A newÂ variant of the CryptomixÂ RansomwareÂ has been discovered that appends the .BACKUPÂ extension to encrypted files, changes the contact email, and provides a different ransom note message.
This week we saw the release of new decrypters for Magniber, LockCrypt, and WhiteRose. The other big news is that addition of ransomware detection and file restore in Office 365. Otherwise, it has mostly been small variants that were released this week.
It was mostly small variants released this week. We did have a new CryptomixÂ variant released, a wiper called UselessDiskÂ disguised as a ransomware, and a strange report that Boeing had been infected with WannaCry. Overall, though, it has been a slow week.
Today MalwareHunterTeam discovered a newÂ variant of the CryptomixÂ RansomwareÂ that appends the .MOLE66Â extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new variants a few times a month, but this time it has been almost 2 months since the previous variant.
Michael GillespieÂ discovered a new Cryptomix variant uploaded to ID-Ransomware this week. Today, I was able to find a sample so we can see what has changed. For the most part, it is the same as previous variants except it now appends the .SERVERÂ extension to encrypted files and changes the contact emails used by the ransomware.Â
Looks like even ransomware developers take time off for the holidays as there was not much activity over the past couple of weeks.Â We have seen mostly new variants being release, with the biggest being CryptoMix. Otherwise, just a few small in development ransomwares being released.
This week was mostly about in-dev ransomwareÂ or new variants of older ransomware being released. The biggest news was the File Spider RansomwareÂ campaign that was targeting countries in the Balkans. The other big news is the entire California voters database being leaked on the Internet and held for ransom.
It has been a busy ransomware week with lots of small and some bigger variants released. This week we had a new CryptoMix, a new BTCWare, and a few new malspamÂ campaigns for GlobeImposter and Sigma. Even better, we had a few new and updated decryptorsÂ released so that people can recover their files for free.
A new variant of the CryptoMixÂ ransomware was discovered today that appends the .TESTÂ extension to encrypted files and changes the contact emails used by the ransomware.Â This article will provide information what changes were made in this new version.
This week was for the most part only small variants released. Of particular interest is the release of two CryptoMixÂ variants and a in-development ransomware that is specifically targeting the J.Sterling Morton high school students through a fake student survey.
A new CryptoMix Ransomware variant was discovered that appends the .0000Â extension to encrypted files and changes the contact emails used by the ransomware.Â This article will provide a brief description on the changes in this variant.
Like usual, this week has been dominated mostly by small variants that most likely will never make it into distribute. We did, though, see a new CryptoMix and Locky variant released, that are actively distributed. The biggest news was the discovery of a new Android ransomware called DoubleLocker.
A new variant of the CryptoMixÂ ransomware that is appending the .x1881Â extension to encrypted file names. It's has been about three weeks since a new CryptoMix variant was released, which is quite long for this family of ransomware.
Today, I discovered a new variant of the CryptoMixÂ ransomware that is appending the .SHARKÂ extension to encrypted file names. This family of ransomwareÂ usually releases a new version almost every week, if not sooner, so it is a bit surprising to see them take almost three weeks to release this variant.
This week has seen a big push by Locky using numerous distribution campaigns to try and claim a spot with the big boys. Other than the normal releases of small ransomware creations, we also saw the RIG exploit kit pushing the Princess Ransomware.