Was a quiet week for new variants, but a bunch of long-running ransomware infections released new variants this week. We had a few from Scarab, a new Dharma variant, and a new Matrix ransomware variant. 

While ransomware is slowing down, it is not going away. So stay vigilant, make sure you perform backups, and get remote desktop off of public ip addresses!

Contributors and those who provided new ransomware information and stories this week include: @struppigel, @malwrhunterteam, @jorntvdw, @LawrenceAbrams, @hexwaxwing, @DanielGallagher, @malwareforme, @PolarToffee, @fwosar, @FourOctets, @BleepinComputer, @Seifreed, @demonslay335, @siri_urz, @Amigo_A_@TeillardD, @kafeine@JakubKroustek, and @GrujaRS.

September 9th 2018

New Brr Dharma variant

Jakub Kroustek discovered a new variant of the Dharma ransomware that appends the .brrr extension and drops a ransom note named Info.hta

September 10th 2018

MVP Ransomware discovered

Siri discovered a new ransomware that is appending the .mvp extension to encrypted files.

MVP Ransomware

New Scarab Ransomware variant

Amigo-A found a new variant of the variant Scarab-DiskDoctor ransomware that uses the .mammon extension for encrypted files. Emmanuel_ADC-Soft shared the ransom note below. Other new Scarab variants found this week append the extensions : .omerta and .bomber.

September 11th 2018

Mongo Lock Attack Ransoming Deleted MongoDB Databases

An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, encrypting them, and then demanding a ransom in order to get the contents back. 

September 12th 2018

New Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that uses appends the .ITLOCK extension to encrypted files and drops a ransom note named !ITLOCK_README!.rtf.

StorageCrypter still alive

Michael Gillespie noticed numerous submissions to ID Ransomware from South Korea for the StorageCrypter ransomware. This version is using a new ransom note named read_me_for_recover_your_files.txt.

September 14th 2018

Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program

The Kraken Cryptor Ransomware is a newer ransomware that was released in August 2018. A new version, called Kraken Cryptor 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it. 

Encrypted Files

Fallout Exploit Kit Pushing the SAVEfiles Ransomware

Last week the Fallout Exploit kit was distributing the GandCrab ransomware. This week, it has started to distribute a new ransomware called SAVEfiles, for lack of a better name, through malvertising campaigns.

Ransom Note

New Rektware ransomware

GrujaRS discovered a new ransomware called Rektware that appends the .CQScSFy extension.

Rektware

That's it for this week! Hope everyone has a nice weekend!

Related Articles:

New Brrr Dharma Ransomware Variant Released

The Week in Ransomware - September 7th 2018 - Obama, Matrix, and More

New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles

The Week in Ransomware - August 17th 2018 - Princess Evolution & Dharma

New Cmb Dharma Ransomware Variant Released