Ransomware News-  Úvod  2020  2019  2018  0  1  2  3 

Update 11.02.2019 18:43:58  Úvod  Ransomware  Jak útočí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

Datum

Název

Obrázek

Popis

29.3.20

Ransomware Maze Výsledek obrázku pro ransomware The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura.

29.3.20

Ransomware using COVID-19 lures Výsledek obrázku pro ransomware MalwareHunterTeam found a ransomware being spread as 'Covid-19 cure update.exe'. Asks the victim to contact them via WhatsApp.

29.3.20

New 2020 Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .2020 extension to encrypted files.

29.3.20

Russian-Speaking Hackers Attack Pharma, Manufacturing Companies in Europe Výsledek obrázku pro ransomware Malware belonging to Russian-speaking threat actors was used in attacks in late January against at least two European companies in the pharmaceutical and manufacturing industries.

29.3.20

New Rubly Trojan MBR Locker Rubly Karsten Hahn found a new MBR Locker called 'Rubly Trojan' that utilizes the same code as Coronavirus ransomware to lock the MBR and shows an Annabelle picture in the locker.

29.3.20

Ryuk Ransomware Keeps Targeting Hospitals During the Pandemic Výsledek obrázku pro ransomware The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic.

29.3.20

Chubb Cyber Insurer Allegedly Hit By Maze Ransomware Attack Výsledek obrázku pro ransomware Cyber insurer giant Chubb is allegedly the latest ransomware victim according to the operators of the Maze Ransomware who claim to have encrypted the company in March 2020.

29.3.20

New OPQZ STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .opqz extension.

29.3.20

Cyberattack: the EssilorLuxottica group struck by ransomware Výsledek obrázku pro ransomware Since Saturday March 21, the optical specialist Essilor has suffered a major computer attack. The attackers demand a ransom to unblock the situation.

29.3.20

New n2019cov Ransomware Výsledek obrázku pro ransomware MalwareHunterTeam has seen a new n2019cov Ransomware that appends the .P4WN3D and drops a ransom note named Checks if ThreeLetterISOLanguageName is "spa" before writing note. But it will be hidden... The names used...

29.3.20

Three More Ransomware Families Create Sites to Leak Stolen Data Výsledek obrázku pro ransomware Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches.

29.3.20

New Makop ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Makop Ransomware that appends the .shootlock extension to encrypted files.

29.3.20

New Ransomware hunt Výsledek obrázku pro ransomware Michael Gillespie found a two new variants of the same unknown ransomware that utilize the extensions .yakuza or .teslarvng and drop a ransom note named How To Recover.txt.

29.3.20

New Waldo Ransomware Waldo dnwls0719 found a new ransomware calling itself 'Waldo Ransomware' that does not utilize an extension for encrypted files.

29.3.20

New C-VIR Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .C-VIR extension to encrypted files.

29.3.20

New VHD Ransomware Výsledek obrázku pro ransomware Jirehlov Solace found a new ransomware that appends the .vhd extension to encrypted files and drops a ransom note named HowToDecrypt.txt.

29.3.20

Netwalker Ransomware Infecting Users via Coronavirus Phishing Výsledek obrázku pro ransomware As if people did not have enough to worry about, attackers are now targeting them with Coronavirus (COVID-19) phishing emails that install ransomware.

29.3.20

New NPSK STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .npsk extension.

29.3.20

UK Fintech Firm Finastra Hit By Ransomware, Shuts Down Servers Výsledek obrázku pro ransomware Finastra, a leading financial technology provider from the UK, announced that it had to take several servers offline following a ransomware attack detected earlier today.

29.3.20

PwndLocker Fixes Crypto Bug, Rebrands as ProLock Ransomware ProLock PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created.

29.3.20

New LX Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .LX extension to encrypted files.

29.3.20

New Velar Gibberish Ransomware variant Velar S!Ri found a new variant of the Gibberish Ransomware variant called Velar.

29.3.20

France warns of new ransomware gang targeting local governments Výsledek obrázku pro ransomware France's cyber-security agency issued an alert this week warning about a new ransomware gang that's been recently seen targeting the networks of local government authorities.

29.3.20

Sodinokibi Ransomware Data Leaks Now Sold on Hacker Forums Výsledek obrázku pro ransomware Ransomware victims who do not pay a ransom and have their stolen files leaked are now facing a bigger nightmare as other hackers and criminals sell and distribute the released files on hacker forums.

29.3.20

Why would you even bother?! - JavaLocker Výsledek obrázku pro ransomware Today we'll take a look at a windows ransomware built with Java. As you might have guessed this will get ugly and is therefore not for the faint of heart.

29.3.20

Most Ransomware Gets Executed Three Days After Initial Breach Výsledek obrázku pro ransomware Ransomware gets deployed three days after an organization's network gets infiltrated in the vast majority of attacks, with post-compromise deployment taking as long as 299 days in some of the dozens of attacks researchers at cybersecurity firm FireEye examined between 2017 and 2019.

