Ransomware is definitely slowing down with most big attacks being targeted over RDP. With that said, we do see a steady stream of smaller ransomware infections that continue to be created, even if they never have much impact at all.
The biggest news over the past two weeks has been the continued releases of Gandcrab and some interesting writups about BlackHeart and SynAck.
Contributors and those who provided new ransomware information and stories this week include: @fwosar, @FourOctets, @jorntvdw, @malwareforme, @demonslay335, @PolarToffee, @hexwaxwing, @struppigel, @BleepinComputer, @LawrenceAbrams, @campuscodi, @Seifreed, @DanielGallagher, @malwrhunterteam, @FBI, @MarceloRivero, @jeromesegura, @zsawei, @kaspersky, @antonivanovm, @TrendLabs, @SophosLabs, @leotpsc, @bartblaze, and @Amigo_A_.
April 30th 2018
UK Health Agency Switches to Windows 10 Citing WannaCry Ransomware Outbreak
The UK Department of Health and Social Care has announced that it will transition all National Health Service (NHS) computer systems to Windows 10.
Officials cited the operating system's more advanced security features as the primary reason for upgrading current systems, such as the SmartScreen technology included with Microsoft Edge (a Google Safe Browsing-like system) and Windows Defender, Microsoft's sneakily good antivirus product.
Kraken 2.0 Hijacked for Malicious Purposes
According to a message sent to Leo, Kraken 2.0 was not meant for malicious purposes and has been hijacked by someone who has been spreading it.
May 1st
Sophos Whitepaper on BTCWare
Not 100% sure when this was released, but its a good whitepaper by Sophos on the BTCWare ransomware.
Legitimate Application AnyDesk Bundled with New Ransomware Variant
TrendLabs reports:
We recently discovered a new ransomware (Detected as RANSOM_BLACKHEART.THDBCAH), which drops and executes the legitimate tool known as AnyDesk alongside its malicious payload. This isn’t the first time that a malware abused a similar tool. TeamViewer, a tool with more than 200 million users, was abused as by a previous ransomware that used the victim’s connections as a distribution method.
In this instance, however, RANSOM_BLACKHEART bundles both the legitimate program and the malware together instead of using AnyDesk for propagation.
UselessFiles Ransomware
MalwareHunterTeam discovered the UselessFiles ransomware that appends the .UselessFiles extension to encrypted files.
May 2nd 2018
New XiaoBa Ransomware variant
MalwareHunterTeam found a new XiaoBa ransomware variant that appends the .[BaYuCheng@yeah.net].china extension to encrypted files.
May 4th 2018
GandCrab Version 3 Released With Autorun Feature and Desktop Background
GandCrab version 3 was released earlier this week with a few noticeable changes. The most noticeable change is the addition of a desktop background.
May 5th 2018
New Jigsaw Ransomware variant
Michael Gillespie discovered a new Jigsaw Ransomware variant that appends the .hac extension to encrypted files.
Vietnamese ransomware wants you to add credit to a mobile phone
Bart takes a look at BKRansomware, which is a Vietnamese ransomware that wants you to send money to their phone.
New MMM Ransomware variant
Michael Gillespie discovered a new variant of the MMM Ransomware that uses the extension .MMM and a ransom note of GET_YOUR_FILES_BACK.html.
May 6th 2018
New horsia@airmail.cc Scarab Ransomware variant
A user posted a topic in our forums about a new variant of the Scarab Ransomware that appends the .horsia@airmail.cc extension to encrypted files.
May 7th 2018
SynAck Ransomware Uses Process Doppelgänging Technique
A new and improved version of the SynAck ransomware has been spotted online these past days, and security researchers are reporting that the ransomware now uses the Process Doppelgänging technique.
New Matrix Ransomware variant
MalwareHunterTeam discovered a new Matrix ransomware variant that uses a ransom note of #What_Wrong_With_Files#.rtf. Does not append any extension.
PSCrypt ransomware: back in business
In this article, Bart talks about how the PSCrypt ransomware is back in business.
May 8th 2018
FBI: Number of Ransomware Complaints Went Down in 2017
The number of people who reported ransomware infections to US authorities has gone down last year, according to a yearly FBI Internet crime report.
May 9th 2018
RansomAES Ransomware discovered
MalwareHunterTeam discovered a new ransomware called RansomAES that appends the .RansomAES extension to encrypted files and a ransom note named READ ME.txt.
May 10th 2018
GandCrab version 3.0.1 Released
Jawe discovered that GandCrab v3.0.1 was release and no longer includes an autorun and wallpaper.
New Matrix Ransomware variant
MalwareHunterTeam discovered Matrix ransomware variant that performs console loggin and adds the extension [RestoreFile@qq.com].MTXLOCK and drops a ransom note named #Decrypt_files_ReadMe#.rtf.
May 11th 2018
Facebook Ransomware spotted
Leo spotted a tr011 ransomware called Facebook Ransomware that appends the .Facebook extension to encrypted files.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now