We have had quite a bit of interesting news this week regarding ransomware. First we had the Kraken Cryptor deciding to connect to BleepingComputer.com during different stages of the encryption process, then we had a decryptor released by Bitdefender for GandCrab v1, v4, and v5, and finally a new FilesLocker rasnomware as a service.
Unfortunately, today the GandCrab developers released a new variant that breaks the current Bitdefender decryptor.
Other than that, its mostly been releases of new variants of existing ransomware such as Dharma and Matrix.
Contributors and those who provided new ransomware information and stories this week include: @jorntvdw, @malwareforme, @Seifreed, @struppigel, @LawrenceAbrams, @demonslay335, @DanielGallagher, @PolarToffee, @malwrhunterteam, @fwosar, @BleepinComputer, @FourOctets, @hexwaxwing, @nao_sec, @kafeine, @0x009AD6_810, @Bitdefender, @ESET, @GrujaRS, @JakubKroustek. @tamas_boczan. and @siri_urz.
Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .betta extension to encrypted files.
Over the weekend, the Kraken Cryptor Ransomware released version 2.0.6, which now connects to BleepingComputer during different stages of their encryption process. It is not known what they are trying to achieve by doing this, but it does provide BleepingComputer with insight into the amount of victims being infected by this ransomware.
Michael Gillespie found a new variant of the Matrix Ransomware that appends the .GMPF extension to encrypted files.
Michael found a new ransomware that appends the .SOLO extension and drops a ransom note named IHRE_DATEIEN_SIND_VERSCHLUESSELT.html. Not the most sophisticated ransomware as it encrypts its own note.
Michael Gillespie found another Xorist Ransomware variant that uses a crazy long extension.
GrujaRS discovered a new HiddenTear variant called HiddenBeer that appends the .beer extension to encrypted files.
Jakub Kroustek found a new Dharma Ransomware variant that appends the .vanss extension and drops a ransom note named Info.html and FILES ENCRYPTED.txt.
A newly released decryptor allows for the free recovery of files encrypted by GandCrab versions 1, 4, and 5.
A new ransomware called FilesLocker is being distributed as a Ransomware as a Service, or RaaS, that targets Chinese and English speaking victims.
ESET experts have created a new decryption tool that can be used by Syrian victims of the GandCrab ransomware. It is based on a set of keys recently released by the malware operators
Michael Gillespie found a new Dharma Ransomware variant that appends the .FUNNY extension to encrypted files.
Michael Gillespie found a new variant of the Everbe 2.0 Ransomware that appends the .[firstname.lastname@example.org].EVEREST and drops ransom note named EVEREST LOCKER .txt and 新建文本文档.txt.
Michael Gillespie added detections for extortion scam emails.
Tamas Boczan discovered that GandCrab v5.0.5 was released, which breaks the free decryption through Bitdefender's recently released decryptor.
S!Ri discovered a new ransomware that appends the .docx extension to encrypted files.