From new ransomware and WannaCry imitations to decryption keys being released, ransomware developers continue to keep us busy.. This article will keep you up-to-date on the latest news and developments in ransomware.
This morning a newly registered member posted the master decryption keys for the Wallet Ransomware in the BleepingComputer.com forums. Once these keys were determined to be valid, Avast updated their decryptor to support the .Wallet extension. Victims can now use this decryptor to decrypt their files for free.
What a crazy end of the week we had with the WanaCrypt0r RansomApocaGeddonWare! This ransomware literally took the entire world by storm by utilizing the NSA EternalBlue SMBv1 exploit to install ransomware on many high profile victims. While that was definitely the big news, the good news is we also saw a some decryptors released.
Wow! What a brutal week. This week we have 37 ransomware stories, with 10 of them being on May 1st alone. Most of the new ransomware releases continue to be real crap, but together they add up to a wave of garbage that can do some serious harm.
After last week, its a pleasure to have a slow week in ransomware. Nothing really big released this week other than Emsisoft releasing an updated Cry9 decryptor and the new CryptoMix variant called Mole. Otherwise, this week has been full of a lot of in development ransomware or smaller variants.
The big news this week was the POC for a UEFI Ransomware presented at BlackHat Asia, Matrix Ransomware being distributed by RIG and having worm characteristics, and the joke ransomware called RensenWare that required a victim to get a very high score in a game to get a decryption key.
Lots of news this week when it comes to ransomware. We have a Star Trek themed ransomware, new decryptors, lots of new crap ransomware, people modifying Petya for their own ends, and a new CryptoMix variant called Revenge. If your interested in ransomware, this week has a lot of news.
Another week and a lot more crappy ransomware released. Of particular interest is that Cerber no longer encrypts filenames, Emsisoft released a CryptON decryptor, and lots of really good technical writeups about ransomware.
Yesterday, Emsisoft's CTO and malware researcher Fabian Wosar released a decryptor for the CryptON Ransomware. This ransomware has been around since the end of February and has had a few variants released. It was named CryptON based on a string found within the executable.
Typical week in ransomware with a lot of small little variants released and resurgence of activity from Crypt0L0cker. The biggest news this week is that someone posted the master decryption keys for the Dharma Ransomware in the BleepingComputer.com forums, which were used to create working decryptors.
Kaspersky has tested a set of Dharma master decryption keys posted to BleepingComputer and has confirmed they are legitimate. These keys have been included in their RakhniDecryptor, which I have tested against a Dharma infection. The decryptor worked flawlessly!
Lots of small little ransomware infections released this week that will most likely never make it into major circulation. The stories of interest this week are the Avast decryptor for offline CryptoMix infections, Trump Locker, and a new macOS ransomware called Packer.