While it has been pretty slow for new ransomware this week, there was a quite a bit of ransomware related news.

This week we learned that LabCorp's cyberattack was actually a SamSam Ransomware infection, a ransomware developer decided to vent to security researchers because a site called his ransomware a scam, Magniber starts targeting other Asian countries, and Kaspersky gives us a behind-the-scenes look at how they took down Cryakl.

Contributors and those who provided new ransomware information and stories this week include: @struppigel, @campuscodi, @FourOctets, @fwosar, @demonslay335, @jorntvdw, @BleepinComputer, @hexwaxwing, @malwrhunterteam, @Seifreed@LawrenceAbrams, @malwareforme, @PolarToffee, @AhnLab_man, @Malwarebytes, GrujaRS, @kaspersky, @Amigo_A_, @malwareforme, and @CyberScoopNews .

July 16th 2018

Magniber Ransomware Expands From South Korea to Target Other Asian Countries

After spending nine months targeting only South Korean users, the Magniber ransomware has expanded its targeting spectrum and is now also capable of infecting users who also feature a Chinese (Macau, China, Singapore) and Malay (Malaysia, Brunei) PC language setting.

New Xorist variant spotted

Michael Gillespie spotted a new variant of the Xorist ransomware that uses the .TaRoNiS extension for encrypted files and drops a ransom note named HOW TO DECRIPT FILES.txt.

New Deep Scarab variant

Michael Gillespie spotted a Scarab Ransomware variant that uses the .deep extension and a ransom note of HOW TO RECOVER ENCRYPTED FILES.TXT.

July 17th 2018

King Ouroboros Ransomware Dev Vents to Researchers on Twitter

I guess even ransomware developers do not like being called scammers as shown by a recent venting session by the King Ouroboros ransomware developer on Twitter.

New LanRan variant

GrujaRS found a new variant of the LanRan Ransomware that appends the .LanRan2.0.5 extension to encrypted files.

New Everbe Ransomware variant

Michael Gillespie spotted a new variant of the Everbe Ransomware that uses the .[thunderhelp@airmail.cc].thunder extension.

July 18th 2018

The return of Fantomas, or how we deciphered Cryakl

Kaspersky shares their experience taking down Cryakl.

This spring marked the fourth anniversary of the malware’s first attacks. Against the backdrop of a general decline in ransomware activity (see our report), we decided to return to the topic of Cryakl and tell in detail about how one of the most eye-catching members of this endangered species evolved.



New Stop Ransomware variant

Michael Gillespie found a new variant of the Stop Ransomware that adds the .DATASTOP extension to encrypted files and drops a ransom note named !!!DATA_RESTORE!!!.txt.

July 19th 2018

Vaccine Available for GandCrab Ransomware v4.1.2

AhnLab, a South Korea-based cyber-security firm, has released today a vaccine app that blocks the GandCrab ransomware from taking root and encrypting users' files.

LabCorp attack highlights persistent ransomware threat to health sector

CyberScoop highlights the ransomware threat to the health sector:

Ransomware has hit the vast medical-testing and blood diagnostics company LabCorp, the latest health care organization to be targeted by the digital-hostage-taking malware.

After detecting “suspicious activity” on its IT network over the weekend of July 14, LabCorp determined that it had been affected by “a new variant of ransomware,” company spokeswoman Pattie Kushner told CyberScoop.

New Turkish Scarab Ransomware variant

Amigo-A found a new Scarab Ransomware variant that appends the .[firmabilgileri@bk.ru] extension to encrypted files. Targets Turkish victims.

New Unlock92 Ransomware variant

MalwareHunterTeam found a new Unlock92 variant that zips files with a password and is decryptable.

July 20th 2018

New National Security Bureau Ransomware discovered

JAMESWT found a new screenlocker that overwrites files and turns them into EXEs that launch the screenlocker.

New Desu Ransomware

Jack found a new ransomware named Desu Ransomware that appends the .desu extension to encrypted files and drops a ransom note named @_DECRYPT_@.txt.

Private sector played critical role in WannaCry attribution, ODNI official says

Private sector security companies had a key role in the U.S. government’s attribution of last year’s WannaCry ransomware epidemic to North Korea, an official at the Office of the Director of National Intelligence (ODNI) said on Friday.

That's it for this week! Hope everyone has a nice weekend!


Related Articles:

The Week in Ransomware - September 28th 2018 - RDP and gandCrab

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - November 2nd 2018 - RaaS, DiskCryptor, & More

New Ransomware using DiskCryptor With Custom Ransom Message