This week we saw the release of new decrypters for Magniber, LockCrypt, and WhiteRose. The other big news is that addition of ransomware detection and file restore in Office 365. Otherwise, it has mostly been small variants that were released this week.

Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @PolarToffee, @malwareforme, @DanielGallagher, @FourOctets, @fwosar, @jorntvdw, @hexwaxwing, @BleepinComputer, @malwrhunterteam, @struppigel, @demonslay335, @LawrenceAbrams, @campuscodi, @AhnLab_SecuInfo, @OfficeNews, @Microsoft, @Malwarebytes, @hasherezade, @siri_urz@leotpsc, @denverpost.

April 3rd 2018

New Michigan Law Makes Possession of Ransomware Illegal

On Monday, Michigan Governor Rick Snyder signed two bills into law that criminalize the possession of ransomware "with the intent to introduce it into a computer or computer network without authorization" and punish offenders with a three-year prison sentence, respectively.

Decrypters for Some Versions of Magniber Ransomware Released

Security researchers from AhnLab, a South Korea-based cyber-security firm, have created decrypters for some versions of the Magniber ransomware.

Vurten Ransomware discovered

S!Ri discovered a new ransomware called Vurten that appears to be targeting entire company networks based on the ransom note. Vurten appends the .improved extension to encrypted files and drops a ransom note named UNCRYPT.README.

Vurten Ransomware

Cypren Ransomware discovered

Leo discovered the Crypren Ransomware that appends the .ENCRYPTED extension to encrypted files and drops a ransom note named READ_THIS_TO_DECRYPT.html.

New Oxar Ransomware variant

Michael Gillespie discovered a new Oxar Ransomware variant. This variant is decryptable.

BansomQare Manna Ransomware Decryptor

A decryptor for the BansomQare Manna ransomware was released.

Two new Matrix bariants are being distributed

MalwareHunterTeam found two new Matrix variants being distributed.

April 4th 2018

TurkHackTeam Ransomware Builder

MalwareHunterTeam found a ransomware builder from TurkHackTeam. Doesn't seem to do much at this point.

April 5th 2018

The WhiteRose Ransomware Is Decryptable & Tells A Strange Story

A new ransomware has been discovered by MalwareHunterTeam that is based off of the InfiniteTear ransomware family, of which BlackRuby and Zenis are members. When this ransomware infects a computer it will encrypt the files, scramble the filenames, and append the .WHITEROSE extension to them.

Haxerboi Ransomware builder taken down

Not really sure what to make of this, so I will just add the tweet.

April 6th 2018

LockCrypt Ransomware Cracked Due to Bad Crypto

The team at Malwarebytes has identified a weakness in the encryption scheme utilized by the LockCrypt ransomware that they can exploit to recover a victim's data.

Microsoft Adds Anti-Ransomware Features in Office 365

Microsoft added anti-ransomware features to their Office 365 suite. The new feature is called File Restore and is a OneDrive feature that will allow users to go back in time and restore files to a previous state from the past 30 days. Office 365 will also notify users when ransomware encrypted files have been detected as shown below.

Cyber attack on CDOT computers estimated to cost up to $1.5 million so far

The Denver Post reports:

Six weeks after ransomware forced Colorado Department of Transportation’s back-end operations offline, the agency is back to 80 percent functionality — at an estimated cost of up to $1.5 million, according to the state.

New Jigsaw variant

Michael Gillespie found a new Jigsaw Ransomware variant that appends the .LolSec extension to encrypted files. Michael's Jigsaw Ransomware Decryptor can decrypt this.

Jigsaw Background

New Skyfile Ransomware

MalwareHunterTeam discovered a new ransomware called SkyFile that encrypts the filename and appends the .sky extension. Michael Gillespie thinks it can be decrypted.

Skyfile Ransomware

That's it for this week! Hope everyone has a nice weekend!


Related Articles:

The Week in Ransomware - August 24th 2018 - Hermes, Fox, and Ryuk

GandCrab Devs Release Decryption Keys for Syrian Victims

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

Windows 10 Ransomware Protection Bypassed Using DLL Injection