The biggest news was the release of the Princess Evolution RaaS and a new variant of the Dharma ransomware utilizing the .cmb extension for encrypted files. Otherwise, it was mostly small variants released that will not likely have many victims.
Remember, while ransomware is not distributed as much through malspam, it is still a threat and being installed via more sneaky methods such as through remote desktop, exploit kits, and other malware. Therefore, continue to make sure those backups are working well and to have an updated security software installed.
Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @demonslay335, @fwosar, @FourOctets, @BleepinComputer, @struppigel, @jorntvdw, @PolarToffee, @Seifreed, @campuscodi, @malwareforme, @malwrhunterteam, @TrendLabs, @ValthekOn, @bartblaze, @Damian1338B, and @emsisoft.
On Thursday a new variant of the Dharma Ransomware was discovered that appends the .cmb extension to encrypted files.
Bart found a new ransomware called Golden Ransomware. Appears to be in-dev and doesn't actually encrypt.
Bart wrote an article on the Mafia Ransomware:
A new ransomware family was discovered and sent to me by MalwareHunterTeam, which we'll call MAFIA due to the extension it uses to encrypt files. The ransomware appears to target users in Korea, and may have been developed with at least knowledge of the Korean language.
Damian1338 found Hermes 2.1 Ransomware RaaS being promoted on underground criminal forums.
MalwareHunterTeam discovered a new JobCrypter ransomware variant that continues to target French victims, but now asks for $1000€.
On Monday, a Florida judge sentenced a former Microsoft network engineer to 18 months in prison for his role in helping launder money obtained from victims of the Reveton ransomware.
A new variant of the Princess Locker ransomware is being distributed called Princess Evolution. Like its predecessor, Princess Evolution is a Ransomware as a Service, or RaaS, that is being promoted on underground criminal forums.
MalwareHunterTeam discovered a new in-dev ransomware called SARansom ransomware. Asks for a very aggressive amount of bitcoins. "For the low fee of 5 bitcoin"
In this article by Emsisoft, you learn how to manually remove a ransomware.
It’s every user’s and administrator’s nightmare: you’ve found yourself infected with ransomware and you’re staring at a message on the screen that demands you pay thousands of dollars to get your files decrypted. What should you do? Don’t panic. A ransomware might present you with a time limit, but it’s important to avoid taking the wrong steps, which could make it harder for you to get your files back.
MalwareHunterTeam discovered a ransomware named Wise Ransomware that does not encrypt anything, but rather deletes the files.
MalwareHunterTeam discovered a new ransomware with a Fsociety theme that appends the .ShutUpAndDance extension to encrypted files.
Michael Gillespie discovered a bunch of new Jigsaw Ransomware variant released this week. These variants add the .hacked.by.Snaiparul, .lockedgood, and .pleaseCallQQ. He also noticed a .fun variant that asks for amazon gift cards as a payment.