29.3.20

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic Výsledek obrázku pro ransomware Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

29.3.20

Emsisoft, Coveware Offer Free Ransomware Help During Coronavirus Outbreak Výsledek obrázku pro ransomware Emsisoft and Coveware have announced that they will be offering their ransomware decryption and negotiation services for free to healthcare providers during the Coronavirus outbreak.

29.3.20

New Nefilim Ransomware Threatens to Release Victims' Data Výsledek obrázku pro ransomware A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data.

29.3.20

New Clinux (GoldenEye mod) Ransomware Clinix S!Ri found a new ransomware called Clinix that appears to a modified version of GoldenEye.

29.3.20

CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware Výsledek obrázku pro ransomware The DomainTools Security Research Team, in the course of monitoring newly registered Coronavirus and COVID labeled domain names, discovered a website luring users into downloading an Android application under the guise of a COVID-19 heat map. Analysis on the application showed that the APK contained ransomware. SSL certificates of the malicious domain (coronavirusapp[.]site) link the site to another domain (dating4sex[.]us) which is also serving the malicious application. The linked site has registration information pointing to an individual in Morocco.

29.3.20

JungleSec starts threatening to leak stolen data JungleSec Michael Gillespie found a JungleSec ransom note where they have begun to threaten to release stolen data.

29.3.20

New REMK STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .remk extension.

29.3.20

New IPM Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .IPM extension to encrypted files.

15.3.20

CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware Výsledek obrázku pro ransomware In reality, the app is poisoned with ransomware. This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.

15.3.20

Nemty rebrands as Nefilim Výsledek obrázku pro ransomware MalwareHunterTeam found that the Nemty Ransomware has rebranded as NEFILIM. Drops a ransom note named NEFILIM-DECRYPT.txt and appends the extension .NEFILIM.

15.3.20

New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer CoronaVirus Ransomware A new ransomware called CoronaVirus has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.

15.3.20

Paradise Ransomware Distributed via Uncommon Spam Attachment Paradise Ransomware Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims.

15.3.20

New FOOP STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .foop extension to encrypted files.

15.3.20

Ryuk Ransomware Behind Durham, North Carolina Cyberattack Výsledek obrázku pro ransomware The City of Durham, North Carolina has shut down its network after suffering a cyberattack by the Ryuk Ransomware this weekend.

15.3.20

Ransomware Threatens to Reveal Company's 'Dirty' Secrets Výsledek obrázku pro ransomware The operators of the Sodinokibi Ransomware are threatening to publicly share a company's "dirty" financial secrets because they refused to pay the demanded ransom.

15.3.20

New LOKD STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .lokd extension to encrypted files.
8.3.20 New Mzr Ransomware Výsledek obrázku pro ransomware GrujaRS found the new Mazr Ransomware that appends the .MZR extension and drops a ransom note named MZReverengeReadME.txt.
8.3.20 Defense contractor CPI knocked offline by ransomware attack Výsledek obrázku pro ransomware A major electronics manufacturer for defense and communications markets was knocked offline after a ransomware attack, TechCrunch has learned.
8.3.20 Ryuk ransomware hits Fortune 500 company EMCOR Výsledek obrázku pro ransomware EMCOR Group (NYSE: EME), a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems.
8.3.20 Microsoft Shares Tactics Used in Human-Operated Ransomware Attacks Výsledek obrázku pro ransomware Microsoft today shared tips on how to defend against human-operated ransomware attacks known to be behind hundreds of millions of dollars in losses following campaigns targeting enterprises and government entities.
8.3.20 PwndLocker Ransomware Gets Pwned: Decryption Now Available Výsledek obrázku pro ransomware Emsisoft has discovered a way to decrypt files encrypted by the new PwndLocker Ransomware so that victims can recover their files without paying a ransom.
8.3.20 New Onix Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new Onix Ransomware that is part of the Major Ransomware family that appends the .ONIX extension to encrypted files.
8.3.20 New Ouroboros Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Ouroboros Ransomware variant that appends the .vash extension to encrypted files.
8.3.20 Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection Výsledek obrázku pro ransomware Legal services and e-discovery giant Epiq Global took their systems offline on Saturday after the Ryuk Ransomware was deployed and began encrypting devices on their network.
8.3.20 Windows Explorer Used by Mailto Ransomware to Evade Detection Výsledek obrázku pro ransomware A newly discovered Mailto (NetWalker) ransomware strain can inject malicious code into the Windows Explorer process so that the malware can evade detection.
8.3.20 New FDFK Matrix Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Matrix Ransomware that appends the .FDFK extension to encrypted files and drops a ransom note named !FDFK_INFO!.rtf.
8.3.20 German BSI Tells Local Govt Authorities Not to Pay Ransoms Výsledek obrázku pro ransomware BSI, Germany's federal cybersecurity agency, recommends local governments and municipal institutions not to pay the ransoms asked by attackers after they get affected by ransomware attacks.
8.3.20 Ransomware Attackers Use Your Cloud Backups Against You Výsledek obrázku pro ransomware Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you.
8.3.20 New Everbe 3.0 Ransomware calls itself Culex Locker Culex Locker Marcelo Rivero found a new variant of the Everbe 3.0 Ransomware that calls itself Culex Locker. This ransomware will append the .[culex@cock.li].CULEX and drop a ransom note named !_HOW_RECOVERY_FILES_!.txt.
8.3.20 New RXX Dharma Ransomware variant Výsledek obrázku pro ransomware Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .rxx extension to encrypted files.
8.3.20 Legal services giant Epiq Global offline after ransomware attack Výsledek obrázku pro ransomware Legal services giant Epiq Global has been hit by a ransomware attack.
8.3.20 New PwndLocker Ransomware Targeting U.S. Cities, Enterprises PwndLocker Ransom Note Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.
8.3.20 Nemty Ransomware Punishes Victims by Posting Their Stolen Data Nemty Leak Site The Nemty Ransomware is the latest cybercrime operation to create a data leak site to punish victims who refuse to pay ransoms.
8.3.20 New Rezm STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .rezm extension to encrypted files.

