It has been a slow week in terms of new releases, which is always a good thing. Still lots of small crapware being released that will never have much wide distribution. Of greatest note in terms of new ransomware, a new version of CryptoMix was released that uses the .Exte extension.
We also have some good news, which is the release of a NemucodAES decryptor by Emsisoft. This allows victims of this ransomware to get their files back for free.
Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @malwrhunterteam, @PolarToffee, @fwosar, @struppigel, @BleepinComputer, @demonslay335, @DanielGallagher, @malwareforme, @jorntvdw, @FourOctets, @campuscodi, @JAMESWT_MHT, @Seifreed, @siri_urz, @FraMauronz, @MarceloRivero, @JakubKroustek, @emsisoft, and @McAfee.
Google has removed two apps that contained a new strain of ransomware named LeakerLocker. Discovered by security researchers from McAfee's mobile division, the ransomware didn't encrypt users' files, but only locked their device and threatened to send the user's private data to friends from his contact list.
Malwarebytes malware researcher Marcelo Rivero discovered a new version of the Scarab ransomware was found called Scorpio. The Scorpio ransomware will append the [Help-Mails@Ya.Ru].Scorpio extension to encrypted files and drops a ransom note named IF_YOU_WANT_TO_GET_ALL_YOUR_FILES_BACK_PLEASE_READ_THIS.TXT.
Marcelo Rivero also discovered the Oxar Ransomware, which is based on HiddenTear. This variant will append the .OXR extension to encrypted files. This ransomware should not be confused with the previous Locked In Ransomware that was discovered.
Australian police have arrested a man from the city of Mackay on allegations of laundering money for the operators of a tech support and ransomware scheme. According to a statement from Queensland police, the yet unnamed 75-year-old man had entered a partnership with a group of tech support scammers operating a fake computer company.
Malwarebytes security researcher Marcelo Rivero discovered a new HiddenTear variant called AslaHora Ransomware. This ransomware appends the .Malki extension to encrypted files and has an unlock code of MALKIMALKIMALKI.
Ransomware researchers Michael Gillespie & Francesco Muroni released a decryptor for the Dcry Ransomware. For those victims who have had their files encrypted and the .dcry extension appended to the file names, you can use this decryptor to get your files back for free.
Malwarebyte's security researcher S!Ri discovered a new ransomware called Blackout. When encrypting files it will change the filename to its Base64 equivalent.
MalwareHunterTeam discovered a new EDA2 based ransomware that appends the .locked extension to encrypted files. Sets an interesting wallpaper :)
GData security researcher Karsten Hahn discovered the Purge Ransomware. This ransomware is buggy and crashes due to only decrypting a test folder. Appends the .purge extension to encrypted files. The unlock code is TotallyNotStupid.
I wish I could give ransomware developers mandatory spelling & grammar lessons. You can see why in the image of the the latest screenlocker discovered by Karsten Hahn below. To close the screen, just use Alt+F4. Does not have an unlock code programmed into the source.
When Karsten Hahn is on fire, he is on fire! Karsten found a new in-dev ransomware called BrainLag. In-dev, so does not encrypt, but has a fun lock screen.
Bleeping Computer's Lawrence Abrams discovered Ransed Ransomware, which connects to a MySQL server directly from the app. This means that the servers login credentials are built into the ransomware executed. When encrypting files it will append the .Ransed extension.
MalwareHunterTeam discovered a new SamSam/Samas variant that appends the .country82000 extension to encrypted files.
MalwareHunterTeam discovered a new fake screenlocker that someone created as a joke. The passcode is A01B.
Avast security researcher Jakub Kroustek discovered a new ransomware called Fuacked. It's disturbing enough that we do not need to go into it anymore.