Výsledek obrázku pro ransomware The first quarter of the year recorded an increase in the average amount ransomware operators demand from their victims. Compared to the previous quarter, a 33% swell was noted, driven by the Sodinokibi and Ryuk ransomware operators.

2.5.20

New Mpal STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP ransomware that appends the .mpal extension to encrypted files.

2.5.20

Emsisoft releases updated Jigsaw Ransomware decryptor Výsledek obrázku pro ransomware Emsisoft released an updated decryptor to support the .zemblax extension described in the previous article.

2.5.20

New phishing campaign packs an info-stealer, ransomware punch Jigsaw A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.

2.5.20

Tales From the Trenches; a Lockbit Ransomware Story Výsledek obrázku pro ransomware We believe there is real opportunity to learn from incident response cases and previous attacks, hence why this blog is dubbed ‘tales from the trenches’. In collaboration with Northwave, this article describes a real-life case of a targeted ransomware attack. During one of their recent incident responses, Northwave encountered a relatively new family of ransomware called LockBit performing a targeted attack.

2.5.20

Shade Ransomware Decryptor can now decrypt over 750K victims Výsledek obrázku pro ransomware Kaspersky has released an updated decryptor for the Shade Ransomware (Troldesh) that allows all victims who have their files encrypted to recover them for free.

2.5.20

Clop ransomware leaks ExecuPharm's files after failed ransom Výsledek obrázku pro ransomware Clop ransomware leaked files stolen from U.S pharmaceutical company ExecuPharm after ransom negotiations allegedly failed.

2.5.20

Coveware Q1 ransomware report Výsledek obrázku pro ransomware The Coveware ransomware marketplace report aggregates observed trends from enterprise ransomware incidents in Q1 of 2020. During the first quarter of 2020 ransomware threat actors took advantage of the economic and workplace disruption caused by the COVID-19 outbreak. Spam attacks related to the outbreak surged and seldom used ‘work-from-home’ network configurations led to increased ransomware attacks across the board. Some threat actor groups continued attacking healthcare organizations, while others refused to target them. Our report shows victim demographics and resolution metrics based on actual ransomware cases handled by the Coveware Incident Response team.

2.5.20

Shade Ransomware shuts down, releases 750K decryption keys Výsledek obrázku pro ransomware The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims.

2.5.20

New Qewe STOP Ransomware variant Výsledek obrázku pro ransomware dnwls0719 found a new variant of the STOP ransomware that appends the the .qewe extension to encrypted files.

2.5.20

New COVID-19 themed Android Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam found a COVID-19 themed Android ransomware infection that appends the .encrypted extension to encrypted files.
26.4.20 LockBit ransomware borrows tricks to keep up with REvil and Maze Výsledek obrázku pro ransomware Ransomware operators are always on the lookout for a way to take their ransomware to the next level. That’s particularly true of the gang behind LockBit. Following the lead of the Maze and REvil ransomware crime rings, LockBit’s operators are now threatening to leak the data of their victims in order to extort payment. And the ransomware itself also includes a number of technical improvements that show LockBit’s developers are climbing the ransomware learning curve—and have developed an interesting technique to circumvent Windows’ User Account Control (UAC).
26.4.20 SeaChange video platform allegedly hit by Sodinokibi ransomware Výsledek obrázku pro ransomware A leading supplier of video delivery software solutions is reportedly the latest victim of the Sodinokibi Ransomware, who has posted images of data they claim to have stolen from the company during a cyberattack.
26.4.20 New ISO Phobos ransomware variant Phobos GrujaRS found a new Phobos Ransomware variant that appends the .iso extension to encrypted files.
26.4.20 Threat Spotlight: MedusaLocker Výsledek obrázku pro ransomware MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of the functionality remains consistent. The most notable differences are changes to the file extension used for encrypted files and the look and feel of the ransom note that is left on systems following the encryption process.
26.4.20 New Coronavirus screenlocker malware is extremely annoying CoronaLocker A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.
26.4.20 DoppelPaymer Ransomware hits Los Angeles County city, leaks files Výsledek obrázku pro ransomware The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted.
26.4.20 New Lezp STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .lezp extension to encrypted files.
26.4.20 The State of Ransomware in the US: Report and Statistics for Q1 2020 Výsledek obrázku pro ransomware In 2019, 966 government agencies, educational establishments and healthcare providers in the US were impacted by ransomware. While the early indicators were that the 2020 numbers would be similar to 2019’s or perhaps even worse, that has proved not to be the case. A total of 89 organizations were impacted by ransomware in Q1, however, as the COVID-19 crisis worsened, the number of successful attacks reduced considerably and is now at a level not seen in several years.
26.4.20 Fake SMBGhost exploit installs ransomware Výsledek obrázku pro ransomware MalwareHunterTeam found a fake SMBGhost exploit that is actually ransomware that appends the .sepsys extension to encrypted files.
26.4.20 IT services giant Cognizant suffers Maze Ransomware cyber attack Výsledek obrázku pro ransomware Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze Ransomware, BleepingComputer has learned.
26.4.20 US govt: Hacker used stolen AD credentials to ransom hospitals Výsledek obrázku pro ransomware Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using stolen Active Directory credentials months after exploiting a known remote code execution (RCE) vulnerability in their Pulse Secure VPN servers.

19.4.20

New Fidesz ransomware Fidesz MalwareHunterTeam found a new in-development ransomware from Hungary called Fidesz ransomware.
19.4.20 Leading accounting firm MNP hit with cyberattack Výsledek obrázku pro ransomware A leading accounting firm in Canada forced a company-wide shutdown of their systems after getting hit with a cyberattack last weekend, BleepingComputer has learned.
19.4.20 New Balaclava Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a new variant of the Balaclava Ransomware that appends the .KEY0004 extension and drops a ransom note named HOW_TO_RECOVERY_FILES.txt.
19.4.20 New DEC Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new Dharma Ransomware variant that appends the .dec extension to encrypted files.

