Like usual, this week has been dominated mostly by small variants that most likely will never make it into distribute. We did, though, see a new CryptoMix and Locky variant released, that are actively distributed. The biggest news was the discovery of a new Android ransomware called DoubleLocker.
A new variant of the CryptoMix ransomware that is appending the .x1881 extension to encrypted file names. It's has been about three weeks since a new CryptoMix variant was released, which is quite long for this family of ransomware.
Today, I discovered a new variant of the CryptoMix ransomware that is appending the .SHARK extension to encrypted file names. This family of ransomware usually releases a new version almost every week, if not sooner, so it is a bit surprising to see them take almost three weeks to release this variant.
This week has seen a big push by Locky using numerous distribution campaigns to try and claim a spot with the big boys. Other than the normal releases of small ransomware creations, we also saw the RIG exploit kit pushing the Princess Ransomware.
A new variant of the CryptoMix ransomware has been released that appends the .empty extension to encrypted files. This article will provide information on what has changed and how to protect your computer from this ransomware.
Not a lot out this week other than some new variants of CryptoMix, Crysis, and someone paying homage to security researcher Karsten Hahn. Of particular interest is an Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons.
Today, MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses EMPTY, it is clear that the developers are running out of extensions to use.
This week has been dominated by GlobeImposter releases that do not seem to stop. We also have a few CryptoMix variants and smaller ransomware variants. Otherwise, no big news released this week, which is always a good thing.
This week has mostly been about small variants being released, GlobeImposters all over the place, and some new CryptoMix variants. Of particular interest is a self-healing file system called ShieldFS that shows great promise in ransomware protection and some research from Google about how ransomware devs cash out their payments.
Really slow week, which is great. We did have some decryptors and updated decryptors released this week, which is always great. Of particular concern is the increase releasing of new CryptoMix variants. Thankfully, these variants do not seem to be netting to many victims at this time..
CryptoMix is releasing new variants very quickly now and is reminiscent of how the Locky developers used to distribute Locky.
A new variant of the CryptoMix Ransomware was released today that uses the Azer extension for encrypted files. This variant also ups its game by including 10 different public RSA encryption keys, compared to the single one that was used in the previous version.
It is always great to be able to announce a free decryptor for victim's who have had their files encrypted by a ransomware. This is the case today, where a decryptor for the Mole02 cryptomix variant was released.
Wow! What a brutal week. This week we have 37 ransomware stories, with 10 of them being on May 1st alone. Most of the new ransomware releases continue to be real crap, but together they add up to a wave of garbage that can do some serious harm.
A new variant of the CryptoMix ransomware was discovered that appends the email addresses firstname.lastname@example.org & email@example.com along with the .Wallet extension. This makes it the third ransomware using .wallet, with the first being Dharma and then Sanctions. Unfortunately, the reuse of an extension is only going to confuse victims.
A new ransomware called Mole was found by security researcher Brad Duncan while he was analyzing a new SPAM campaign. After examining this sample, I feel that this is probably another variant of the CryptoMix family as it has many similarities to the Revenge and CryptoShield variants.
Lots of news this week when it comes to ransomware. We have a Star Trek themed ransomware, new decryptors, lots of new crap ransomware, people modifying Petya for their own ends, and a new CryptoMix variant called Revenge. If your interested in ransomware, this week has a lot of news.
A new CryptoMix variant called Revenge has been discovered by Broad Analysis that is being distributed via the RIG exploit kit. This variant contains many similarities to its predecessor CryptoShield, which is another CryptoMix variant, but includes some minor changes that are described below.