The big news this week was the POC for a UEFI Ransomware presented at BlackHat Asia, Matrix Ransomware being distributed by RIG and having worm characteristics, and the joke ransomware called RensenWare that required a victim to get a very high score in a game to get a decryption key.
An Indian developer is playing around with an open source ransomware builder, which in the long run may end up causing serious problems for innocent users.
2017 is here and ransomware continues to pump out at a rapid pace. We have a lot of little variants popping up this week, with a special emphasis on malware devs adopting the FSociety brand name. We also have some new decryptors, a Christmas related ransomware, and plenty of small ransomware infections.
A new ransomware called Fantom was discovered by AVG malware researcher Jakub Kroustek that is based on the open-source EDA2 ransomware project. The Fantom Ransomware uses an interesting feature of displaying a fake Windows Update screen that pretends Windows is installing a new critical update while its encrypting files.
Today Michael Gillespie discovered a new EDA2 variant that I have dubbed the FSociety Ransomware based on the image used on the infection's wallpaper. Fans of Mr. Robot, will instantly recognize the image as the logo of the show's infamous hacking group called FSociety.
This week we have 1 new ransomware variants, 3 new ransomware infections, and 1 new distribution campaign. The big news is that the Cerber Ransomware released a new version with some significant updates.
A new EDA2 ransomware was discovered called Ded Cryptor. This ransomware has been around for quite a while and targets both Russian and English speaking victims. When installed, the victims desktop will be changed to show an evil looking Santa having a good time while it encrypts your files.
A new ransomware was released yesterday that was based off of the open-source EDA2 ransomware. This ransomware encrypt files using AES encryption, appends the Locked extension, and then demand .5 bitcoins to get tin the decryption key. What makes this story different is how this ransomware developer is such a pompous ass.
In a post on the BleepingComputer.com forums, the developer of the Magic Ransomware infection is blackmailing the author of the open source Hidden Tear and EDA2 Ransomware Project. The malware developer's demands are simple; take down the Hidden Tear project or their Magic ransomware's victims lose their keys forever.
A new ransomware has been discovered that utilizes the open source ransomware kit called eda2. This ransomware will encrypt your data with AES encryption, append the .magic extension to encrypted files, and then demand 1 bitcoin to decrypt your data.