This week was mostly about small ransomwareÂ variants being released, but we did have some big stories. First, we have HC7, which is targeting entire networks through hacked remote desktop services, then we had StorageCrypt being installed on NAS devices, and finally the county computers ofÂ Mecklenburg County were hit by LockCrypt.
It has been a busy ransomware week with lots of small and some bigger variants released. This week we had a new CryptoMix, a new BTCWare, and a few new malspamÂ campaigns for GlobeImposter and Sigma. Even better, we had a few new and updated decryptorsÂ released so that people can recover their files for free.
A new variant of the BTCWareÂ ransomwareÂ was discovered by Michael Gillespie, that appends the .[email]-id-id.shadowÂ extension to encrypted files.Â The BTCWareÂ family of ransomware infections targets its victims byÂ hacking into poorly protected remote desktop services and manually installing the ransomware.
A new variant of what appears to beÂ BTCWareÂ ransomwareÂ is currently targeting victims and appending theÂ .[email]-id-id.paydayÂ extension to encrypted files.Â This family of ransomware targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
Since I started writing these weekly ransomware articles back in May 2016, this is the first time that we had an article with only sixÂ stories in it! Â I am hoping that this means people are getting bored of ransomware and things will calm down, but I am also worried that this may be just a lull in the storm.
The big news this week is a new variant of the Locky ransomwareÂ and its distributors continuing to use massive spam campaigns to distribute it. In other news, we had some small variants that will never make it into distribution or are jokes, but have an interesting "twist" to them.
A new variant of the BTCWareÂ ransomwareÂ was discovered by ID-Ransomware's Michael GillespieÂ that appends the .[email]-id-[id].wyvernÂ extension to encrypted files.Â The BTCWareÂ family of ransomwareÂ is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services.
A new variant of the BTCWareÂ ransomwareÂ was discovered that appends the .[affiliate_email].nuclear extension to encrypted files.Â The BTCWareÂ family of ransomwareÂ is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services.
This week has been dominated by GlobeImposter releases that do not seem to stop. We also have a few CryptoMix variants and smaller ransomware variants. Otherwise, no big news released this week, which is always a good thing.
A new version of the Gryphon Ransomware, a BTCWare variant, has been released that appends the .crypton extension. This article provides information on the differences found in this variant compared to previous versions.
The "Blank Slate" malspam campaign has switched to distributing a GlobeImposter variant that appends the .crypt extension to encrypted files. This downloaded executable is also code signed to make it appear more legitimate.
Been a great week for victims, with decryptorsÂ coming out for BTCWare, Cryptomix, Executioner, and the release of the original PetyaÂ key. Otherwise, it has been a lot of NotPetya news and numerous smaller variants being released.
Security researcher Michael Gillespie has released a new version of the BTCWare ransomware decrypter after the author of the eponymous ransomware has leaked the private key for his latest version.
From new ransomware and WannaCry imitations to decryption keys being released, ransomware developers continue to keep us busy.. This article will keep you up-to-date on the latest news and developments in ransomware.
Users that have had their files encrypted via the BTCWare ransomware can recover their files for free after a user released the BTCWare master decryption key today on the Bleeping Computer forums.
Wow! What a brutal week. This week we have 37Â ransomware stories, with 10Â of them being on May 1st alone. Most of the new ransomware releases continue to be real crap, but together they add up to a wave of garbage that can do some serious harm.