Even the ransomware developers seem to be taking a last minute summer vacation as it was only small variants released, with a few being in development. I am hoping this is just a continual decline in new ransomware, but we will not know for sure until we start moving into September.

For now, make sure that you have a working backup and that you do not have any computer running remote desktop services connected directly to the Internet. If you do, put them behind a firewall or you are just asking to get hacked.

Contributors and those who provided new ransomware information and stories this week include: @fwosar, @hexwaxwing, @DanielGallagher, @PolarToffee, @malwrhunterteam, @demonslay335, @malwareforme, @campuscodi, @jorntvdw, @BleepinComputer, @Seifreed, @LawrenceAbrams, @struppigel, @FourOctets, @JakubKroustek, @leotpsc, @B_H101, @travisbgreen, and @siri_urz.

August 26th 2018

CreamPie Ransomware discovered

Jakub Kroustek found what appears to be an in-dev version of the CreamPie Ransomware. It does not currently display a ransom note, but does encrypt files and appends the .[backdata@cock.li].CreamPie extension to them.

Jeff the Ransomware

Leo discovered the Jeff the Ransomware variant. Looks to be in-development as it does not encrypt.

Jeff the Ransomware

August 27th 2018

New Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that renames files in the format "[KOK8@protonmail.com].-.KOK8" and drops a ransom note named #KOK8_README#.rtf.

New Cassetto Ransomware

Michael Gillespie saw an encrypted file uploaded to ID Ransomware that appends the .cassetto extension and drops a ransom note named IMPORTANT ABOUT DECRYPT.txt.

August 28th 2018

Acroware Screenlocker

Leo discovered a screenlocker that calls itself Acroware Cryptolocker Ransomware. It does not encrypt.

Termite Ransomware discovered

Ben Hunter discovered a new ransomware called Termite Ransomware. When encrypting a computer it will append the .aaaaaa extension to encrypted files.

New LockCrypt Variant

MalwareHunterTeam found a new LockCrypt variant that appends the .BadNews extension to encrypted files and drops a ransom note named How To Decode Files.hta.

CryptoNar Ransomware

MalwareHunterTeam found a new CryptoJoker variant called CryptoNar that appends either the .fully.cryptoNar or .partially.cryptoNar extension to encrypted files and drops a ransom note named CRYPTONAR RECOVERY INFORMATION.txt.  Michael Gillespie created a decryptor for this variant.

August 30th 2018

New Pico Ransomware

S!Ri found a new Thanatos Ransomware variant called PICO Ransomware. This ransomware will append the .PICO extension to encrypted files and drop a ransom note named README.txt.

August 31st 2018

CryptoNar Ransomware Discovered and Quickly Decrypted

This week a new CryptoJoker ransomware variant was discovered called CryptoNar that has infected victims. The good news, is that a free decryptor was quickly released so that these victims can get their files back for free.

That's it for this week! Hope everyone has a nice weekend!


Related Articles:

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - November 2nd 2018 - RaaS, DiskCryptor, & More

New Ransomware using DiskCryptor With Custom Ransom Message

CommonRansom Ransomware Demands RDP Access to Decrypt Files