1.3.20

Sodinokibi Ransomware Posts Alleged Data of Kenneth Cole Fashion Giant Výsledek obrázku pro ransomware The operators behind Sodinokibi Ransomware published download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from giant U.S. fashion house Kenneth Cole Productions.
1.3.20 Nemty Ransomware Actively Distributed via 'Love Letter' Spam Výsledek obrázku pro ransomware Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.
1.3.20 New Black Kingdom Ransomware Výsledek obrázku pro ransomware GrujaRS found the new Black Kingdom Ransomware that appends the .DEMON extension and drops a ransom note named README.txt.
1.3.20 New YKUP STOP DJvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma ransomware variant that appends the .YKUP extension.

1.3.20

DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw Výsledek obrázku pro ransomware Cloud services provider Bretagne Télécom was hacked by the threat actors behind the DoppelPaymer Ransomware using an exploit that targeted servers unpatched against the CVE-2019-19781 vulnerability.
1.3.20 Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices Výsledek obrázku pro ransomware The operators of the Sodinokibi Ransomware (REvil) have started urging affiliates to copy their victim's data before encrypting computers so it can be used as leverage on a new data leak site that is being launched soon.
1.3.20 New BlackHeart Ransomware variant Black Heart dnwls0719 found a new BlackHeart Ransomware variant that appends the .Tsar extension and drops a ransom note named ReadME-Tsar.txt.
1.3.20 LockBit threatens users with GDPR violations LockBit MalwareHunterTeam noticed that LockBit changed their ransom note to threaten data leaks and GDPR fines.

1.3.20

DoppelPaymer Ransomware Launches Site to Post Victim's Data Výsledek obrázku pro ransomware The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted.
1.3.20 New Nomikon Ransomware Nomikon MalwareHunterTeam found the note for a new Nomikon Ransomware. No sample as of yet.
1.3.20 Cyberattack on NRC Health sparks privacy concerns about private patient records stored by US hospitals Výsledek obrázku pro ransomware NRC Health, a publicly-traded company that says it works with 75 percent of the 200 largest U.S. hospital chains, was hit with a cyberattack on Feb. 11, a spokesperson confirmed to CNBC. The attack sparked concerns about the security of patient health information stored on NRC Health’s server
1.3.20 New EncodeCSL Ransomware EncodeCSL Siri found a new ransomware named EncoderCSL that appends the .locked extension.
1.3.20 New EDA2 Ransomware variant EDA2 Siri found a new ransomware that appends the .coom extension.

1.3.20

New DeathHiddenTear Ransomware Výsledek obrázku pro ransomware Michael Gillespie found the DeathHiddenTear Ransomware that uses the .encryptedS extension for small files and the .encryptedL extension for files larger than 500MB.
1.3.20 New nppp STOP DJvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP ransomware variant that appends the .nppp extension.
1.3.20 Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security Výsledek obrázku pro ransomware Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today warned of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies.
1.3.20 Ransomware Hunt: Výsledek obrázku pro ransomware Michael Gillespie is looking for a sample of the ransomware that uses __________WHY FILES NOT WORK__________.txt ransom note.
1.3.20 New AfroditaTeam Ransomware variant Afrodita MalwareHunterTeam found a new AfroditaTeam Ransomware variant that uses the READM3_AFR0DITA_REC0VERY.txt ransom note.
1.3.20 Chinese Jigsaw Ransomware variant uses .exe extension Výsledek obrázku pro ransomware Jirehlov found a Chinese Jigsaw Ransomware variant that appends the .exe extension to encrypted files.

