Not too much new ransomware released this week, but rather just general ransomware news. One item of interest was the joke ransomware called PUBG Ransomware that made you play Player's Unknown Battleground in order to decrypt your files. Other than that, it was just news about new variants that were released or about variations of existing ones.
Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @fwosar, @struppigel, @LawrenceAbrams, @DanielGallagher, @FourOctets, @hexwaxwing, @BleepinComputer, @Seifreed, @demonslay335, @malwrhunterteam, @PolarToffee, @jorntvdw, @campuscodi, @AhnLab_SecuInfo, @mstoned7, @Telstra, @malware_traffic, @kryptoslogic, @Region8News, @bartblaze, and @leotpsc.
Two new Matrix Ransomware variants were discovered this week by MalwareHunterTeam that are being installed through hacked Remote Desktop services. While both of these variants encrypt your computer's files, one is a bit more advanced with more debugging messages and the use of cipher to wipe free space.
Leo discovered a new ransomware callled Horros that appends the .Horros extension to encrypted files.
Leo discovered a new ransomware, which according to MalwareHunterTeam is a Dcrtr variant, that uses the email firstname.lastname@example.org. The decryption price depends on when you contact the developer for payment instructions. Does not encrypt.
In what could only be a joke, a new ransomware has been discovered by MalwareHunterTeam called "PUBG Ransomware" that will decrypt your files if you play the game called PlayerUnknown's Battlegrounds.
Kryptos Logic, the cyber-security firm running the main WannaCry sinkhole, announced today plans to allow organizations access to some of the WannaCry sinkhole data.
Around four out of five ransomware victims who paid a ransom demand to recover their files said they would pay the ransom again to recover data if no backup files are available.
Bart found a new variant of the CryptoWire ransomware being distributed. When encrypting files it will add the string ".encrypted" before the extension. For example, Tulips.encrypted.png. To decrypt, use the following key without quotes: "VgjRPoOM0oa92_jId!/wkMeW6,guuSe".
According to Arkansas KAIT news:
Independence County Judge Robert Griffin is addressing rumors that the 911 center could have been compromised by ransomware.
AhnLab has released a new version of their Magniber decryption tool to include a GUI.
While ransomware has evolved into targeted attacks rather than mass spam campaigns, it is still a significant threat to businesses and consumers. Microsoft must agree, as in the upcoming Spring Creators Update, Microsoft has added a dedicated Ransomware Protection section in the Windows Defender Security Center settings.