The Reyptson Ransomware contains the unique ability to distribute itself by trying to conduct a fake invoice spam campaign directly from the victim's computer.
It has been a slow week in terms of new releases, which is always a good thing. Still lots of small crapware being released that will never have much wide distribution. We also have some good news, which is the release of a NemucodAES decryptor by Emsisoft. This allows victims of this ransomware to get their files back for free.
A new variant of the CryptoMix Ransomware was discovered that appends the .EXTE extension to encrypted files. This articles provides a brief overview of what has changed in this new version.
Fabian Wosar of Emsisoft has been able to crack the decryption used by the NemucodAES ransomware so that victims can get their files back for free. This guide will walk you through using the decryptor and provide a brief explanation on the NemucodAES Ransomware.
I wanted to alert everyone of a new malware distributing SPAM that I just received that contains a password protected Word document, which pretends to be about a payment I would be receiving shortly. As I always love free money, I had to take a look and see what I was getting for free.
Been a great week for victims, with decryptors coming out for BTCWare, Cryptomix, Executioner, and the release of the original Petya key. Otherwise, it has been a lot of NotPetya news and numerous smaller variants being released.
A new variant of the CryptoMix Ransomware was released today that uses the Azer extension for encrypted files. This variant also ups its game by including 10 different public RSA encryption keys, compared to the single one that was used in the previous version.
It is always great to be able to announce a free decryptor for victim's who have had their files encrypted by a ransomware. This is the case today, where a decryptor for the Mole02 cryptomix variant was released.
It has been another crazy week when it comes to ransomware due to the NotPetya outbreak. This ransomware/destructive malware played havok all over the world, but especially the Ukraine, when it was unleashed on Tuesday. Other than that, the rest of the ransomware news was basically small variants being developed or released.
Ransomware developers are really trying to screw with us this week. This is shown with the CERBER Ransomware suddenly deciding to change its name to CRBR Encryptor. It's bad enough what they do with victims, now they just want to be a PITA?
What a crazy week. The biggest news is that we had a hosting company who actually paid a 1 million dollar (think Dr. Evil) ransomware payment. We then had the return of Locky, which at one point was the preminent ransomware being distributed. Will have to see if it can become king of the hill again.
Today Microsoft released Insider Preview Build 16226 for PC to insiders on the fast ring. This build has a lot of new features including updated emojis, tracking GPU performance in task manager, and Hyper-V improvements.
I was told about a new ransomware called TeslaWare that is being promoted on a black hat criminal site. After a quick search, I was able to find a sample that was compiled yesterday and I began to dig into to it. What did I find? That the marketing poster promoting TeslaWare was more advanced than the ransomware itself.
For the most part, mostly in-development ransomware released this week. No really major ransomware variants released that are much of a threat. The big news, though, is that Kaspersky was able to figure out how to crack the decryption for the Jaff Ransomware and release a free decryptor.
Fedor Sinitsyn, a senior malware analyst at Kaspersky Labs, has discovered a weakness in the Jaff ransomware and was able to release a decryptor for all current variants For those who were infected with Jaff and had their files encrypted with the .jaff, .wlu, or .sVn extensions, this decryptor can recover your files for free.