Even the ransomware developers seem to be taking a last minute summer vacation as it was only small variants released, with a few being in development. I am hoping this is just a continual decline in new ransomware, but we will not know for sure until we start moving into September.
For now, make sure that you have a working backup and that you do not have any computer running remote desktop services connected directly to the Internet. If you do, put them behind a firewall or you are just asking to get hacked.
Contributors and those who provided new ransomware information and stories this week include: @fwosar, @hexwaxwing, @DanielGallagher, @PolarToffee, @malwrhunterteam, @demonslay335, @malwareforme, @campuscodi, @jorntvdw, @BleepinComputer, @Seifreed, @LawrenceAbrams, @struppigel, @FourOctets, @JakubKroustek, @leotpsc, @B_H101, @travisbgreen, and @siri_urz.
Jakub Kroustek found what appears to be an in-dev version of the CreamPie Ransomware. It does not currently display a ransom note, but does encrypt files and appends the .[firstname.lastname@example.org].CreamPie extension to them.
Leo discovered the Jeff the Ransomware variant. Looks to be in-development as it does not encrypt.
Michael Gillespie found a new Matrix Ransomware variant that renames files in the format "[KOK8@protonmail.com].-.KOK8" and drops a ransom note named #KOK8_README#.rtf.
Michael Gillespie saw an encrypted file uploaded to ID Ransomware that appends the .cassetto extension and drops a ransom note named IMPORTANT ABOUT DECRYPT.txt.
Leo discovered a screenlocker that calls itself Acroware Cryptolocker Ransomware. It does not encrypt.
Ben Hunter discovered a new ransomware called Termite Ransomware. When encrypting a computer it will append the .aaaaaa extension to encrypted files.
MalwareHunterTeam found a new LockCrypt variant that appends the .BadNews extension to encrypted files and drops a ransom note named How To Decode Files.hta.
MalwareHunterTeam found a new CryptoJoker variant called CryptoNar that appends either the .fully.cryptoNar or .partially.cryptoNar extension to encrypted files and drops a ransom note named CRYPTONAR RECOVERY INFORMATION.txt. Michael Gillespie created a decryptor for this variant.
This week a new CryptoJoker ransomware variant was discovered called CryptoNar that has infected victims. The good news, is that a free decryptor was quickly released so that these victims can get their files back for free.