A new variant of what appears to be BTCWare ransomware is currently targeting victims and appending the .[email]-id-id.payday extension to encrypted files. This family of ransomware targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
Since I started writing these weekly ransomware articles back in May 2016, this is the first time that we had an article with only six stories in it! I am hoping that this means people are getting bored of ransomware and things will calm down, but I am also worried that this may be just a lull in the storm.
The big news this week is a new variant of the Locky ransomware and its distributors continuing to use massive spam campaigns to distribute it. In other news, we had some small variants that will never make it into distribution or are jokes, but have an interesting "twist" to them.
A new variant of the BTCWare ransomware was discovered by ID-Ransomware's Michael Gillespie that appends the .[email]-id-[id].wyvern extension to encrypted files. The BTCWare family of ransomware is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services.
A new variant of the BTCWare ransomware was discovered that appends the .[affiliate_email].nuclear extension to encrypted files. The BTCWare family of ransomware is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services.
This week has been dominated by GlobeImposter releases that do not seem to stop. We also have a few CryptoMix variants and smaller ransomware variants. Otherwise, no big news released this week, which is always a good thing.
A new version of the Gryphon Ransomware, a BTCWare variant, has been released that appends the .crypton extension. This article provides information on the differences found in this variant compared to previous versions.
The "Blank Slate" malspam campaign has switched to distributing a GlobeImposter variant that appends the .crypt extension to encrypted files. This downloaded executable is also code signed to make it appear more legitimate.
Been a great week for victims, with decryptors coming out for BTCWare, Cryptomix, Executioner, and the release of the original Petya key. Otherwise, it has been a lot of NotPetya news and numerous smaller variants being released.
Security researcher Michael Gillespie has released a new version of the BTCWare ransomware decrypter after the author of the eponymous ransomware has leaked the private key for his latest version.
From new ransomware and WannaCry imitations to decryption keys being released, ransomware developers continue to keep us busy.. This article will keep you up-to-date on the latest news and developments in ransomware.
Users that have had their files encrypted via the BTCWare ransomware can recover their files for free after a user released the BTCWare master decryption key today on the Bleeping Computer forums.
Wow! What a brutal week. This week we have 37 ransomware stories, with 10 of them being on May 1st alone. Most of the new ransomware releases continue to be real crap, but together they add up to a wave of garbage that can do some serious harm.