Since May 2016, I have written 74 of these weekly ransomware update articles and this is the first time that we had an article with only six stories in it!  I am hoping that this means devs are getting bored of ransomware and things will calm down, but I am also worried that this may be just a lull in the storm.

Either way, not much to report this week other than ransomware attacks to a medical center and a city network in Colorado.

Contributors and those who contributed to ransomware hunting this week include: @Seifreed, @struppigel, @DanielGallagher, @campuscodi, @demonslay335, @fwosar, @LawrenceAbrams, @FourOctets, @PolarToffee, @malwrhunterteam, @BleepinComputer, @jorntvdw, @hexwaxwing, @malwareforme, and @msftmmpc.

October 3rd 2017

New BTCWare Varant uses PayDay Extension

Michael Gillespie found a new BTCWare variant uploaded to ID-Ransomware that uses the .[]-id-.payday extension and a ransom note named !! RETURN FILES !!.txt.

October 5th 2017

"Ransomware Detected" Browser Based Tech Support Scam

The Microsoft Malware Protection Center spotted a new browser based tech support scam that states "Ransomware Detected".

New Samas Variant Appends .loveransisgood

Michael Gillespie saw that a new SamSam/Samas ransomware variant was uploaded to ID Ransomware that uses the extension .loveransisgood.

Ransomware attack hits city of Englewood

According to local news, the internal systems of Englewood, Colorado was hit with a ransomware attack.

The City of Englewood says it has been hit with a ransomware attack, but at this point, no information belonging to residents or employees has been compromised.

Arkansas Facility Ransomware Attack Potentially Affects 128K reported that a medical facility in Arkansas was affected by a ransomware attack that affected 128,000 people.

Arkansas Oral & Facial Surgery Center recently announced on its website that it experienced a ransomware attack on its computer network on July 26, 2017.

An investigation determined that the ransomware had been installed either earlier that morning or the evening before. The organization added that extortion was likely the reason for the attack, and not an attempt to gain patient information.

October 6th 2017

Ender Ransomware Screenlocker Discovered

Lawrence Abrams discovered a screenlocker using the name Ender Ransomware. Whoever wrote this really needs to take UI design classes. The unlock code is: aRmLgk8wb0WK5q7

That's it for this week! Hope everyone has a nice weekend!


Related Articles:

The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More

Ransomware Infects 100K PCs in China, Demands WeChat Payment

Chinese Police Arrest Dev Behind UNNAMED1989 WeChat Ransomware

Company Pretends to Decrypt Ransomware But Just Pays Ransom

Moscow's New Cable Car System Infected with Ransomware the Day After it Opens