19.4.20

New Nemty variant has messages for researchers Nemty MalwareHunterTeam found a new Nemty 3.1 ransomware variant that has messages for Michael Gillespie, MalwareHunterTeam, and Amigo_A.
19.4.20 Nemty Ransomware shuts down public RaaS operation, goes private Výsledek obrázku pro ransomware The Nemty Ransomware is shutting down its public Ransomware-as-a-Service (RaaS) operation and switching to an exclusive private operation where affiliates are hand-selected for their expertise.
19.4.20 Emsisoft releases KokoCrypt decryptor Výsledek obrázku pro ransomware Emsisoft has released a decryptor for the KokoCrypt ransomware.
19.4.20 Emsisoft's Aurora decryptor updated Výsledek obrázku pro ransomware Emsisoft updated their Aurora decryptor to support the .bukyak and .serpom extensions.

19.4.20

New Lalo STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .lalo extension to encrypted files.
19.4.20 New Creepy Ransomware Výsledek obrázku pro ransomware S!Ri found a new Creepy Ransomware that appends the .creepy extension to encrypted files.
19.4.20 RagnarLocker ransomware hits EDP energy giant, asks for €10M EDP ransom note Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).
19.4.20 New DOP Dharma variant Výsledek obrázku pro ransomware dnwls0719 found a new variant of the Dharma Ransomware that appends the .dop extension to encrypted files.

19.4.20

New ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie found a new ransomware that appends the .SARS-CoV-2 extension and drops a ransom note named RECOVER MY ENCRYPTED FILES.TXT.
19.4.20 New Golang Ransomware variant Výsledek obrázku pro ransomware Jirehlov and RedDrip found a new ransomware that that appends the .bug extension and drops a ransom note named Read_Bug.html.
19.4.20 Ransomware writer issues an apology Leak The author of the KokoCrypt ransomware issued an apology after a ransomware he made got leaked into the wild.
19.4.20 New Wiper Malware impersonates security researchers as prank Wiper A malware distributor has decided to play a nasty prank by locking victim's computers before they can start Windows and then blaming the infection on two well-known and respected security researchers.
19.4.20 Reports Say Epiq Has Laid Off Some 200 Employees In Wake Of Ransomware Attack Výsledek obrázku pro ransomware The international e-discovery and managed services company Epiq Global has laid off some 200 employees, with more layoffs yet to come, according to several sources familiar with the situation.
19.4.20 Sodinokibi Ransomware to stop taking Bitcoin to hide money trail Výsledek obrázku pro ransomware The Sodinokibi Ransomware has started to accept the Monero cryptocurrency to make it harder for law enforcement to track ransom payments and plans to stop allowing bitcoin payments in the future.
12.4.20 Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay Výsledek obrázku pro ransomware Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online.
12.4.20 NewAurora Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a new Aurora Ransomware variant that appends the .bukyak extension.
12.4.20 New BearCrypt Ransomware Výsledek obrázku pro ransomware GrujaRS found a new ransomware called BearCrypt that only targets .jpg and .png files. When encrypted it appends the .crypt extension and drops a ransom note named Readme.txt. Appears to be in-dev.
12.4.20 Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations Výsledek obrázku pro ransomware Travelex reportedly paid a $2.3 million ransom payment to get their systems back online after being encrypted by a Sodinokibi ransomware attack.
12.4.20 New Jope Mpaj Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found new STOP Ransomware variant that appends the .mpaj extension to encrypted files.
12.4.20 Dharma Ransomware Variant Malspam Targeting COVID-19 Výsledek obrázku pro ransomware One such spear-phishing campaign is being used by the Dharma ransomware variant (Crysis). First noted in 2016, Dharma ransomware has been around for almost five years now and keeps popping out with a new variant, periodically. The threat actors want to leverage every scenario to escape detection and deliver the payload.
12.4.20 New Gibberish variant spread through RIG-EK Gibberish FaLcon Intelligence found that a new variant of the Gibberish Ransomware is being spread through the RIG exploit kit.
12.4.20 New Joke (?) Ransomware decrypts if you win a game S!Ri found a new ransomware that states it will decrypt your files if you win a game.
12.4.20 New Corona Virus IQ Ransomware Corona Virus IQ MalwareHunterTeam found a new "Corona Virus IQ" Ransomware from Iraqthat appends the .corona extension to encrypted files.
12.4.20 New Revon Phobos variant Výsledek obrázku pro ransomware dnwls0719 found a new Phobos Ransomware variant that appends the .revon extension and drops ransom notes named info.txt and info.hta.
12.4.20 New BlackOrchid Ransomware variant Výsledek obrázku pro ransomware GrujaRS found anew BlackOrchid Ransomware variant that appends the .shinya extension to encrypted files.
12.4.20 Interpol: Ransomware attacks on hospitals are increasing Výsledek obrázku pro ransomware The INTERPOL (International Criminal Police Organisation) warns that cybercriminals are increasingly attempting to lockout hospitals out of critical systems by attempting to deploy ransomware on their networks despite the currently ongoing COVID-19 outbreak.
12.4.20 New Jope STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found new STOP Ransomware variant that appends the .jope extension to encrypted files.
12.4.20 New MSPLT Dharma Ransomware variant Výsledek obrázku pro ransomware dnwls0719 found a new Dharma Ransomware variant that appends the .MSPLT extension to encrypted files.
12.4.20 New MrDec Ransomware MrDec S!Ri found the MrDec Ransomware that appends the .[ID]_RSA extension.
12.4.20 New Boruta Ouroboros Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Boruta Ouroboros Ransomware variant that appends the .Boruta extension.
12.4.20 New Rogue Ransomware Rogue GrujaRS found the new HiddenTear ransomware named Rogue Ransomware that appends the .rogue extension and impersonates
12.4.20 New WannaCash variant utilizes a COVID-19 theme Výsledek obrázku pro ransomware Alex Svirid found a new variant of the WannaCash Ransomware that appends the COVID-19 themed extension of .WANNACASH NCOV v310320.
12.4.20 Microsoft is Alerting Hospitals Vulnerable to Ransomware Attacks Výsledek obrázku pro ransomware Microsoft has started to send targeted notifications to dozens of hospitals about vulnerable public-facing VPN devices and gateways located on their network.
12.4.20 REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation Výsledek obrázku pro ransomware REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725.
12.4.20 Nephilim Ransomware fixes spelling mistake Výsledek obrázku pro ransomware dnwls0719 spotted the Nephilim ransomware, which was previously using a different and uncommon spelling of Nefilim in the past. This variant uses the .NEPHILIM extension and drops a ransom note named NEPHILIM-DECRYPT.txt.
12.4.20 Aurora Ransomware decrypted updated Výsledek obrázku pro ransomware Emsisoft updated their Aurora decryptor to support the .CoronaLock extension.
12.4.20 New BB Ransomware BB dnwls0719 found the BB Ransomware that appends the .encryptedbyBB extension to encrypted files.
12.4.20 ILELECTION2020 Ransomware discovered ILELECTION2020 MalwareHunterTeam found a new Stupid Ransomware variant called ILELECTION2020 that targets Israelis and appends the .likud extension to encrypted files.
12.4.20 New Jigsaw Ransomware Jigsaw JAMESWT found a new Jigsaw Ransomware variant targeted Italian users and appending the .math extension to encrypted files.
12.4.20 New Mado STOP Ransomware variant Michael Gillespie found a new variant of the STOP Ransomware that appends the .mado extension to encrypted files.

