Mostly small silly variants released this week, but we did have a few interesting stories. The bigger stories include a new variant from Crysis released, a wiper disguised as a ransomware targeting companies in Germany, and hackers using RDP to install the LockCrypt ransomware.
A new variant of the Crysis ransomware has been discovered that appends the cobra extension to encrypted files. While this ransomware cannot be decrypted for free, this article will take a look at the infection and provide possible methods to try to restore files.
Not a lot out this week other than some new variants of CryptoMix, Crysis, and someone paying homage to security researcher Karsten Hahn. Of particular interest is an Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons.
A new variant of the Crysis Ransomware was released yesterdary that appends the .arena extension to encrypted files. This article will provide a brief description of the ransomware and how to protect your computer from ransomware.
From new ransomware and WannaCry imitations to decryption keys being released, ransomware developers continue to keep us busy.. This article will keep you up-to-date on the latest news and developments in ransomware.
This morning a newly registered member posted the master decryption keys for the Wallet Ransomware in the BleepingComputer.com forums. Once these keys were determined to be valid, Avast updated their decryptor to support the .Wallet extension. Victims can now use this decryptor to decrypt their files for free.
A new variant of the CryptoMix ransomware was discovered that appends the email addresses email@example.com & firstname.lastname@example.org along with the .Wallet extension. This makes it the third ransomware using .wallet, with the first being Dharma and then Sanctions. Unfortunately, the reuse of an extension is only going to confuse victims.
Typical week in ransomware with a lot of small little variants released and resurgence of activity from Crypt0L0cker. The biggest news this week is that someone posted the master decryption keys for the Dharma Ransomware in the BleepingComputer.com forums, which were used to create working decryptors.
Since September 2016, a criminal group has been using different versions of the Crysis ransomware to infect enterprise networks where they previously gained access to by brute-forcing workstations with open RDP ports.
Lots of small ransomware infections / screenlockers this week, but no major infections were discovered. Thankfully, security researchers were able to create a bunch of decryptors and make them available for victim's to recover their files. Of particular note was the San Francisco MTA getting hit hard by the HDDCryptor ransomware.
Very busy ransomware week. We have two new ransomware infections being pushed out by exploit kits, some decryptors, and lots of small variants being released. The big news is the release of the master decryption keys for the CrySiS ransomware and Kaspersky's Rakhnidecryptor being updated to use them.
The master decryption keys for the CrySiS Ransomware have been released this morning in a post on the BleepingComputer.com forums. At approximately 1 AM EST, a member named crss7777 created a post in the CrySiS support topic at BleepingComputer with a Pastebin link to a file containing the master decryption keys and how to use them.
Lots of ransomware news this week with 3 new infections, 7 new Jigsaw ransomware variants, 3 new decryptors, a new variant to Nemucod, and an interesting article about the Crysis ransomware. I would like to thank everyone who monitors and analyzes new ransomware infections in Twitter and through other sources.