This has been a busy week. We had a brewery hit, an airport's flight and arrival time displays taken out, and Dharma deciding to release three different variants in one week. The NSA CodeBreaker Challenge was also kicked off today and it has a ransomware theme this year.

Contributors and those who provided new ransomware information and stories this week include: @struppigel, @malwareforme, @malwrhunterteam, @PolarToffee, @demonslay335, @FourOctets, @Ionut_Ilascu@hexwaxwing, @DanielGallagher, @LawrenceAbrams, @jorntvdw, @BleepinComputer, @fwosar, @Seifreed@MayhemDayOne@JakubKroustek@CBC@Amigo_A_, @campuscodi, and @jleyden.

September 15th 2018

New Brrr Dharma Ransomware Variant Released

A new variant of the Dharma Ransomware was released this week that appends the .brrr extension to encrypted files. This variant was first discovered by Jakub Kroustek who tweeted a link to the sample on VirusTotal.

September 16th 2018

Ransomware attack blacks out screens at Bristol Airport

Flight information screens were blacked out over the weekend at the Bristol Airport in the UK. Airport officials blamed the incident on a ransomware infection that affected the computers running the airport's in-house TV screens displaying arrival and departure flight information.

September 17th 2018

New IT.Books ransomware

MalwareHunterTeam discovered a new HiddenTear variant called IT.Books Ransomware that looks like Jigsaw. Drops a ransom note named READ__IT.txt and extension of .f*cked.  See the tweet for the uncensored extension.

IT.Books Ransomware

New Everbe 2.0 variant

Michael Gillespie found a new variant of the Everbe 2.0 Ransomware that appends the ".[].NOT_OPEN" and drops a ransom note named "!_HOW_RECOVERY_FILES_!.txt". 

New Matrix ransomware variants

Michael Gillespie found a new variant of the Matrix Ransomware that renames files to "[che808@protonmail.com].-.CHE808". Michael also found another variant that renames files to "[KOK08@QQ.COM].-.CHE08".

September 18th 2018

Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows

What may very well be considered a cybercriminal's dream tool is now real and it is hunting Windows and Linux servers: a botnet with self-spreading capabilities that combines cryptomining and ransomware functions.

Database with 11 Million Email Records Exposed

A huge customer database containing 11 million records that include personal details, has been discovered on Monday sitting online, unprotected.

No personal info lost in ransomware attack, says VON Canada

CBC reported that "VON Canada is assuring clients and staff that their information is safe after the nursing organization was the target of a ransomware incident earlier this month."

September 19th 2018

Allscripts files a Motion to Dismiss for the ransomware related lawsuit

Allscripts was sued by customers for an outage caused by the SamSam ransomware. They have not filed a Motion to Dismiss to get the lawsuit thrown out.

Possible new Dcrtr Ransomware variant spotted

Michael Gillespie noticed a possible new Dcrtr variant that appends the .[].parrot extension and drops a ransom note named ReadMe_Decryptor.txt.

New Scarab variant

Amigo-A found a new variant of the Scarab Ransomware that appends the .skype extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

September 21st 2018

Romanian Woman Admits Involvement in Hacking Attack On Washington Police Computers

A Romanian woman admitted on Thursday her participation in a ransomware distribution scheme that ended up disabling computers used by the Washington D.C. police for surveillance.

Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week

This week Jakub Kroustek found three new Dharma Ransomware variants that append either the .Gamma, .Bkp, & .Monro extensions to encrypted files.

Dharma Ransom Note

NSA Codebreaker Challenge Started

The NSA CodeBreaker Challenge started today and this year has a theme revolving around ransomware.

NSA CodeBreaker Challenge

Scottish brewery recovers from ransomware attack

In an article by John Leyden for TheRegister:

Staff at Arran Brewery were locked out of its computer systems this week following a ransomware attack.

The attack against the Isle of Arran-based Scottish beer maker appears to have been a targeted strike. Prior to the infection, adverts for an already filled finance post at the brewery were placed on recruitment sites worldwide. This, in turn, resulted in an influx of CVs.

That's it for this week! Hope everyone has a nice weekend!

Related Articles:

The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More

The Week in Ransomware - November 30th 2018 - Indictments, Sanctions, & More

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

Company Pretends to Decrypt Ransomware But Just Pays Ransom

The Week in Ransomware - November 23rd 2018 - STOP, Dharma, and More