1.3.20

New mool STOP DJvu Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP ransomware variant that appends the .mool extension.
1.3.20 US Govt Warns of Ransomware Attacks on Pipeline Operations
 
Výsledek obrázku pro ransomware The Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations across all critical U.S. infrastructure sectors about a recent ransomware attack that affected a natural gas compression facility.
1.3.20 Dharma Ransomware Attacks Italy in New Spam Campaign Výsledek obrázku pro ransomware Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy.
1.3.20 Chinese ransomware disguised as VPN DVPN Jirehlov found a Chinese Ransomware that is disguised as a VPN Tool.
1.3.20 New mmnn and ooss STOP DJvu Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new STOP ransomware variants that append the .mmnn or .ooss extensions.

1.3.20

First Go Ransomware with a GUI? Mew767 MalwareHunterTeam found what could be the first Go Ransomware with a GUI called Mew767.
1.3.20 New NCOV and SELF Dharma Ransomware variants Jakub Kroustek found new Dharma Ransomware variants that appends the .ncov or .self extension to encrypted files.
16.2.20 New Unknown ransomware Unknown S!Ri found a unknown ransomware that targets both Russian and English speaking victims.
16.2.20 New Rooe STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .rooe extension to encrypted files.

16.2.20

CXK-NMSL V3.3 spotted pretending to be Coronavirus info Výsledek obrázku pro ransomware Germán Fernández found a new version 3.3 of the CXK-NMSL ransomware that pretends to be '2020.1.10-2020.1.23Information on Travelers from Wuhan China to India.xlsx.
16.2.20 Ransomware meets sextortion: this ransomware demands explicit pics to unlock your data Výsledek obrázku pro ransomware We just released an updated decryptor for the “Ransomwared” strain of ransomware that can unlock files appended with extensions such as .ransomwared and .iwanttits.
16.2.20 New WHY, LIVE, and Z9 Dharma Ransomware variants Výsledek obrázku pro ransomware Jakub Kroustek found two new variants of the Dharma Ransomware that appends the .WHY, .Z9, and .LIVE extensions to encrypted files.
16.2.20 New Major Ransomware variant Onix Amigo-A found a new variant of the Major Ransomware that's is calling itself Onix and appends the .ONIX extension and drops a ransom note named TRY_TO_READ.html.

16.2.20

Report: The cost of ransomware in 2020. A country-by-country analysis Výsledek obrázku pro ransomware In The State of Ransomware in the US: Report and Statistics 2019, we examined the number of ransomware attacks on the U.S. public sector and the cost of those attacks. In this report, we will examine the number of attacks on both the public and private sectors for a number of countries and estimate the cost, including the cost of downtime, of those attacks on a country-by-country basis as well as estimate the overall global cost
16.2.20 New Chinese Ransomware Unknown CollabVM found an unknown Chinese Ransomware on a hacked remote desktop server.
16.2.20 New Ransomware appends cuba Výsledek obrázku pro ransomware GrujaRS found a new ransomware that appends the .cuba extension and drops a ransom note named !!FAQ for Decryption!!.txt.
16.2.20 Ragnar Locker Ransomware Targets MSP Enterprise Support Tools Výsledek obrázku pro ransomware A ransomware called Ragnar Locker is specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped.