29.3.20

Ransomware Maze Výsledek obrázku pro ransomware The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura.

29.3.20

Ransomware using COVID-19 lures Výsledek obrázku pro ransomware MalwareHunterTeam found a ransomware being spread as 'Covid-19 cure update.exe'. Asks the victim to contact them via WhatsApp.

29.3.20

New 2020 Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .2020 extension to encrypted files.

29.3.20

Russian-Speaking Hackers Attack Pharma, Manufacturing Companies in Europe Výsledek obrázku pro ransomware Malware belonging to Russian-speaking threat actors was used in attacks in late January against at least two European companies in the pharmaceutical and manufacturing industries.

29.3.20

New Rubly Trojan MBR Locker Rubly Karsten Hahn found a new MBR Locker called 'Rubly Trojan' that utilizes the same code as Coronavirus ransomware to lock the MBR and shows an Annabelle picture in the locker.

29.3.20

Ryuk Ransomware Keeps Targeting Hospitals During the Pandemic Výsledek obrázku pro ransomware The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic.

29.3.20

Chubb Cyber Insurer Allegedly Hit By Maze Ransomware Attack Výsledek obrázku pro ransomware Cyber insurer giant Chubb is allegedly the latest ransomware victim according to the operators of the Maze Ransomware who claim to have encrypted the company in March 2020.

29.3.20

New OPQZ STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .opqz extension.

29.3.20

Cyberattack: the EssilorLuxottica group struck by ransomware Výsledek obrázku pro ransomware Since Saturday March 21, the optical specialist Essilor has suffered a major computer attack. The attackers demand a ransom to unblock the situation.

29.3.20

New n2019cov Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam has seen a new n2019cov Ransomware that appends the .P4WN3D and drops a ransom note named Checks if ThreeLetterISOLanguageName is "spa" before writing note. But it will be hidden... The names used...

29.3.20

Three More Ransomware Families Create Sites to Leak Stolen Data Výsledek obrázku pro ransomware Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches.

29.3.20

New Makop ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Makop Ransomware that appends the .shootlock extension to encrypted files.

29.3.20

New Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie found a two new variants of the same unknown ransomware that utilize the extensions .yakuza or .teslarvng and drop a ransom note named How To Recover.txt.

29.3.20

New Waldo Ransomware Waldo dnwls0719 found a new ransomware calling itself 'Waldo Ransomware' that does not utilize an extension for encrypted files.

29.3.20

New C-VIR Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .C-VIR extension to encrypted files.

29.3.20

New VHD Ransomware Výsledek obrázku pro ransomware Jirehlov Solace found a new ransomware that appends the .vhd extension to encrypted files and drops a ransom note named HowToDecrypt.txt.

29.3.20

Netwalker Ransomware Infecting Users via Coronavirus Phishing Výsledek obrázku pro ransomware As if people did not have enough to worry about, attackers are now targeting them with Coronavirus (COVID-19) phishing emails that install ransomware.

29.3.20

New NPSK STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .npsk extension.

29.3.20

UK Fintech Firm Finastra Hit By Ransomware, Shuts Down Servers Výsledek obrázku pro ransomware Finastra, a leading financial technology provider from the UK, announced that it had to take several servers offline following a ransomware attack detected earlier today.

29.3.20

PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware ProLock PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created.

29.3.20

New LX Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .LX extension to encrypted files.

29.3.20

New Velar Gibberish Ransomware variant Velar S!Ri found a new variant of the Gibberish Ransomware variant called Velar.

29.3.20

France warns of new ransomware gang targeting local governments Výsledek obrázku pro ransomware France's cyber-security agency issued an alert this week warning about a new ransomware gang that's been recently seen targeting the networks of local government authorities.

29.3.20

Sodinokibi Ransomware Data Leaks Now Sold on Hacker Forums Výsledek obrázku pro ransomware Ransomware victims who do not pay a ransom and have their stolen files leaked are now facing a bigger nightmare as other hackers and criminals sell and distribute the released files on hacker forums.

29.3.20

Why would you even bother?! - JavaLocker Výsledek obrázku pro ransomware Today we'll take a look at a windows ransomware built with Java. As you might have guessed this will get ugly and is therefore not for the faint of heart.

29.3.20

Most Ransomware Gets Executed Three Days After Initial Breach Výsledek obrázku pro ransomware Ransomware gets deployed three days after an organization's network gets infiltrated in the vast majority of attacks, with post-compromise deployment taking as long as 299 days in some of the dozens of attacks researchers at cybersecurity firm FireEye examined between 2017 and 2019.

29.3.20

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic Výsledek obrázku pro ransomware Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

29.3.20

Emsisoft, Coveware Offer Free Ransomware Help During Coronavirus Outbreak Výsledek obrázku pro ransomware Emsisoft and Coveware have announced that they will be offering their ransomware decryption and negotiation services for free to healthcare providers during the Coronavirus outbreak.

29.3.20

New Nefilim Ransomware Threatens to Release Victims' Data Výsledek obrázku pro ransomware A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data.

29.3.20

New Clinux (GoldenEye mod) Ransomware Clinix S!Ri found a new ransomware called Clinix that appears to a modified version of GoldenEye.

29.3.20

CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware Výsledek obrázku pro ransomware The DomainTools Security Research Team, in the course of monitoring newly registered Coronavirus and COVID labeled domain names, discovered a website luring users into downloading an Android application under the guise of a COVID-19 heat map. Analysis on the application showed that the APK contained ransomware. SSL certificates of the malicious domain (coronavirusapp[.]site) link the site to another domain (dating4sex[.]us) which is also serving the malicious application. The linked site has registration information pointing to an individual in Morocco.

