Not too much new ransomware released this week, but rather just general ransomware news. One item of interest was the joke ransomware called PUBG Ransomware that made you play Player's Unknown Battleground in order to decrypt your files. Other than that, it was just news about new variants that were released or about variations of existing ones.

Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @fwosar, @struppigel, @LawrenceAbrams, @DanielGallagher, @FourOctets, @hexwaxwing, @BleepinComputer, @Seifreed, @demonslay335, @malwrhunterteam, @PolarToffee, @jorntvdw, @campuscodi, @AhnLab_SecuInfo, @mstoned7, @Telstra, @malware_traffic, @kryptoslogic, @Region8News, @bartblaze, and @leotpsc.

April 7th 2018

New Matrix Ransomware Variants Installed Via Hacked Remote Desktop Services

Two new Matrix Ransomware variants were discovered this week by MalwareHunterTeam that are being installed through hacked Remote Desktop services. While both of these variants encrypt your computer's files, one is a bit more advanced with more debugging messages and the use of cipher to wipe free space.

Horros Ransomware discovered

Leo discovered a new ransomware callled Horros that appends the .Horros extension to encrypted files.

New Dcrtr Ransomware variant

Leo discovered a new ransomware, which according to MalwareHunterTeam is a Dcrtr variant, that uses the email kinaman@protonmail.com. The decryption price depends on when you contact the developer for payment instructions. Does not encrypt.

April 9th 2018

PUBG Ransomware Decrypts Your Files If You Play PlayerUnknown's Battlegrounds

In what could only be a joke, a new ransomware has been discovered by MalwareHunterTeam called "PUBG Ransomware" that will decrypt your files if you play the game called PlayerUnknown's Battlegrounds.

April 10th 2018

WannaCry Ransomware Sinkhole Data Now Available to Organizations

Kryptos Logic, the cyber-security firm running the main WannaCry sinkhole, announced today plans to allow organizations access to some of the WannaCry sinkhole data.

April 11th 2018

Four out of Five Ransomware Victims Would Pay the Ransom Again

Around four out of five ransomware victims who paid a ransom demand to recover their files said they would pay the ransom again to recover data if no backup files are available.

April 12th 2018

CryptoWire ransomware not dead

Bart found a new variant of the CryptoWire ransomware being distributed. When encrypting files it will add the string ".encrypted" before the extension. For example, Tulips.encrypted.png. To decrypt, use the following key without quotes: "VgjRPoOM0oa92_jId!/wkMeW6,guuSe".

County judge responds to rumors of ransomware attack

According to Arkansas KAIT news:

Independence County Judge Robert Griffin is addressing rumors that the 911 center could have been compromised by ransomware.

April 13th 2018

Compile Error Halts Some GandCrab Ransomware Infections

Brad Duncan discovered that a script compile error has temporarily stopped the infection chain of a malspam campaign trying to infect users with the GandCrab ransomware.

New Magniber Ransomware Recovery Tool (UI Version)

AhnLab has released a new version of their Magniber decryption tool to include a GUI.

Ransomware Protection Section Included in Windows 10's Spring Creators Update

While ransomware has evolved into targeted attacks rather than mass spam campaigns, it is still a significant threat to businesses and consumers. Microsoft must agree, as in the upcoming Spring Creators Update, Microsoft has added a dedicated Ransomware Protection section in the Windows Defender Security Center settings.

That's it for this week! Hope everyone has a nice weekend!

Related Articles:

The Week in Ransomware - July 20th 2018 - Developer's Vent, Ransomware Attacks, and More

Magniber Ransomware Expands From South Korea to Target Other Asian Countries

WannaCry Déjà Vu: Petya Ransomware Outbreak Wreaking Havoc Across the Globe

Windows 10 Preview Build 18219 Is Now Available With Improvements

Princess Evolution Ransomware is a RaaS With a Slick Payment Site