16.2.20

New MedusaLocker ransomware MedusaLocker GrujaRS found a new variant of the MedusaLocker Ransomware that appends the .hellomynameisransom extension to encrypted files and drops a ransom note named HOW_TO_RECOVER_DATA.html.
16.2.20 New Phobos Ransomware variants Výsledek obrázku pro ransomware Amigo-A found two new variants of the Phobos Ransomware that append the .Devos or .Caley extensions to encrypted files.
9.2.20 New DesuCrypt variant Desucrypt S!Ri found a new DesuCrypt ransomware variant that appends the .desucrpt extension but does not provide a way of contacting them for ransom info.
9.2.20 New BBOO STOP Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Ransomware that appends the .bboo extension to encrypted files.
9.2.20 New Snatch Ransomware variant Výsledek obrázku pro ransomware dnwls0719 found a new variant of the Snatch Ransomware that appends the .egmwv extension to encrypted files and drops a ransom note named DECRYPT_EGMWV_FILES.txt.
9.2.20 Ransomware Exploits GIGABYTE Driver to Kill AV Processes Výsledek obrázku pro ransomware The attackers behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows that is used to terminate antivirus and security software.
9.2.20 Ransomwared Decryptor released Výsledek obrázku pro ransomware Emsisoft released a decryptor for the Ransomwared Ransomware whose encrypted files utilize the .ransomwared extension.
9.2.20 Mailto (NetWalker) Ransomware Targets Enterprise Networks Mailto Ransom Note With the high ransom prices and big payouts of enterprise-targeting ransomware, we now have another ransomware known as Mailto or Netwalker that is compromising enterprise networks and encrypting all of the Windows devices connected to it.
9.2.20 New Ransomware Strain Halts Toll Group Deliveries Výsledek obrázku pro ransomware Australian transportation and logistics company Toll Group stated today that systems across multiple sites and business units were encrypted affected by a ransomware called the Mailto ransomware.
9.2.20 New PassLock Ransomware PassLock S!Ri found a new ransomware called PassLock that appends the .encrypted extension to encrypted files.
9.2.20 REvil publishes victim data online Výsledek obrázku pro ransomware Under the Breach noticed that REvil had begun to publish a victim's data online after they did not pay a ransom.
9.2.20 Warning to law firms: a ransomware group is stealing data and posting it online Výsledek obrázku pro ransomware Five law firms have been hit by a notorious ransomware group known as Maze – three within the last 72 hours alone. It is highly likely Maze will target more law firms in the days and weeks ahead. While only U.S. firms have so been hit, firms in other countries are equally at risk.
9.2.20 DoppelPaymer Ransomware Sells Victims' Data on Darknet if Not Paid Výsledek obrázku pro ransomware The DoppelPaymer Ransomware is the latest family threatening to sell or publish a victim's stolen files if they do not pay a ransom demand.
9.2.20 Bouygues Construction Shuts Down Network to Thwart Maze Ransomware Výsledek obrázku pro ransomware French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware.
9.2.20 New ADV Ransomware Výsledek obrázku pro ransomware Jirehlov found a new ransomware that appends the .adv extension but does not seem to drop a ransom note. Not sure if its buggy, in dev, or meant to be a wiper.
2.2.20 New ALKA STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .alka extension to encrypted files.
2.2.20 Ransomware hits TV & radio news monitoring service TVEyes Výsledek obrázku pro ransomware A ransomware infection has brought down TVEyes, a company that manages a popular platform for monitoring TV and radio news broadcasts, broadly used by newsrooms and PR agencies across the globe.
2.2.20 New REPP STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .repp extension to encrypted files.
2.2.20 New LockBit variant LockBit Albert Zsigovits found a new variant of the LockBit ransomware that appends the .lockbit extension.
2.2.20 Ransomware predicted to target U.S. 2020 election – and local governments are not prepared Výsledek obrázku pro ransomware We now feel it necessary to issue a similar warning in relation to the threat ransomware presents to the 2020 election and again call on governments to act immediately to improve their security.
2.2.20 New NPSG STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .npsg extension to encrypted files.
2.2.20 New BTOS STOP Djvu Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .btos extension to encrypted files.
2.2.20 New CryptoPatronum Ransomware Discovered CryptoPatronum Amigo_A found the new CryptoPatronum Ransomware that appends the .cryptopatronum@protonmail.com.enc and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.txt.
2.2.20 Tracking REvil Výsledek obrázku pro ransomware After the message GandCrab quit, a hole was left in the scene. It was time for a new contender. In the last few months REvil/Sodinokibi seems to have filled that gap. There already have been multiple blogs describing the similarities between GandCrab and REvil affiliates. We’ll stay clear of the similarities in this blog and focus on the usage statistics of the ransomware family by looking at samples, infection rates and ransom demands.
2.2.20 Maze Ransomware pokes at security researchers Maze taunts Vitali Kremez has noticed that the Maze Ransomware operators are taunting and having some fun with security researchers.
2.2.20 Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender Výsledek obrázku pro ransomware A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.
2.2.20 Ransomware Bitcoin Wallet Frozen by UK Court to Recover Ransom Výsledek obrázku pro ransomware A victim's insurance company convinced the UK courts to freeze a bitcoin wallet containing over $800K worth of a ransomware payment.
2.2.20 New 2NEW Dharma Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma Ransomware variant that appends the .2NEW extension to encrypted files.
2.2.20 New CryptLive Dharma Ransomware variant CryptLive Ransomware Amigo-A found a new Dharma Ransomware variant that appends the .LIVE and drops the ransom notes Info.hta and FILES ENCRYPTED.txt. Appears to call itself CryptLive.
2.2.20 Strawberry Fields Crypto Locker discovered Strawberry fields locker MalwareHunterTeam discovered a new ransomware called "Strawberry Fields Crypto Locker" that does not encrypt. Looks like a joke ransomware.
2.2.20 DoppelPaymer finally gets its own extension Výsledek obrázku pro ransomware MalwareHunterTeam noticed that DoppelPaymer has finally switched to its own extension of .doppled and now ends their ransom notes with .how2decrypt.txt.

