It has been another slow week, with mostly new variants of existing ransomware being released. The biggest news is that the GandCrab Ransomware developers have decided to release the decryption keys for Syrian victims. Unfortunately, there is no decryptor available that will work with all versions of the keys that were released, so victims will have to wait for an AV company to release a working decryptor.
Contributors and those who provided new ransomware information and stories this week include: @malwrhunterteam, @FourOctets, @demonslay335, @jorntvdw, @malwareforme, @PolarToffee, @LawrenceAbrams, @BleepinComputer, @Seifreed, @struppigel, @fwosar, @Amigo_A_, GrujaRS, and @Damian1338B.
Damian1338 noticed that GandCrab did a major redesign of the payment page.
MalwareHunterTeam discovered a new in-dev ransomware called EbolaRnsmwr that appends the .101 extension and is based off of HiddenTear.
#CrySiS #Ransomware extension .[firstname.lastname@example.org].gamma!Ransom note; all your data has been locked us You want to return? write email email@example.com or firstname.lastname@example.org https://youtu.be/Xkd4m6GqeO4
Amigo-A found a new variant of the Scarab Ransomware that appends the .DD extension to encrypted files and drops a ransom note named HOW TO RETURN FILES.TXT.
GrujaRS discoverd a new ransomware called Crypton that a ransom note named README.TXT.
Amigo-A found a new variant of the CryptConsole-3 Ransomware that does not add an extension and drops a ransom note named README.txt.
Michael Gillespie found a new ransomware that appends the .email@example.com extension to encrypted files and drops a ransom note named READ_IT.district.
Amigo-A found a new Scarab Ransomware variant that appends the .firstname.lastname@example.org extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
Michael Gillespie found a new ransomware appending the .katyusha and dropping a ransom note named _how_to_decrypt_you_files.txt. Kaspersky detects this as an "EquationDrug" variant.
Michael Gillespie found a new Matrix Ransomware variant that appends the .THDA extension and drops a ransom note named !README_THDA!.rtf.
In a post to an underground hacking and cybercrime forum, the GandCrab developers have released the decryption keys for Syrian victims.
MalwareHunterTeam discovered a new ransomware called Birbware that adds the .birbb extension to encrypted files and states that you can get a free decryption key by contacting the developer on Discord.
MalwareHunterTeam discovered a fake ransomware pretending to be a Fortnite vBucks hack.
That's it for this week. Hope you have a nice weekend!