This week's article is going out a bit early today due to time constraints. Anything released later will be added to next weeks article.
This week we have 1 new ransomware variants, 3 new ransomware infections, and 1 new distribution campaign. The big news is that the Cerber Ransomware released a new version with some significant updates.
Contributors and those who provided new ransomware info this week include: @malwrhunterteam, @Malwarebytes, @fwosar, @fuzzerDOTcn, @DanielGallagher, @nyxbone, @demonslay335, @PolarToffee, @JAMESWT_MHT, @BleepinComputer, @JakubKroustek, , @Seifreed, and @TrendMicro. If you are interested in ransomware, I suggest you follow all of them on Twitter.
The Razy Ransomware was discovered by Jakub Kroustek and encrypts your data with AES encryption. Once a file is encrypted it will append the .razy extension to the encrypted filename. This ransomware will target all files, regardless of extension, on the victim's Desktop, Documents, Videos, Pictures, and Music folders.
Unfortunately, this ransomware does not save the decryption key anywhere, so there is no way for a victim to decrypt the files once they are encrypted. This twitter account states that they created this ransomware for educational purposes and have no idea how it has been distributed.
Over the past week or so, a new distribution campaign for the Locky variant dubbed the Zepto Ransomware has been underway. Previously, the Zepto Ransomware installer was being distributed using zipped JS files. Now the installer are being sent as zipped WSF files in emails that pretend to be banking reports, invoices, or shipping information.
The road to Hell is paved with good intentions when security researchers release "educational" ransomware. We saw this when Utku Sen released the hidden-tear and EDA2 ransomware source code on Github, which led to a sudden onslaught of script kiddies using it to make ransomware. Now we may possibly see it with a new educational ransomware called ShinoLocker that was developed by security researcher Shota Shinogi as a means for people to test their security performance and utilities.
50 percent of organizations based in the United States have been targeted by ransomware attacks over the past 12 months. That's just one of the major findings of Understanding the Depth of the Ransomware Problem in the United States, a report commissioned by security firm Malwarebytes and conducted by Osterman Research.
A new variant of the Cerber Ransomware was discovered by panicall, a security researcher for Trend Micro, that has some significant changes in how it was programmed. According to Panicall, Cerber Ransomware version 2 contains numerous internal changes as well as changes that will be apparent to the victim.
A new ransomware called Venus Locker, which is EDA2 variant, was discovered by Michael Gillespie. According to Michael, this ransomware will encrypt files with AES-256 and append ".Venusf" to filenames. The AES key is generated with a cryptographically-strong random generator, and encrypted with an embedded RSA-2048 public key before being sent to the criminal's server.
That's it for this week! Hope everyone has a ransomware free weekend.