26.1.20

City of Potsdam Servers Offline Following Cyberattack Výsledek obrázku pro ransomware The City of Potsdam severed the administration servers' Internet connection following a cyberattack that took place earlier this week. Emergency services including the city's fire department fully operational and payments are not affected.

26.1.20

Citrix Releases Final Patch as Ransomware Attacks Ramp Up Výsledek obrázku pro ransomware Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.
26.1.20 New Ryuk Info Stealer Targets Government and Military Secrets Výsledek obrázku pro ransomware A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.
26.1.20 New Devil Phobos Ransomware variant Výsledek obrázku pro ransomware MalwareDev found a new variant of the Phobos Ransomware that appends the .devil extension.
26.1.20 New OnyxLocker variant discovered OnyxLocker S!Ri found a new variant of the OnyxLocker Ransomware that appends the .кристина extension.
26.1.20 New Topi STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .topi extension to encrypted files.
26.1.20 Ransomware Costs Double in Q4 as Ryuk, Sodinokibi Proliferate Výsledek obrázku pro ransomware The total cost of a ransomware attack is a function of the severity and duration of the attack. Financial costs include the the ransom payment if one is made, and the costs to remediation of a network and its hardware. Costs also include lost revenue and potential brand damage if business interruption is severe enough. In Q4, ransomware actors also began exfiltrating data from victims and threatening its release if the ransom was not paid. In addition to remediation and containment costs, this new complication brings forth the potential costs of 3rd party claims as a result of the data breach.

26.1.20

ChernoLocker Decryptor updated Výsledek obrázku pro ransomware Emsisoft updated their ChernoLocker Decryptor to support more variants including . chernolocker & (.filelocker@protonmail.ch).

26.1.20

New Reha STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .reha extension to encrypted files.

26.1.20

Sodinokibi Ransomware Threatens to Publish Data of Automotive Group Výsledek obrázku pro ransomware The attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they failed to get in touch and pay the ransom to have the data decrypted.
26.1.20 Maze Ransomware Not Getting Paid, Leaks Data Left and Right Výsledek obrázku pro ransomware Maze ransomware operators have infected computers from Medical Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of data stolen from infected machines.
26.1.20 New Mespinoza Ransomware variant Výsledek obrázku pro ransomware GrujaRS found a new variant of the Mespinoza Ransomware that appends the .pysa extension.
26.1.20 New News Dharma Ransomware variant Dharma Raby found a new variant of the Dharma Ransomware that appends the .NEWS extension to encrypted files.
26.1.20
600 Computers Taken Down After Florida Library Cyberattack
Výsledek obrázku pro ransomware 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9.
26.1.20 BitPyLock Ransomware Now Threatens to Publish Stolen Data BitPyLock A new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices.
26.1.20 Windows EFS Feature May Help Ransomware Attackers Výsledek obrázku pro ransomware Security researchers have created concept ransomware that takes advantage of a feature in Windows that encrypts files and folders to protect them from unauthorized physical access to the computer.
26.1.20 FTCode Ransomware Now Steals Saved Login Credentials Výsledek obrázku pro ransomware FTCode ransomware victims now have one more thing to worry about with the malware having been upgraded to also steal saved user credentials from email clients and web browsers.
26.1.20 RIG Exploit kit was pushing Paradise Ransomware Výsledek obrázku pro ransomware mol69 noticed that the RIG exploit kit was pushing a Paradise Ransomware variant that appends the .777 extension.
26.1.20 New Nosu STOP DJvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nosu extension to encrypted files.
26.1.20 New Jersey Synagogue Suffers Sodinokibi Ransomware Attack Výsledek obrázku pro ransomware Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network.
26.1.20 Nemty Ransomware changes its web site Nemty Tor Site dnwls0719 discovered that Nemty has updated their RaaS payment site to a new layout.

19.1.20

Sodinokibi Ransomware Publishes Stolen Data for the First Time Výsledek obrázku pro ransomware For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time.
19.1.20 New Creeper Ransomware variant Creeper Ransomware Amigo-A found a new variant of the Creeper Ransomware that appends the .rag2hdst extension and drops a ransom note named DECRIPT_FILES.txt.
19.1.20 New Satan Ransomware variant Satan Ransomware onion found a new variant of the Satan Ransomware that appends the .5ss5c extension and continues to utilize Mimikatz and EternalBlue.
19.1.20 Nemty Ransomware to Start Leaking Non-Paying Victim's Data Výsledek obrázku pro ransomware The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom.

