Even the ransomware developers seem to be taking a last minute summer vacation as it was only small variants released, with a few being in development. I am hoping this is just a continual decline in new ransomware, but we will not know for sure until we start moving into September.

For now, make sure that you have a working backup and that you do not have any computer running remote desktop services connected directly to the Internet. If you do, put them behind a firewall or you are just asking to get hacked.

Contributors and those who provided new ransomware information and stories this week include: @fwosar, @hexwaxwing, @DanielGallagher, @PolarToffee, @malwrhunterteam, @demonslay335, @malwareforme, @campuscodi, @jorntvdw, @BleepinComputer, @Seifreed, @LawrenceAbrams, @struppigel, @FourOctets, @JakubKroustek, @leotpsc, @B_H101, @travisbgreen, and @siri_urz.

August 26th 2018

CreamPie Ransomware discovered

Jakub Kroustek found what appears to be an in-dev version of the CreamPie Ransomware. It does not currently display a ransom note, but does encrypt files and appends the .[backdata@cock.li].CreamPie extension to them.

Jeff the Ransomware

Leo discovered the Jeff the Ransomware variant. Looks to be in-development as it does not encrypt.

Jeff the Ransomware

August 27th 2018

New Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that renames files in the format "[KOK8@protonmail.com].-.KOK8" and drops a ransom note named #KOK8_README#.rtf.

New Cassetto Ransomware

Michael Gillespie saw an encrypted file uploaded to ID Ransomware that appends the .cassetto extension and drops a ransom note named IMPORTANT ABOUT DECRYPT.txt.

August 28th 2018

Acroware Screenlocker

Leo discovered a screenlocker that calls itself Acroware Cryptolocker Ransomware. It does not encrypt.

Termite Ransomware discovered

Ben Hunter discovered a new ransomware called Termite Ransomware. When encrypting a computer it will append the .aaaaaa extension to encrypted files.

New LockCrypt Variant

MalwareHunterTeam found a new LockCrypt variant that appends the .BadNews extension to encrypted files and drops a ransom note named How To Decode Files.hta.

CryptoNar Ransomware

MalwareHunterTeam found a new CryptoJoker variant called CryptoNar that appends either the .fully.cryptoNar or .partially.cryptoNar extension to encrypted files and drops a ransom note named CRYPTONAR RECOVERY INFORMATION.txt.  Michael Gillespie created a decryptor for this variant.

August 30th 2018

New Pico Ransomware

S!Ri found a new Thanatos Ransomware variant called PICO Ransomware. This ransomware will append the .PICO extension to encrypted files and drop a ransom note named README.txt.

August 31st 2018

CryptoNar Ransomware Discovered and Quickly Decrypted

This week a new CryptoJoker ransomware variant was discovered called CryptoNar that has infected victims. The good news, is that a free decryptor was quickly released so that these victims can get their files back for free.

That's it for this week! Hope everyone has a nice weekend!


Related Articles:

CryptoNar Ransomware Discovered and Quickly Decrypted

GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit

GandCrab V5 Released With Random Extensions and New HTML Ransom Note

Fallout Exploit Kit Pushing the SAVEfiles Ransomware

The Week in Ransomware - September 21st 2018 - Beer, Airports, & Dharma