29.3.20

JungleSec starts threatening to leak stolen data JungleSec Michael Gillespie found a JungleSec ransom note where they have begun to threaten to release stolen data.

29.3.20

New REMK STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .remk extension.

29.3.20

New IPM Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .IPM extension to encrypted files.

15.3.20

CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware Výsledek obrázku pro ransomware In reality, the app is poisoned with ransomware. This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.

15.3.20

Nemty rebrands as Nefilim Výsledek obrázku pro ransomware MalwareHunterTeam found that the Nemty Ransomware has rebranded as NEFILIM. Drops a ransom note named NEFILIM-DECRYPT.txt and appends the extension .NEFILIM.

15.3.20

New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer CoronaVirus Ransomware A new ransomware called CoronaVirus has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.

15.3.20

Paradise Ransomware Distributed via Uncommon Spam Attachment Paradise Ransomware Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims.

15.3.20

New FOOP STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .foop extension to encrypted files.

15.3.20

Ryuk Ransomware Behind Durham, North Carolina Cyberattack Výsledek obrázku pro ransomware The City of Durham, North Carolina has shut down its network after suffering a cyberattack by the Ryuk Ransomware this weekend.

15.3.20

Ransomware Threatens to Reveal Company's 'Dirty' Secrets Výsledek obrázku pro ransomware The operators of the Sodinokibi Ransomware are threatening to publicly share a company's "dirty" financial secrets because they refused to pay the demanded ransom.

15.3.20

New LOKD STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .lokd extension to encrypted files.
8.3.20 New Mzr Ransomware Výsledek obrázku pro ransomware GrujaRS found the new Mazr Ransomware that appends the .MZR extension and drops a ransom note named MZReverengeReadME.txt.
8.3.20 Defense contractor CPI knocked offline by ransomware attack Výsledek obrázku pro ransomware A major electronics manufacturer for defense and communications markets was knocked offline after a ransomware attack, TechCrunch has learned.
8.3.20 Ryuk ransomware hits Fortune 500 company EMCOR Výsledek obrázku pro ransomware EMCOR Group (NYSE: EME), a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems.
8.3.20 Microsoft Shares Tactics Used in Human-Operated Ransomware Attacks Výsledek obrázku pro ransomware Microsoft today shared tips on how to defend against human-operated ransomware attacks known to be behind hundreds of millions of dollars in losses following campaigns targeting enterprises and government entities.
8.3.20 PwndLocker Ransomware Gets Pwned: Decryption Now Available Výsledek obrázku pro ransomware Emsisoft has discovered a way to decrypt files encrypted by the new PwndLocker Ransomware so that victims can recover their files without paying a ransom.
8.3.20 New Onix Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new Onix Ransomware that is part of the Major Ransomware family that appends the .ONIX extension to encrypted files.
8.3.20 New Ouroboros Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Ouroboros Ransomware variant that appends the .vash extension to encrypted files.
8.3.20 Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection Výsledek obrázku pro ransomware Legal services and e-discovery giant Epiq Global took their systems offline on Saturday after the Ryuk Ransomware was deployed and began encrypting devices on their network.
8.3.20 Windows Explorer Used by Mailto Ransomware to Evade Detection Výsledek obrázku pro ransomware A newly discovered Mailto (NetWalker) ransomware strain can inject malicious code into the Windows Explorer process so that the malware can evade detection.
8.3.20 New FDFK Matrix Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Matrix Ransomware that appends the .FDFK extension to encrypted files and drops a ransom note named !FDFK_INFO!.rtf.
8.3.20 German BSI Tells Local Govt Authorities Not to Pay Ransoms Výsledek obrázku pro ransomware BSI, Germany's federal cybersecurity agency, recommends local governments and municipal institutions not to pay the ransoms asked by attackers after they get affected by ransomware attacks.
8.3.20 Ransomware Attackers Use Your Cloud Backups Against You Výsledek obrázku pro ransomware Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you.
8.3.20 New Everbe 3.0 Ransomware calls itself Culex Locker Culex Locker Marcelo Rivero found a new variant of the Everbe 3.0 Ransomware that calls itself Culex Locker. This ransomware will append the .[culex@cock.li].CULEX and drop a ransom note named !_HOW_RECOVERY_FILES_!.txt.
8.3.20 New RXX Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .rxx extension to encrypted files.
8.3.20 Legal services giant Epiq Global offline after ransomware attack Výsledek obrázku pro ransomware Legal services giant Epiq Global has been hit by a ransomware attack.
8.3.20 New PwndLocker Ransomware Targeting U.S. Cities, Enterprises PwndLocker Ransom Note Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.
8.3.20 Nemty Ransomware Punishes Victims by Posting Their Stolen Data Nemty Leak Site The Nemty Ransomware is the latest cybercrime operation to create a data leak site to punish victims who refuse to pay ransoms.
8.3.20 New Rezm STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .rezm extension to encrypted files.

1.3.20

Sodinokibi Ransomware Posts Alleged Data of Kenneth Cole Fashion Giant Výsledek obrázku pro ransomware The operators behind Sodinokibi Ransomware published download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from giant U.S. fashion house Kenneth Cole Productions.
1.3.20 Nemty Ransomware Actively Distributed via 'Love Letter' Spam Výsledek obrázku pro ransomware Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.
1.3.20 New Black Kingdom Ransomware Výsledek obrázku pro ransomware GrujaRS found the new Black Kingdom Ransomware that appends the .DEMON extension and drops a ransom note named README.txt.
1.3.20 New YKUP STOP DJvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma ransomware variant that appends the .YKUP extension.

1.3.20

DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw Výsledek obrázku pro ransomware Cloud services provider Bretagne Télécom was hacked by the threat actors behind the DoppelPaymer Ransomware using an exploit that targeted servers unpatched against the CVE-2019-19781 vulnerability.
1.3.20 Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices Výsledek obrázku pro ransomware The operators of the Sodinokibi Ransomware (REvil) have started urging affiliates to copy their victim's data before encrypting computers so it can be used as leverage on a new data leak site that is being launched soon.
1.3.20 New BlackHeart Ransomware variant Black Heart dnwls0719 found a new BlackHeart Ransomware variant that appends the .Tsar extension and drops a ransom note named ReadME-Tsar.txt.
1.3.20 LockBit threatens users with GDPR violations LockBit MalwareHunterTeam noticed that LockBit changed their ransom note to threaten data leaks and GDPR fines.

