Another week when only small variants were released. Hopefully this downward trend is a slowdown in ransomware distribution. This biggest news was that the HC7 ransomware accepted Ethereum as a ransom payment. This is the first time this digital currency has been used with ransomware.

Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @FourOctets, @fwosar, @campuscodi, @DanielGallagher, @malwareforme, @BleepinComputer, @demonslay335, @malwrhunterteam, @struppigel, @PolarToffee, @hexwaxwing, @jorntvdw, @LawrenceAbrams.

January 8th 2018

KoreanLocker Discovered

Karsten Hahn discovered a new HiddenTear variant called KoreanLocker that appends the .locked extension.

NSFW Jigsaw Ransomware Variant

Karsten Hahn discovered a new NSFW Jigsaw Ransomware variant.

Krypton Ransomware Discovered

Karsten Hahn discovered a new HiddenTear variant called Krypton Ransomware. This ransomware is a test version and will append the extension .kryptonite and drop a ransom note named  KRYPTON_RANSOMWARE.txt. Requires the folder: \Desktop\test.Krypton.


January 9th 2018

HC7 Planetary Ransomware May Be the First to Accept Ethereum

A new variant of the HC7 Ransomware is in the wild that encrypts a victim's files and appends the .PLANETARY extension to the filename. What makes this particular ransomware variant unique is that it may be the first one that accepts Ethereum as a ransom payment.

D.koporushkin File Stealer/In-dev Ransomware

Karsten Hahn discovered a new infectioned being dubbed d.koporushkin for a file it creates. While it appears to be intended as a ransomware, right now it currently encrypts files and uploads them to a remote site. It will use the extension .aes for encrypted files.

Frog Ransomware Discovered

Karsten Hahn discovered a Vietnamese in-dev HiddenTear variant called Frog Ransomware. This ransomware appends the .frog extension to encrypted files and drops a ransom note named frog.txt.

New Jigsaw Ransomware Variant

Michael Gillespie discovered a new Jigsaw Ransomware variant that uses the .CryptWalker extension.

LongTermMemoryLoss Ransomware Discovered

Karsten Hahn discovered an in-dev ransomware called LongTermMemoryLoss. This ransomware appends the .LTML extension to encrypted files.

Death Note Ransomware Discovered

Karsten Hahn discovered the Death Note ransomware which is a batch script that uses RAR to create password protected archives of your files.

CryptWalker Dumb Ransomware Variant

Karsten Hahn discovered the DUMP Ransomware variant called CryptWalker. It is in development as it only encrypts files located in the Documents\Test folder.

January 10th 2018

D4CK3R Ransomware Discovered

Karsten Hahn discovered a test version of the decryptor for the D4CK3R Ransomware. The ransomware itself has not been spotted yet.

LazagneCrypt Ransomware Discovered

Karsten Hahn discovered the LazagneCrypt Ransomware and password stealer.  This ransomware appends the .encr extension to encrypted files and then uses the Lazagne tool to upload stolen credentials to a remote site.


That's it for this week! Hope everyone has a nice weekend!