The biggest news was the release of the Princess Evolution RaaS and a new variant of the Dharma ransomware utilizing the .cmb extension for encrypted files. Otherwise, it was mostly small variants released that will not likely have many victims.

Remember, while ransomware is not distributed as much through malspam, it is still a threat and being installed via more sneaky methods such as through remote desktop, exploit kits, and other malware. Therefore, continue to make sure those backups are working well and to have an updated security software installed.

Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @demonslay335, @fwosar, @FourOctets, @BleepinComputer, @struppigel, @jorntvdw, @PolarToffee, @Seifreed, @campuscodi, @malwareforme, @malwrhunterteam, @TrendLabs, @ValthekOn, @bartblaze, @Damian1338B, and @emsisoft.

August 11th 2018

New Cmb Dharma Ransomware Variant Released

On Thursday a new variant of the Dharma Ransomware was discovered that appends the .cmb extension to encrypted files.

Golden Ransomware discovered

Bart found a new ransomware called Golden Ransomware. Appears to be in-dev and doesn't actually encrypt.

Golden Ransomware

August 12th 2018

MAFIA ransomware targeting users in Korea

Bart wrote an article on the Mafia Ransomware:

A new ransomware family was discovered and sent to me by MalwareHunterTeam, which we'll call MAFIA due to the extension it uses to encrypt files. The ransomware appears to target users in Korea, and may have been developed with at least knowledge of the Korean language.

Mafia Ransomware Note

August 13th 2018

Hermes 2.1 RaaS promoted on underground forums

Damian1338 found Hermes 2.1 Ransomware RaaS being promoted on underground criminal forums.

Hermes RaaS being promoted on underground forums

New Jobcrypter variant

MalwareHunterTeam discovered a new JobCrypter ransomware variant that continues to target French victims, but now asks for $1000€.

French Jobcrypter

August 15th 2018

Former Microsoft Engineer Gets 18 Months in Prison for Role in Ransomware Scheme

On Monday, a Florida judge sentenced a former Microsoft network engineer to 18 months in prison for his role in helping launder money obtained from victims of the Reveton ransomware.

Princess Evolution Ransomware is a RaaS With a Slick Payment Site

A new variant of the Princess Locker ransomware is being distributed called Princess Evolution. Like its predecessor, Princess Evolution is a Ransomware as a Service, or RaaS, that is being promoted on underground criminal forums.

New SARansom Ransomware discovered

MalwareHunterTeam discovered a new in-dev ransomware called SARansom ransomware. Asks for a very aggressive amount of bitcoins. "For the low fee of 5 bitcoin"

How to Perform Manual Ransomware Removal

In this article by Emsisoft, you learn how to manually remove a ransomware.

It’s every user’s and administrator’s nightmare: you’ve found yourself infected with ransomware and you’re staring at a message on the screen that demands you pay thousands of dollars to get your files decrypted. What should you do? Don’t panic. A ransomware might present you with a time limit, but it’s important to avoid taking the wrong steps, which could make it harder for you to get your files back.

Wise Ransomware discovered

MalwareHunterTeam discovered a ransomware named Wise Ransomware that does not encrypt anything, but rather deletes the files.

New FSociety Themed Ransomware

MalwareHunterTeam discovered a new ransomware with a Fsociety theme that appends the .ShutUpAndDance extension to encrypted files.

August 17th 2018

Bunch of Jigsaw Ransomware variants released. 

Michael Gillespie discovered a bunch of new Jigsaw Ransomware variant released this week.  These variants add the, and .pleaseCallQQ. He also noticed a .fun variant that asks for amazon gift cards as a payment.

That's it for this week! Hope everyone has a nice weekend!

Related Articles:

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

The Week in Ransomware - November 2nd 2018 - RaaS, DiskCryptor, & More

The Week in Ransomware - October 26th 2018 - Decryptors, RaaS, and More

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

The Week in Ransomware - October 5th 2018 - Restaurant Shutdowns & Exploit Kits