19.1.20

New RedRum Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new ransomware named RedRum that appends the .grinch extension and uses a filemarker of "happyny3.1".
19.1.20 Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices Výsledek obrázku pro ransomware The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.
19.1.20 Satan ransomware rebrands as 5ss5c ransomware Výsledek obrázku pro ransomware The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named "5ss5c".
19.1.20 New Sivo Ransomware Sivo S!Ri found a new ransomware called Sivo that appends the .sivo extension and drops a ransom note named Sivo-README.txt.
19.1.20 Paradise Ransomware decryption tool Výsledek obrázku pro ransomware Bitdefender Labs has a released a decryptor for the Paradise Ransomware.
19.1.20 Emsisoft updates their Paradise Ransomware decryptor Výsledek obrázku pro ransomware Emsisoft updated their Paradise Ransomware decryptor to support the .stub, .corp and .vacv2 extensions.
19.1.20 New Rams1 ransomware Výsledek obrázku pro ransomware S!Ri found a new ransomware that appears to be in-development and appends the .rams1 extension to encrypted files.

19.1.20

Cryakl Releases a new version Výsledek obrázku pro ransomware Albert Zsigovits noticed that Crakl released a new version (1.8.0.0) of the ransomware.
19.1.20 New Kodc STOP Djvu variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the STOP Djvu rasomware that appends the .kodc extension to encrypted files.
12.1.20 New Lion Ransomware Výsledek obrázku pro ransomware GrujaRS found the Lion Ransomware which is based off of BlackHeart.
12.1.20 New Inchin Scarab Ransomware variant Scarab Amigo-A found a new variant of the Scarab Ransomware that appends the .inchin extension to encrypted files and drops a ransom note named RECOVER.TXT.
12.1.20 Maze Ransomware Publishes 14GB of Stolen Southwire Files Výsledek obrázku pro ransomware The Maze Ransomware operators have released an additional 14GB of files that they claim were stolen from one of their victims for not paying a ransomware demand.
12.1.20 Sodinikibi Ransomware Hits New York Airport Systems Výsledek obrázku pro ransomware Albany International Airport's staff announced that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas.
12.1.20 Ako Ransomware: Another Day, Another Infection Attacking Businesses Výsledek obrázku pro ransomware Like moths to a flame, new ransomware targeting businesses keep appearing every day as they are enticed by the prospects of million-dollar ransom payments. An example of this is a new ransomware called Ako that is targeting the entire network rather than just individual workstations.
12.1.20 New BitPyLock Ransomware BitPyLock MalwareHunterTeam found a new ransomware called BitPyLock that appends the .bitpy extension and drops a ransom note named # HELP_TO_DECRYPT_YOUR_FILES #.html. Korben Dallas found the Afrodita ransomware that appends the
12.1.20 New Kangaroo Ransomware variant Kangaroo S!Ri found a new Kangaroo Ransomware variant that appends the .missing extension to encrypted files.
12.1.20 New Quimera Ransomware Quimera S!Ri found a new ransomware called Quimera.
12.1.20 Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another Výsledek obrázku pro ransomware The attackers behind the Sodinokibi Ransomware are applying pressure on Travelex to pay a multi-million dollar ransom by stating they will release or sell stolen data that allegedly contains customer's personal information.
12.1.20 New M461c14n R4n50m3w473 Magician MalwareHunterTeam found a new ransomware dubbed M461c14n R4n50m3w473.
12.1.20 Roll Safe Ransomware Roll Safe S!Ri found a new ransomware that appends the .encrypted extension.
12.1.20 New DarkCrypt WannaCryFake variant DarkCrypt S!ri found a new variant of the WannaCryFake Ransomware that calls itself DarkCrypt that drops a ransom note named README.txt.
12.1.20 SNAKE Ransomware Is the Next Threat Targeting Business Networks Výsledek obrázku pro ransomware Since network administrators didn't already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it.
12.1.20 New Deniz_kizi Ransomware Denzi Parthi found a new ransomware that appends .Deniz_kizi to encrypted files and drops a ransom note named Please Read Me!!!.hta.
12.1.20 New Somik1 Ransomware Somik1 S!Ri found a new ransomware called Somik1 that appears to be in development.
12.1.20 New SatanCryptor Ransomware SatanCryptor S!Ri found a new ransomware called SatanCryptor that drops a ransom note named # SATAN CRYPTOR #.hta and appends the .Satan extension to encrypted files.
12.1.20 Aurora Decryptor updated Výsledek obrázku pro ransomware Emsisoft updated their Aurora Decryptor to support the .crypton extension.
12.1.20 Sodinokibi Ransomware Hits Travelex, Demands $3 Million Výsledek obrázku pro ransomware It's been more than six days since a cyber attack took down the services of the international foreign currency exchange company Travelex and BleepingComputer was able to confirm that the company systems were infected with Sodinokibi ransomware.
12.1.20 New Crypton Aurora Ransomware variant Aurora Ransomware dnwls0719 found a new Aurora Ransomware variant that appends the .crypton extension and drops ransom notes named @_FILES_WERE_ENCRYPTED_@.TXT, @_HOW_TO_PAY_THE_RANSOM_@.TXT, and @_HOW_TO_DECRYPT_FILES_@.TXT.