1.3.20

DoppelPaymer Ransomware Launches Site to Post Victim's Data Výsledek obrázku pro ransomware The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted.
1.3.20 New Nomikon Ransomware Nomikon MalwareHunterTeam found the note for a new Nomikon Ransomware. No sample as of yet.
1.3.20 Cyberattack on NRC Health sparks privacy concerns about private patient records stored by US hospitals Výsledek obrázku pro ransomware NRC Health, a publicly-traded company that says it works with 75 percent of the 200 largest U.S. hospital chains, was hit with a cyberattack on Feb. 11, a spokesperson confirmed to CNBC. The attack sparked concerns about the security of patient health information stored on NRC Health’s server
1.3.20 New EncodeCSL Ransomware EncodeCSL Siri found a new ransomware named EncoderCSL that appends the .locked extension.
1.3.20 New EDA2 Ransomware variant EDA2 Siri found a new ransomware that appends the .coom extension.

1.3.20

New DeathHiddenTear Ransomware Výsledek obrázku pro ransomware Michael Gillespie found the DeathHiddenTear Ransomware that uses the .encryptedS extension for small files and the .encryptedL extension for files larger than 500MB.
1.3.20 New nppp STOP DJvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP ransomware variant that appends the .nppp extension.
1.3.20 Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security Výsledek obrázku pro ransomware Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today warned of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies.
1.3.20 Ransomware Hunt: Výsledek obrázku pro ransomware Michael Gillespie is looking for a sample of the ransomware that uses __________WHY FILES NOT WORK__________.txt ransom note.
1.3.20 New AfroditaTeam Ransomware variant Afrodita MalwareHunterTeam found a new AfroditaTeam Ransomware variant that uses the READM3_AFR0DITA_REC0VERY.txt ransom note.
1.3.20 Chinese Jigsaw Ransomware variant uses .exe extension Výsledek obrázku pro ransomware Jirehlov found a Chinese Jigsaw Ransomware variant that appends the .exe extension to encrypted files.

1.3.20

New mool STOP DJvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP ransomware variant that appends the .mool extension.
1.3.20 US Govt Warns of Ransomware Attacks on Pipeline Operations
 
Výsledek obrázku pro ransomware The Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations across all critical U.S. infrastructure sectors about a recent ransomware attack that affected a natural gas compression facility.
1.3.20 Dharma Ransomware Attacks Italy in New Spam Campaign Výsledek obrázku pro ransomware Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy.
1.3.20 Chinese ransomware disguised as VPN DVPN Jirehlov found a Chinese Ransomware that is disguised as a VPN Tool.
1.3.20 New mmnn and ooss STOP DJvu Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new STOP ransomware variants that append the .mmnn or .ooss extensions.

1.3.20

First Go Ransomware with a GUI? Mew767 MalwareHunterTeam found what could be the first Go Ransomware with a GUI called Mew767.
1.3.20 New NCOV and SELF Dharma Ransomware variants Jakub Kroustek found new Dharma Ransomware variants that appends the .ncov or .self extension to encrypted files.
16.2.20 New Unknown ransomware Unknown S!Ri found a unknown ransomware that targets both Russian and English speaking victims.
16.2.20 New Rooe STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .rooe extension to encrypted files.

16.2.20

CXK-NMSL V3.3 spotted pretending to be Coronavirus info Výsledek obrázku pro ransomware Germán Fernández found a new version 3.3 of the CXK-NMSL ransomware that pretends to be '2020.1.10-2020.1.23Information on Travelers from Wuhan China to India.xlsx.
16.2.20 Ransomware meets sextortion: this ransomware demands explicit pics to unlock your data Výsledek obrázku pro ransomware We just released an updated decryptor for the “Ransomwared” strain of ransomware that can unlock files appended with extensions such as .ransomwared and .iwanttits.
16.2.20 New WHY, LIVE, and Z9 Dharma Ransomware variants Výsledek obrázku pro ransomware Jakub Kroustek found two new variants of the Dharma Ransomware that appends the .WHY, .Z9, and .LIVE extensions to encrypted files.
16.2.20 New Major Ransomware variant Onix Amigo-A found a new variant of the Major Ransomware that's is calling itself Onix and appends the .ONIX extension and drops a ransom note named TRY_TO_READ.html.

16.2.20

Report: The cost of ransomware in 2020. A country-by-country analysis Výsledek obrázku pro ransomware In The State of Ransomware in the US: Report and Statistics 2019, we examined the number of ransomware attacks on the U.S. public sector and the cost of those attacks. In this report, we will examine the number of attacks on both the public and private sectors for a number of countries and estimate the cost, including the cost of downtime, of those attacks on a country-by-country basis as well as estimate the overall global cost
16.2.20 New Chinese Ransomware Unknown CollabVM found an unknown Chinese Ransomware on a hacked remote desktop server.
16.2.20 New Ransomware appends cuba Výsledek obrázku pro ransomware GrujaRS found a new ransomware that appends the .cuba extension and drops a ransom note named !!FAQ for Decryption!!.txt.
16.2.20 Ragnar Locker Ransomware Targets MSP Enterprise Support Tools Výsledek obrázku pro ransomware A ransomware called Ragnar Locker is specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped.

