Really slow week, which is great. We did have some decryptors and updated decryptors released this week, which is always great. Of particular concern is the increase releasing of new CryptoMix variants. Thankfully, these variants do not seem to be netting to many victims at this time..
CryptoMix is releasing new variants very quickly now and is reminiscent of how the Locky developers used to distribute Locky.
While doing my normal scan through various sites that are known to push unwanted programs, I ran across a new version of a Chrome extension family that hijacks searches done on Google and other search engines. In addition to hijacking searches, this new variant also tries to filter Trump from the web.
The Reyptson Ransomware contains the unique ability to distribute itself by trying to conduct a fake invoice spam campaign directly from the victim's computer.
It has been a slow week in terms of new releases, which is always a good thing. Still lots of small crapware being released that will never have much wide distribution. We also have some good news, which is the release of a NemucodAES decryptor by Emsisoft. This allows victims of this ransomware to get their files back for free.
A new variant of the CryptoMix Ransomware was discovered that appends the .EXTE extension to encrypted files. This articles provides a brief overview of what has changed in this new version.
Fabian Wosar of Emsisoft has been able to crack the decryption used by the NemucodAES ransomware so that victims can get their files back for free. This guide will walk you through using the decryptor and provide a brief explanation on the NemucodAES Ransomware.
I wanted to alert everyone of a new malware distributing SPAM that I just received that contains a password protected Word document, which pretends to be about a payment I would be receiving shortly. As I always love free money, I had to take a look and see what I was getting for free.
Been a great week for victims, with decryptors coming out for BTCWare, Cryptomix, Executioner, and the release of the original Petya key. Otherwise, it has been a lot of NotPetya news and numerous smaller variants being released.
A new variant of the CryptoMix Ransomware was released today that uses the Azer extension for encrypted files. This variant also ups its game by including 10 different public RSA encryption keys, compared to the single one that was used in the previous version.
It is always great to be able to announce a free decryptor for victim's who have had their files encrypted by a ransomware. This is the case today, where a decryptor for the Mole02 cryptomix variant was released.
It has been another crazy week when it comes to ransomware due to the NotPetya outbreak. This ransomware/destructive malware played havok all over the world, but especially the Ukraine, when it was unleashed on Tuesday. Other than that, the rest of the ransomware news was basically small variants being developed or released.
Ransomware developers are really trying to screw with us this week. This is shown with the CERBER Ransomware suddenly deciding to change its name to CRBR Encryptor. It's bad enough what they do with victims, now they just want to be a PITA?
What a crazy week. The biggest news is that we had a hosting company who actually paid a 1 million dollar (think Dr. Evil) ransomware payment. We then had the return of Locky, which at one point was the preminent ransomware being distributed. Will have to see if it can become king of the hill again.
Today Microsoft released Insider Preview Build 16226 for PC to insiders on the fast ring. This build has a lot of new features including updated emojis, tracking GPU performance in task manager, and Hyper-V improvements.