Another week when only small variants were released. Hopefully this downward trend is a slowdown in ransomware distribution. This biggest news was that the HC7 ransomware accepted Ethereum as a ransom payment. This is the first time this digital currency has been used with ransomware.
Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @FourOctets, @fwosar, @campuscodi, @DanielGallagher, @malwareforme, @BleepinComputer, @demonslay335, @malwrhunterteam, @struppigel, @PolarToffee, @hexwaxwing, @jorntvdw, @LawrenceAbrams.
Karsten Hahn discovered a new HiddenTear variant called KoreanLocker that appends the .locked extension.
Karsten Hahn discovered a new NSFW Jigsaw Ransomware variant.
Karsten Hahn discovered a new HiddenTear variant called Krypton Ransomware. This ransomware is a test version and will append the extension .kryptonite and drop a ransom note named KRYPTON_RANSOMWARE.txt. Requires the folder: \Desktop\test.Krypton.
A new variant of the HC7 Ransomware is in the wild that encrypts a victim's files and appends the .PLANETARY extension to the filename. What makes this particular ransomware variant unique is that it may be the first one that accepts Ethereum as a ransom payment.
Karsten Hahn discovered a new infectioned being dubbed d.koporushkin for a file it creates. While it appears to be intended as a ransomware, right now it currently encrypts files and uploads them to a remote site. It will use the extension .aes for encrypted files.
Michael Gillespie discovered a new Jigsaw Ransomware variant that uses the .CryptWalker extension.
Karsten Hahn discovered a test version of the decryptor for the D4CK3R Ransomware. The ransomware itself has not been spotted yet.
Karsten Hahn discovered the LazagneCrypt Ransomware and password stealer. This ransomware appends the .encr extension to encrypted files and then uses the Lazagne tool to upload stolen credentials to a remote site.