16.2.20

New MedusaLocker ransomware MedusaLocker GrujaRS found a new variant of the MedusaLocker Ransomware that appends the .hellomynameisransom extension to encrypted files and drops a ransom note named HOW_TO_RECOVER_DATA.html.
16.2.20 New Phobos Ransomware variants Výsledek obrázku pro ransomware Amigo-A found two new variants of the Phobos Ransomware that append the .Devos or .Caley extensions to encrypted files.
9.2.20 New DesuCrypt variant Desucrypt S!Ri found a new DesuCrypt ransomware variant that appends the .desucrpt extension but does not provide a way of contacting them for ransom info.
9.2.20 New BBOO STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .bboo extension to encrypted files.
9.2.20 New Snatch Ransomware variant Výsledek obrázku pro ransomware dnwls0719 found a new variant of the Snatch Ransomware that appends the .egmwv extension to encrypted files and drops a ransom note named DECRYPT_EGMWV_FILES.txt.
9.2.20 Ransomware Exploits GIGABYTE Driver to Kill AV Processes Výsledek obrázku pro ransomware The attackers behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows that is used to terminate antivirus and security software.
9.2.20 Ransomwared Decryptor released Výsledek obrázku pro ransomware Emsisoft released a decryptor for the Ransomwared Ransomware whose encrypted files utilize the .ransomwared extension.
9.2.20 Mailto (NetWalker) Ransomware Targets Enterprise Networks Mailto Ransom Note With the high ransom prices and big payouts of enterprise-targeting ransomware, we now have another ransomware known as Mailto or Netwalker that is compromising enterprise networks and encrypting all of the Windows devices connected to it.
9.2.20 New Ransomware Strain Halts Toll Group Deliveries Výsledek obrázku pro ransomware Australian transportation and logistics company Toll Group stated today that systems across multiple sites and business units were encrypted affected by a ransomware called the Mailto ransomware.
9.2.20 New PassLock Ransomware PassLock S!Ri found a new ransomware called PassLock that appends the .encrypted extension to encrypted files.
9.2.20 REvil publishes victim data online Výsledek obrázku pro ransomware Under the Breach noticed that REvil had begun to publish a victim's data online after they did not pay a ransom.
9.2.20 Warning to law firms: a ransomware group is stealing data and posting it online Výsledek obrázku pro ransomware Five law firms have been hit by a notorious ransomware group known as Maze – three within the last 72 hours alone. It is highly likely Maze will target more law firms in the days and weeks ahead. While only U.S. firms have so been hit, firms in other countries are equally at risk.
9.2.20 DoppelPaymer Ransomware Sells Victims' Data on Darknet if Not Paid Výsledek obrázku pro ransomware The DoppelPaymer Ransomware is the latest family threatening to sell or publish a victim's stolen files if they do not pay a ransom demand.
9.2.20 Bouygues Construction Shuts Down Network to Thwart Maze Ransomware Výsledek obrázku pro ransomware French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware.
9.2.20 New ADV Ransomware Výsledek obrázku pro ransomware Jirehlov found a new ransomware that appends the .adv extension but does not seem to drop a ransom note. Not sure if its buggy, in dev, or meant to be a wiper.
2.2.20 New ALKA STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .alka extension to encrypted files.
2.2.20 Ransomware hits TV & radio news monitoring service TVEyes Výsledek obrázku pro ransomware A ransomware infection has brought down TVEyes, a company that manages a popular platform for monitoring TV and radio news broadcasts, broadly used by newsrooms and PR agencies across the globe.
2.2.20 New REPP STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .repp extension to encrypted files.
2.2.20 New LockBit variant LockBit Albert Zsigovits found a new variant of the LockBit ransomware that appends the .lockbit extension.
2.2.20 Ransomware predicted to target U.S. 2020 election – and local governments are not prepared Výsledek obrázku pro ransomware We now feel it necessary to issue a similar warning in relation to the threat ransomware presents to the 2020 election and again call on governments to act immediately to improve their security.
2.2.20 New NPSG STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .npsg extension to encrypted files.
2.2.20 New BTOS STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .btos extension to encrypted files.
2.2.20 New CryptoPatronum Ransomware Discovered CryptoPatronum Amigo_A found the new CryptoPatronum Ransomware that appends the .cryptopatronum@protonmail.com.enc and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.txt.
2.2.20 Tracking REvil Výsledek obrázku pro ransomware After the message GandCrab quit, a hole was left in the scene. It was time for a new contender. In the last few months REvil/Sodinokibi seems to have filled that gap. There already have been multiple blogs describing the similarities between GandCrab and REvil affiliates. We’ll stay clear of the similarities in this blog and focus on the usage statistics of the ransomware family by looking at samples, infection rates and ransom demands.
2.2.20 Maze Ransomware pokes at security researchers Maze taunts Vitali Kremez has noticed that the Maze Ransomware operators are taunting and having some fun with security researchers.
2.2.20 Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender Výsledek obrázku pro ransomware A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.
2.2.20 Ransomware Bitcoin Wallet Frozen by UK Court to Recover Ransom Výsledek obrázku pro ransomware A victim's insurance company convinced the UK courts to freeze a bitcoin wallet containing over $800K worth of a ransomware payment.
2.2.20 New 2NEW Dharma Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma Ransomware variant that appends the .2NEW extension to encrypted files.
2.2.20 New CryptLive Dharma Ransomware variant CryptLive Ransomware Amigo-A found a new Dharma Ransomware variant that appends the .LIVE and drops the ransom notes Info.hta and FILES ENCRYPTED.txt. Appears to call itself CryptLive.
2.2.20 Strawberry Fields Crypto Locker discovered Strawberry fields locker MalwareHunterTeam discovered a new ransomware called "Strawberry Fields Crypto Locker" that does not encrypt. Looks like a joke ransomware.
2.2.20 DoppelPaymer finally gets its own extension Výsledek obrázku pro ransomware MalwareHunterTeam noticed that DoppelPaymer has finally switched to its own extension of .doppled and now ends their ransom notes with .how2decrypt.txt.

26.1.20

City of Potsdam Servers Offline Following Cyberattack Výsledek obrázku pro ransomware The City of Potsdam severed the administration servers' Internet connection following a cyberattack that took place earlier this week. Emergency services including the city's fire department fully operational and payments are not affected.

26.1.20

Citrix Releases Final Patch as Ransomware Attacks Ramp Up Výsledek obrázku pro ransomware Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.
26.1.20 New Ryuk Info Stealer Targets Government and Military Secrets Výsledek obrázku pro ransomware A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.
26.1.20 New Devil Phobos Ransomware variant Výsledek obrázku pro ransomware MalwareDev found a new variant of the Phobos Ransomware that appends the .devil extension.
26.1.20 New OnyxLocker variant discovered OnyxLocker S!Ri found a new variant of the OnyxLocker Ransomware that appends the .кристина extension.
26.1.20 New Topi STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .topi extension to encrypted files.
26.1.20 Ransomware Costs Double in Q4 as Ryuk, Sodinokibi Proliferate Výsledek obrázku pro ransomware The total cost of a ransomware attack is a function of the severity and duration of the attack. Financial costs include the the ransom payment if one is made, and the costs to remediation of a network and its hardware. Costs also include lost revenue and potential brand damage if business interruption is severe enough. In Q4, ransomware actors also began exfiltrating data from victims and threatening its release if the ransom was not paid. In addition to remediation and containment costs, this new complication brings forth the potential costs of 3rd party claims as a result of the data breach.