12.1.20 New Erica Encoder Ransomware Erica dnwls0719 found a new ransomware named Erica Encoder that uses a random extension and drops a ransom note named HOW TO RESTORE ENCRYPTED FILES.TXT.
5.1.20 New SlankCryptor Ransomware Slank Ransomware MalwareHunterTeam found a new in-development ransomware called "SlankCryptor Profit Only" that appends .slank extension to encrypted files.
5.1.20 Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools Výsledek obrázku pro ransomware The Clop Ransomware continues to evolve with a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications.
5.1.20 FBI Warns of Maze Ransomware Focusing on U.S. Companies Výsledek obrázku pro ransomware Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first.
5.1.20 New Zeoticus Ransomware Zeoticus S!Ri found a new ransomware called Zeoticus that appends the .zeoticus extension to encrypted files.
5.1.20 New WannaCryFake Ransomware Výsledek obrázku pro ransomware Michael Gillespie found a new WannCryFake variant called AWT Ransomware that appends the .AWT extension to encrypted files and drops a ransom note named ReadMe.txt.
5.1.20 New RIDIK Dharma variant Výsledek obrázku pro ransomware Michael Gillespie found a new Dharma Ransomware variant that appends the .RIDIK extension to encrypted files.
5.1.20 Nemty 2.2 and 2.3: analysis of their cryptography, and a decryptor for some file types Výsledek obrázku pro ransomware Tesorion has previously released decryptors for the Nemty ransomware up to version 1.6. Recently, new versions of Nemty have appeared in the wild. In this blog post we describe how a weird variant of AES-128 counter mode (CTR) encryption is used in Nemty 2.2 and 2.3 for its file encryption. We also announce the availability of a free decryptor for common office documents encrypted by Nemty 2.2 and 2.3.
5.1.20 How the Ransomware Economy Has Grown Výsledek obrázku pro ransomware The breadth and magnitude of ransomware attacks occurring today suggest that the cyber extortion industry has evolved exponentially over the past 12 months. It is as difficult to keep up with the headlines as the security advice that follows. In the face of this media firehose, it is important to step back and understand how we got to the state. We feel there are three primary elements that have lead to the current state of cyber extortion, and ransomware in particular.
5.1.20 Ransomware Attackers Offer Holiday Discounts and Greetings Výsledek obrázku pro ransomware To celebrate the holidays, ransomware operators are providing discounts or season's greetings to entice victims into paying a ransom demand.
5.1.20 Maze Ransomware Sued for Publishing Victim's Stolen Data Výsledek obrázku pro ransomware The anonymous operators behind the Maze Ransomware are being sued by a victim for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid.
5.1.20 New c0hen Locker Ransomware C0hen Locker Jack found a new ransomware called c0hen Locker that appends the .c0hen extension to encrypted files. The unlock key is 12309482354ab2308597u235fnq30045f.
5.1.20 New Phobos Ransomware variant Phobos M. Shahpasandi found a new Phobos Ransomware variant that appends the .Dever extension to encrypted files.
5.1.20 Ransomware Hits Maastricht University, All Systems Taken Down Výsledek obrázku pro ransomware Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23.
5.1.20 U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility Výsledek obrázku pro ransomware The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility.
5.1.20 WannaCash uses .happy new year extension WannaCash Alex Svirid found a new variant of the WannaCash ransomware that appends the ".happy new year" extension to encrypted file names.
5.1.20 Ryuk Ransomware Stops Encrypting Linux Folders Výsledek obrázku pro ransomware A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems.
5.1.20 Maze Ransomware Releases Files Stolen from City of Pensacola Výsledek obrázku pro ransomware The actors behind the Maze Ransomware have released 2GB of files that were allegedly stolen from the City of Pensacola during their ransomware attack.
5.1.20 New Matrix Ransomware variant Výsledek obrázku pro ransomware Michael Gillespie found a new variant of the Matrix Ransomware that appends the .BDDY and drops a ransom note named #BDDY_README#.rtf.
5.1.20 Sherwood telemarketing company temporarily shuts down, blames cyber attack ransom Výsledek obrázku pro ransomware A Sherwood telemarketing agency has unexpectedly closed its doors, leaving over 300 employees without jobs a few days before Christmas.
5.1.20 Like Voldemort, Ransomware Is Too Scary to Be Named Výsledek obrázku pro ransomware Wary of alarming investors, companies victimized by ransomware attacks often tell the SEC that “malware” or a “security incident” disrupted their operations.
5.1.20 FBI Issues Alert For LockerGoga and MegaCortex Ransomware Výsledek obrázku pro ransomware The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.
5.1.20 New Piny and Redl STOP Djvu Ransomware variants Výsledek obrázku pro ransomware Michael Gillespie found new variants of the Stop Djvu Ransomware that append the .piny or .redl extensions to encrypted files.