This week we saw the release of new decrypters for Magniber, LockCrypt, and WhiteRose. The other big news is that addition of ransomware detection and file restore in Office 365. Otherwise, it has mostly been small variants that were released this week.
Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @PolarToffee, @malwareforme, @DanielGallagher, @FourOctets, @fwosar, @jorntvdw, @hexwaxwing, @BleepinComputer, @malwrhunterteam, @struppigel, @demonslay335, @LawrenceAbrams, @campuscodi, @AhnLab_SecuInfo, @OfficeNews, @Microsoft, @Malwarebytes, @hasherezade, @siri_urz, @leotpsc, @denverpost.
On Monday, Michigan Governor Rick Snyder signed two bills into law that criminalize the possession of ransomware "with the intent to introduce it into a computer or computer network without authorization" and punish offenders with a three-year prison sentence, respectively.
Security researchers from AhnLab, a South Korea-based cyber-security firm, have created decrypters for some versions of the Magniber ransomware.
S!Ri discovered a new ransomware called Vurten that appears to be targeting entire company networks based on the ransom note. Vurten appends the .improved extension to encrypted files and drops a ransom note named UNCRYPT.README.
Leo discovered the Crypren Ransomware that appends the .ENCRYPTED extension to encrypted files and drops a ransom note named READ_THIS_TO_DECRYPT.html.
Michael Gillespie discovered a new Oxar Ransomware variant. This variant is decryptable.
A decryptor for the BansomQare Manna ransomware was released.
MalwareHunterTeam found two new Matrix variants being distributed.
MalwareHunterTeam found a ransomware builder from TurkHackTeam. Doesn't seem to do much at this point.
A new ransomware has been discovered by MalwareHunterTeam that is based off of the InfiniteTear ransomware family, of which BlackRuby and Zenis are members. When this ransomware infects a computer it will encrypt the files, scramble the filenames, and append the .WHITEROSE extension to them.
Not really sure what to make of this, so I will just add the tweet.
Great news, thank you!https://t.co/84HoOV7KUL— Karsten Hahn (@struppigel) April 5, 2018
The team at Malwarebytes has identified a weakness in the encryption scheme utilized by the LockCrypt ransomware that they can exploit to recover a victim's data.
Microsoft added anti-ransomware features to their Office 365 suite. The new feature is called File Restore and is a OneDrive feature that will allow users to go back in time and restore files to a previous state from the past 30 days. Office 365 will also notify users when ransomware encrypted files have been detected as shown below.
The Denver Post reports:
Six weeks after ransomware forced Colorado Department of Transportation’s back-end operations offline, the agency is back to 80 percent functionality — at an estimated cost of up to $1.5 million, according to the state.