This has been a busy week. We had a brewery hit, an airport's flight and arrival time displays taken out, and Dharma deciding to release three different variants in one week. The NSA CodeBreaker Challenge was also kicked off today and it has a ransomware theme this year.
Contributors and those who provided new ransomware information and stories this week include: @struppigel, @malwareforme, @malwrhunterteam, @PolarToffee, @demonslay335, @FourOctets, @Ionut_Ilascu, @hexwaxwing, @DanielGallagher, @LawrenceAbrams, @jorntvdw, @BleepinComputer, @fwosar, @Seifreed, @MayhemDayOne, @JakubKroustek, @CBC, @Amigo_A_, @campuscodi, and @jleyden.
A new variant of the Dharma Ransomware was released this week that appends the .brrr extension to encrypted files. This variant was first discovered by Jakub Kroustek who tweeted a link to the sample on VirusTotal.
Flight information screens were blacked out over the weekend at the Bristol Airport in the UK. Airport officials blamed the incident on a ransomware infection that affected the computers running the airport's in-house TV screens displaying arrival and departure flight information.
MalwareHunterTeam discovered a new HiddenTear variant called IT.Books Ransomware that looks like Jigsaw. Drops a ransom note named READ__IT.txt and extension of .f*cked. See the tweet for the uncensored extension.
Michael Gillespie found a new variant of the Everbe 2.0 Ransomware that appends the "..NOT_OPEN" and drops a ransom note named "!_HOW_RECOVERY_FILES_!.txt".
Michael Gillespie found a new variant of the Matrix Ransomware that renames files to "[firstname.lastname@example.org].-.CHE808". Michael also found another variant that renames files to "[KOK08@QQ.COM].-.CHE08".
What may very well be considered a cybercriminal's dream tool is now real and it is hunting Windows and Linux servers: a botnet with self-spreading capabilities that combines cryptomining and ransomware functions.
A huge customer database containing 11 million records that include personal details, has been discovered on Monday sitting online, unprotected.
CBC reported that "VON Canada is assuring clients and staff that their information is safe after the nursing organization was the target of a ransomware incident earlier this month."
Allscripts was sued by customers for an outage caused by the SamSam ransomware. They have not filed a Motion to Dismiss to get the lawsuit thrown out.
Michael Gillespie noticed a possible new Dcrtr variant that appends the ..parrot extension and drops a ransom note named ReadMe_Decryptor.txt.
Amigo-A found a new variant of the Scarab Ransomware that appends the .skype extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
A Romanian woman admitted on Thursday her participation in a ransomware distribution scheme that ended up disabling computers used by the Washington D.C. police for surveillance.
This week Jakub Kroustek found three new Dharma Ransomware variants that append either the .Gamma, .Bkp, & .Monro extensions to encrypted files.
The NSA CodeBreaker Challenge started today and this year has a theme revolving around ransomware.
In an article by John Leyden for TheRegister:
Staff at Arran Brewery were locked out of its computer systems this week following a ransomware attack.
The attack against the Isle of Arran-based Scottish beer maker appears to have been a targeted strike. Prior to the infection, adverts for an already filled finance post at the brewery were placed on recruitment sites worldwide. This, in turn, resulted in an influx of CVs.