It has been another slow week, with mostly new variants of existing ransomware being released. The biggest news is that the GandCrab Ransomware developers have decided to release the decryption keys for Syrian victims. Unfortunately, there is no decryptor available that will work with all versions of the keys that were released, so victims will have to wait for an AV company to release a working decryptor.

Contributors and those who provided new ransomware information and stories this week include: @malwrhunterteam, @FourOctets, @demonslay335, @jorntvdw, @malwareforme, @PolarToffee, @LawrenceAbrams, @BleepinComputer, @Seifreed, @struppigel, @fwosar, @Amigo_A_,  GrujaRS, and @Damian1338B.

October 13th 2018

GandCrab redesigns their ransom page

Damian1338 noticed that GandCrab did a major redesign of the payment page.

GandCrab Ransom Page

EbolaRnsmwr discovered

MalwareHunterTeam discovered a new in-dev ransomware called EbolaRnsmwr that appends the .101 extension and is based off of HiddenTear.

EbolaRnsmwr

New Dharma variant

#CrySiS #Ransomware extension .[mixon.constantine@aol.com].gamma!Ransom note; all your data has been locked us You want to return? write email mixon.constantine@aol.com or mclainmelvin@aol.com https://youtu.be/Xkd4m6GqeO4 

Dharma Variant

October 15th 2018

New Scarab variant

Amigo-A found a new variant of the Scarab Ransomware that appends the .DD extension to encrypted files and drops a ransom note named HOW TO RETURN FILES.TXT.

New Crypton Ransomware discovered

GrujaRS discoverd a new ransomware called Crypton that a ransom note named README.TXT.

New CryptoConsole Variant

Amigo-A found a new variant of the CryptConsole-3 Ransomware that does not add an extension and drops a ransom note named README.txt.

October 16th 2018

New District ransomware

Michael Gillespie found a new ransomware that appends the .ctrlalt@cock.li.district extension to encrypted files and drops a ransom note named READ_IT.district.

New Scarab Ransomware variant

Amigo-A found a new Scarab Ransomware variant that appends the .yourhope@airmail.cc extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

New EqutionDrug variant

Michael Gillespie found a new ransomware appending the .katyusha and dropping a ransom note named _how_to_decrypt_you_files.txt. Kaspersky detects this as an "EquationDrug" variant.

EquationDrug Ransomware

New Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that appends the .THDA extension and drops a ransom note named !README_THDA!.rtf.

October 17th 2018

GandCrab Devs Release Decryption Keys for Syrian Victims

In a post to an underground hacking and cybercrime forum, the GandCrab developers have released the decryption keys for Syrian victims.

Forum post

Birbware Ransomware discovered

MalwareHunterTeam discovered a new ransomware called Birbware that adds the .birbb extension to encrypted files and states that you can get a free decryption key by contacting the developer on Discord.

Birbware

October 19th 2018

Ransomware masquerading as a Fortnite vBucks hack

MalwareHunterTeam discovered a fake ransomware pretending to be a Fortnite vBucks hack.


That's it for this week. Hope you have a nice weekend!

 

Related Articles:

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

The Week in Ransomware - October 26th 2018 - Decryptors, RaaS, and More

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

Free Decrypter Available for the Latest GandCrab Ransomware Versions

GandCrab Devs Release Decryption Keys for Syrian Victims