While it has been pretty slow for new ransomware this week, there was a quite a bit of ransomware related news.
This week we learned that LabCorp's cyberattack was actually a SamSam Ransomware infection, a ransomware developer decided to vent to security researchers because a site called his ransomware a scam, Magniber starts targeting other Asian countries, and Kaspersky gives us a behind-the-scenes look at how they took down Cryakl.
Contributors and those who provided new ransomware information and stories this week include: @struppigel, @campuscodi, @FourOctets, @fwosar, @demonslay335, @jorntvdw, @BleepinComputer, @hexwaxwing, @malwrhunterteam, @Seifreed, @LawrenceAbrams, @malwareforme, @PolarToffee, @AhnLab_man, @Malwarebytes, GrujaRS, @kaspersky, @Amigo_A_, @malwareforme, and @CyberScoopNews .
After spending nine months targeting only South Korean users, the Magniber ransomware has expanded its targeting spectrum and is now also capable of infecting users who also feature a Chinese (Macau, China, Singapore) and Malay (Malaysia, Brunei) PC language setting.
Michael Gillespie spotted a new variant of the Xorist ransomware that uses the .TaRoNiS extension for encrypted files and drops a ransom note named HOW TO DECRIPT FILES.txt.
Michael Gillespie spotted a Scarab Ransomware variant that uses the .deep extension and a ransom note of HOW TO RECOVER ENCRYPTED FILES.TXT.
I guess even ransomware developers do not like being called scammers as shown by a recent venting session by the King Ouroboros ransomware developer on Twitter.
GrujaRS found a new variant of the LanRan Ransomware that appends the .LanRan2.0.5 extension to encrypted files.
Michael Gillespie spotted a new variant of the Everbe Ransomware that uses the .[email@example.com].thunder extension.
Kaspersky shares their experience taking down Cryakl.
This spring marked the fourth anniversary of the malware’s first attacks. Against the backdrop of a general decline in ransomware activity (see our report), we decided to return to the topic of Cryakl and tell in detail about how one of the most eye-catching members of this endangered species evolved.
Michael Gillespie found a new variant of the Stop Ransomware that adds the .DATASTOP extension to encrypted files and drops a ransom note named !!!DATA_RESTORE!!!.txt.
AhnLab, a South Korea-based cyber-security firm, has released today a vaccine app that blocks the GandCrab ransomware from taking root and encrypting users' files.
CyberScoop highlights the ransomware threat to the health sector:
Ransomware has hit the vast medical-testing and blood diagnostics company LabCorp, the latest health care organization to be targeted by the digital-hostage-taking malware.
After detecting “suspicious activity” on its IT network over the weekend of July 14, LabCorp determined that it had been affected by “a new variant of ransomware,” company spokeswoman Pattie Kushner told CyberScoop.
MalwareHunterTeam found a new Unlock92 variant that zips files with a password and is decryptable.
JAMESWT found a new screenlocker that overwrites files and turns them into EXEs that launch the screenlocker.
Jack found a new ransomware named Desu Ransomware that appends the .desu extension to encrypted files and drops a ransom note named @_DECRYPT_@.txt.
Private sector security companies had a key role in the U.S. government’s attribution of last year’s WannaCry ransomware epidemic to North Korea, an official at the Office of the Director of National Intelligence (ODNI) said on Friday.