Ransomware is definitely slowing down with most big attacks being targeted over RDP. With that said, we do see a steady stream of smaller ransomware infections that continue to be created, even if they never have much impact at all.
GandCrab version 3 was released earlier this week with a few noticeable changes. The most noticeable change is the addition of a desktop background and an autorun that causes the ransomware to start automatically when you reboot the computer.
This was an interesting week for ransomware with various government servers being infected with VevoLocker, a new ransomware attack again HP iLO remote management interfaces, and the KCW Ransomware targeting web sites in Pakistan.
This week was mostly small variants released, but we did have some interesting news. First we had a Microsoft engineer facing federal charges for involvement in the Reveton Ransomware, a decryptor released for Vortex, the Magnitude exploit kit is now pushing GandCrab, and a ransomware is trying to make money off of Syrian refugees.
A script compile error has temporarily stopped the infection chain of a malspam campaign trying to infect users with the GandCrab ransomware.
It has been a pretty slow ransomware week as most of the malware developers have started pushing cryptominers. We did see the continued distribution of the GnuPG based Qwerty Ransomware and a new variant of the GandCrab ransomware that makes it secure again.
GandCrab version 2 was released, which contains changes that supposedly make it more secure & allow us to differentiate it from the original version. In this article we will provide a quick overview as to what has changed & how you can identify that you are are infected with the new GandCrab version.
This week's article combines the previous week's stories as well. Lots of small in-dev ransomware over the last two weeks, but also a few RaaS (Ransomware as a Service) implementations were released and decryptor for GandCrab was released.
Bitdefender has released a free decrypter that helps victims of GandCrab ransomware infections recover files without paying the ransom.
The authors of the newly-discovered Saturn ransomware are allowing anyone to become a ransomware distributor for free via a newly launched Ransomware-as-a-Service (RaaS) affiliate program.
Lots of small variants released this week, but surprisingly most are actually active and being distributed. The big stories are new distribution methods for GandCrab, decryptors for Cryakl variants and MoneroPay, and a new ransomware called Black Ruby.
A new malspam campaign is underway that is pretending to be PDF receipts, but instead installs the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.
This has been an interesting week in ransomware news. We had the GandCrab ransomware being released and distributed by exploit kits, TOR gateways stealing ransom payments from ransomware devs, and a bunch of towns getting hit with ransomware.
A new ransomware called GandCrab was released towards the end of last week that is currently being distributed via exploit kits. GandCrab has some interesting features not seen before in a ransomware, such as being the first to accept the DASH currency and the first to utilize the Namecoin powered .BIT tld.