26.1.20

ChernoLocker Decryptor updated Výsledek obrázku pro ransomware Emsisoft updated their ChernoLocker Decryptor to support more variants including . chernolocker & (.filelocker@protonmail.ch).

26.1.20

New Reha STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .reha extension to encrypted files.

26.1.20

Sodinokibi Ransomware Threatens to Publish Data of Automotive Group Výsledek obrázku pro ransomware The attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they failed to get in touch and pay the ransom to have the data decrypted.
26.1.20 Maze Ransomware Not Getting Paid, Leaks Data Left and Right Výsledek obrázku pro ransomware Maze ransomware operators have infected computers from Medical Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of data stolen from infected machines.
26.1.20 New Mespinoza Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a new variant of the Mespinoza Ransomware that appends the .pysa extension.
26.1.20 New News Dharma Ransomware variant Dharma Raby found a new variant of the Dharma Ransomware that appends the .NEWS extension to encrypted files.
26.1.20
600 Computers Taken Down After Florida Library Cyberattack
Výsledek obrázku pro ransomware 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9.
26.1.20 BitPyLock Ransomware Now Threatens to Publish Stolen Data BitPyLock A new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices.
26.1.20 Windows EFS Feature May Help Ransomware Attackers Výsledek obrázku pro ransomware Security researchers have created concept ransomware that takes advantage of a feature in Windows that encrypts files and folders to protect them from unauthorized physical access to the computer.
26.1.20 FTCode Ransomware Now Steals Saved Login Credentials Výsledek obrázku pro ransomware FTCode ransomware victims now have one more thing to worry about with the malware having been upgraded to also steal saved user credentials from email clients and web browsers.
26.1.20 RIG Exploit kit was pushing Paradise Ransomware Výsledek obrázku pro ransomware mol69 noticed that the RIG exploit kit was pushing a Paradise Ransomware variant that appends the .777 extension.
26.1.20 New Nosu STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nosu extension to encrypted files.
26.1.20 New Jersey Synagogue Suffers Sodinokibi Ransomware Attack Výsledek obrázku pro ransomware Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network.
26.1.20 Nemty Ransomware changes its web site Nemty Tor Site dnwls0719 discovered that Nemty has updated their RaaS payment site to a new layout.

19.1.20

Sodinokibi Ransomware Publishes Stolen Data for the First Time Výsledek obrázku pro ransomware For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time.
19.1.20 New Creeper Ransomware variant Creeper Ransomware Amigo-A found a new variant of the Creeper Ransomware that appends the .rag2hdst extension and drops a ransom note named DECRIPT_FILES.txt.
19.1.20 New Satan Ransomware variant Satan Ransomware onion found a new variant of the Satan Ransomware that appends the .5ss5c extension and continues to utilize Mimikatz and EternalBlue.
19.1.20 Nemty Ransomware to Start Leaking Non-Paying Victim's Data Výsledek obrázku pro ransomware The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom.

19.1.20

New RedRum Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new ransomware named RedRum that appends the .grinch extension and uses a filemarker of "happyny3.1".
19.1.20 Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices Výsledek obrázku pro ransomware The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.
19.1.20 Satan ransomware rebrands as 5ss5c ransomware Výsledek obrázku pro ransomware The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named "5ss5c".
19.1.20 New Sivo Ransomware Sivo S!Ri found a new ransomware called Sivo that appends the .sivo extension and drops a ransom note named Sivo-README.txt.
19.1.20 Paradise Ransomware decryption tool Výsledek obrázku pro ransomware Bitdefender Labs has a released a decryptor for the Paradise Ransomware.
19.1.20 Emsisoft updates their Paradise Ransomware decryptor Výsledek obrázku pro ransomware Emsisoft updated their Paradise Ransomware decryptor to support the .stub, .corp and .vacv2 extensions.
19.1.20 New Rams1 ransomware Výsledek obrázku pro ransomware S!Ri found a new ransomware that appears to be in-development and appends the .rams1 extension to encrypted files.

