Ransomware is definitely slowing down with most big attacks being targeted over RDP. With that said, we do see a steady stream of smaller ransomware infections that continue to be created, even if they never have much impact at all.
The biggest news over the past two weeks has been the continued releases of Gandcrab and some interesting writups about BlackHeart and SynAck.
Contributors and those who provided new ransomware information and stories this week include: @fwosar, @FourOctets, @jorntvdw, @malwareforme, @demonslay335, @PolarToffee, @hexwaxwing, @struppigel, @BleepinComputer, @LawrenceAbrams, @campuscodi, @Seifreed, @DanielGallagher, @malwrhunterteam, @FBI, @MarceloRivero, @jeromesegura, @zsawei, @kaspersky, @antonivanovm, @TrendLabs, @SophosLabs, @leotpsc, @bartblaze, and @Amigo_A_.
The UK Department of Health and Social Care has announced that it will transition all National Health Service (NHS) computer systems to Windows 10.
Officials cited the operating system's more advanced security features as the primary reason for upgrading current systems, such as the SmartScreen technology included with Microsoft Edge (a Google Safe Browsing-like system) and Windows Defender, Microsoft's sneakily good antivirus product.
According to a message sent to Leo, Kraken 2.0 was not meant for malicious purposes and has been hijacked by someone who has been spreading it.
Not 100% sure when this was released, but its a good whitepaper by Sophos on the BTCWare ransomware.
We recently discovered a new ransomware (Detected as RANSOM_BLACKHEART.THDBCAH), which drops and executes the legitimate tool known as AnyDesk alongside its malicious payload. This isn’t the first time that a malware abused a similar tool. TeamViewer, a tool with more than 200 million users, was abused as by a previous ransomware that used the victim’s connections as a distribution method.
In this instance, however, RANSOM_BLACKHEART bundles both the legitimate program and the malware together instead of using AnyDesk for propagation.
MalwareHunterTeam discovered the UselessFiles ransomware that appends the .UselessFiles extension to encrypted files.
MalwareHunterTeam found a new XiaoBa ransomware variant that appends the .[BaYuCheng@yeah.net].china extension to encrypted files.
GandCrab version 3 was released earlier this week with a few noticeable changes. The most noticeable change is the addition of a desktop background.
Bart takes a look at BKRansomware, which is a Vietnamese ransomware that wants you to send money to their phone.
A user posted a topic in our forums about a new variant of the Scarab Ransomware that appends the .email@example.com extension to encrypted files.
A new and improved version of the SynAck ransomware has been spotted online these past days, and security researchers are reporting that the ransomware now uses the Process Doppelgänging technique.
MalwareHunterTeam discovered a new Matrix ransomware variant that uses a ransom note of #What_Wrong_With_Files#.rtf. Does not append any extension.
In this article, Bart talks about how the PSCrypt ransomware is back in business.
The number of people who reported ransomware infections to US authorities has gone down last year, according to a yearly FBI Internet crime report.
MalwareHunterTeam discovered a new ransomware called RansomAES that appends the .RansomAES extension to encrypted files and a ransom note named READ ME.txt.
Jawe discovered that GandCrab v3.0.1 was release and no longer includes an autorun and wallpaper.
MalwareHunterTeam discovered Matrix ransomware variant that performs console loggin and adds the extension [RestoreFile@qq.com].MTXLOCK and drops a ransom note named #Decrypt_files_ReadMe#.rtf.
Leo spotted a tr011 ransomware called Facebook Ransomware that appends the .Facebook extension to encrypted files.