19.1.20

Cryakl Releases a new version Výsledek obrázku pro ransomware Albert Zsigovits noticed that Crakl released a new version (1.8.0.0) of the ransomware.
19.1.20 New Kodc STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu rasomware that appends the .kodc extension to encrypted files.
12.1.20 New Lion Ransomware Výsledek obrázku pro ransomware GrujaRS found the Lion Ransomware which is based off of BlackHeart.
12.1.20 New Inchin Scarab Ransomware variant Scarab Amigo-A found a new variant of the Scarab Ransomware that appends the .inchin extension to encrypted files and drops a ransom note named RECOVER.TXT.
12.1.20 Maze Ransomware Publishes 14GB of Stolen Southwire Files Výsledek obrázku pro ransomware The Maze Ransomware operators have released an additional 14GB of files that they claim were stolen from one of their victims for not paying a ransomware demand.
12.1.20 Sodinikibi Ransomware Hits New York Airport Systems Výsledek obrázku pro ransomware Albany International Airport's staff announced that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas.
12.1.20 Ako Ransomware: Another Day, Another Infection Attacking Businesses Výsledek obrázku pro ransomware Like moths to a flame, new ransomware targeting businesses keep appearing every day as they are enticed by the prospects of million-dollar ransom payments. An example of this is a new ransomware called Ako that is targeting the entire network rather than just individual workstations.
12.1.20 New BitPyLock Ransomware BitPyLock MalwareHunterTeam found a new ransomware called BitPyLock that appends the .bitpy extension and drops a ransom note named # HELP_TO_DECRYPT_YOUR_FILES #.html. Korben Dallas found the Afrodita ransomware that appends the
12.1.20 New Kangaroo Ransomware variant Kangaroo S!Ri found a new Kangaroo Ransomware variant that appends the .missing extension to encrypted files.
12.1.20 New Quimera Ransomware Quimera S!Ri found a new ransomware called Quimera.
12.1.20 Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another Výsledek obrázku pro ransomware The attackers behind the Sodinokibi Ransomware are applying pressure on Travelex to pay a multi-million dollar ransom by stating they will release or sell stolen data that allegedly contains customer's personal information.
12.1.20 New M461c14n R4n50m3w473 Magician MalwareHunterTeam found a new ransomware dubbed M461c14n R4n50m3w473.
12.1.20 Roll Safe Ransomware Roll Safe S!Ri found a new ransomware that appends the .encrypted extension.
12.1.20 New DarkCrypt WannaCryFake variant DarkCrypt S!ri found a new variant of the WannaCryFake Ransomware that calls itself DarkCrypt that drops a ransom note named README.txt.
12.1.20 SNAKE Ransomware Is the Next Threat Targeting Business Networks Výsledek obrázku pro ransomware Since network administrators didn't already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it.
12.1.20 New Deniz_kizi Ransomware Denzi Parthi found a new ransomware that appends .Deniz_kizi to encrypted files and drops a ransom note named Please Read Me!!!.hta.
12.1.20 New Somik1 Ransomware Somik1 S!Ri found a new ransomware called Somik1 that appears to be in development.
12.1.20 New SatanCryptor Ransomware SatanCryptor S!Ri found a new ransomware called SatanCryptor that drops a ransom note named # SATAN CRYPTOR #.hta and appends the .Satan extension to encrypted files.
12.1.20 Aurora Decryptor updated Výsledek obrázku pro ransomware Emsisoft updated their Aurora Decryptor to support the .crypton extension.
12.1.20 Sodinokibi Ransomware Hits Travelex, Demands $3 Million Výsledek obrázku pro ransomware It's been more than six days since a cyber attack took down the services of the international foreign currency exchange company Travelex and BleepingComputer was able to confirm that the company systems were infected with Sodinokibi ransomware.
12.1.20 New Crypton Aurora Ransomware variant Aurora Ransomware dnwls0719 found a new Aurora Ransomware variant that appends the .crypton extension and drops ransom notes named @_FILES_WERE_ENCRYPTED_@.TXT, @_HOW_TO_PAY_THE_RANSOM_@.TXT, and @_HOW_TO_DECRYPT_FILES_@.TXT.
12.1.20 New Erica Encoder Ransomware Erica dnwls0719 found a new ransomware named Erica Encoder that uses a random extension and drops a ransom note named HOW TO RESTORE ENCRYPTED FILES.TXT.
5.1.20 New SlankCryptor Ransomware Slank Ransomware MalwareHunterTeam found a new in-development ransomware called "SlankCryptor Profit Only" that appends .slank extension to encrypted files.
5.1.20 Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools Výsledek obrázku pro ransomware The Clop Ransomware continues to evolve with a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications.
5.1.20 FBI Warns of Maze Ransomware Focusing on U.S. Companies Výsledek obrázku pro ransomware Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first.
5.1.20 New Zeoticus Ransomware Zeoticus S!Ri found a new ransomware called Zeoticus that appends the .zeoticus extension to encrypted files.
5.1.20 New WannaCryFake Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new WannCryFake variant called AWT Ransomware that appends the .AWT extension to encrypted files and drops a ransom note named ReadMe.txt.
5.1.20 New RIDIK Dharma variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma Ransomware variant that appends the .RIDIK extension to encrypted files.
5.1.20 Nemty 2.2 and 2.3: analysis of their cryptography, and a decryptor for some file types Výsledek obrázku pro ransomware Tesorion has previously released decryptors for the Nemty ransomware up to version 1.6. Recently, new versions of Nemty have appeared in the wild. In this blog post we describe how a weird variant of AES-128 counter mode (CTR) encryption is used in Nemty 2.2 and 2.3 for its file encryption. We also announce the availability of a free decryptor for common office documents encrypted by Nemty 2.2 and 2.3.
5.1.20 How the Ransomware Economy Has Grown Výsledek obrázku pro ransomware The breadth and magnitude of ransomware attacks occurring today suggest that the cyber extortion industry has evolved exponentially over the past 12 months. It is as difficult to keep up with the headlines as the security advice that follows. In the face of this media firehose, it is important to step back and understand how we got to the state. We feel there are three primary elements that have lead to the current state of cyber extortion, and ransomware in particular.
5.1.20 Ransomware Attackers Offer Holiday Discounts and Greetings Výsledek obrázku pro ransomware To celebrate the holidays, ransomware operators are providing discounts or season's greetings to entice victims into paying a ransom demand.
5.1.20 Maze Ransomware Sued for Publishing Victim's Stolen Data Výsledek obrázku pro ransomware The anonymous operators behind the Maze Ransomware are being sued by a victim for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid.
5.1.20 New c0hen Locker Ransomware C0hen Locker Jack found a new ransomware called c0hen Locker that appends the .c0hen extension to encrypted files. The unlock key is 12309482354ab2308597u235fnq30045f.
5.1.20 New Phobos Ransomware variant Phobos M. Shahpasandi found a new Phobos Ransomware variant that appends the .Dever extension to encrypted files.
5.1.20 Ransomware Hits Maastricht University, All Systems Taken Down Výsledek obrázku pro ransomware Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23.
5.1.20 U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility Výsledek obrázku pro ransomware The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility.
5.1.20 WannaCash uses .happy new year extension WannaCash Alex Svirid found a new variant of the WannaCash ransomware that appends the ".happy new year" extension to encrypted file names.
5.1.20 Ryuk Ransomware Stops Encrypting Linux Folders Výsledek obrázku pro ransomware A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems.
5.1.20 Maze Ransomware Releases Files Stolen from City of Pensacola Výsledek obrázku pro ransomware The actors behind the Maze Ransomware have released 2GB of files that were allegedly stolen from the City of Pensacola during their ransomware attack.
5.1.20 New Matrix Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Matrix Ransomware that appends the .BDDY and drops a ransom note named #BDDY_README#.rtf.
5.1.20 Sherwood telemarketing company temporarily shuts down, blames cyber attack ransom Výsledek obrázku pro ransomware A Sherwood telemarketing agency has unexpectedly closed its doors, leaving over 300 employees without jobs a few days before Christmas.
5.1.20 Like Voldemort, Ransomware Is Too Scary to Be Named Výsledek obrázku pro ransomware Wary of alarming investors, companies victimized by ransomware attacks often tell the SEC that “malware” or a “security incident” disrupted their operations.
5.1.20 FBI Issues Alert For LockerGoga and MegaCortex Ransomware Výsledek obrázku pro ransomware The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.
5.1.20 New Piny and Redl STOP Djvu Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the Stop Djvu Ransomware that append the .piny or .redl extensions to encrypted files.