This has been an interesting week in ransomware news. We had the GandCrab ransomware being released and distributed by exploit kits, TOR gateways stealing ransom payments from ransomware devs, and a bunch of towns getting hit with ransomware.
While we are continuing to see less ransomware developed and more attackers focusing on a few large-impact strains, Ransomware is unfortunately not dead. This was particularly apparent this week with plenty of news to go around.
Another week when only small variants were released. Hopefully this downward trend is a slowdown in ransomware distribution. This biggest news was that the HC7 ransomware accepted Ethereum as a ransom payment. This is the first time this digital currency has been used with ransomware.
The holidays are upon us and that means even ransomware developers are taking some time off. This showed this week with very few ransomware infections being released and for the most part we have only seen new variants of existing infections.
This week was mostly about in-dev ransomware or new variants of older ransomware being released. The biggest news was the File Spider Ransomware campaign that was targeting countries in the Balkans. The other big news is the entire California voters database being leaked on the Internet and held for ransom.
This week was mostly about small ransomware variants being released, but we did have some big stories. First, we have HC7, which is targeting entire networks through hacked remote desktop services, then we had StorageCrypt being installed on NAS devices, and finally the county computers of Mecklenburg County were hit by LockCrypt.
Not much to report this week other than Necurs starting to push the Scarab Ransomware and a new office document infecting ransomware called qkG. Otherwise, it has been a week of small variants that are in various stages of development.
This week was for the most part only small variants released. Of particular interest is the release of two CryptoMix variants and a in-development ransomware that is specifically targeting the J.Sterling Morton high school students through a fake student survey.
Mostly small silly variants released this week, but we did have a few interesting stories. The bigger stories include a new variant from Crysis released, a wiper disguised as a ransomware targeting companies in Germany, and hackers using RDP to install the LockCrypt ransomware.
Mostly small variants released this week, but we did have a new ransomware called GIBON that is interesting, and even better, decryptable. The other interesting news is about the ONI ransomware that appears to have be used as a smokescreen or wiper for an extended attack against Japanese companies.
Lots of ransomware in the news this week. Of course the biggest story was the Bad Rabbit outbreak that targeted numerous countries, but mostly Russia and the Ukraine. We also had the Tyrant Ransomware, which was targeting Iranian companies.
This week we had our fair share of smaller variants being distributed or created, but the big news was by far the release of Magniber and the use of the Hermes ransomware as a cover to steal money from a Taiwan bank. With the release of Magniber we also see the downward spiral of Cerber,.
Not much to report this week as we did not have a lot of releases of new variants or updated existing variants. The biggest news was the discovery of the RedBoot bootlocker ransomware and Locky continuing its mass spam campaigns.
The big news this week is a new variant of the Locky ransomware and its distributors continuing to use massive spam campaigns to distribute it. In other news, we had some small variants that will never make it into distribution or are jokes, but have an interesting "twist" to them.
It has been another week of mostly small little in-dev ransomware that will never make it to distribution. In other news, Locky continues to send out large spam campaigns as it tries to become a major player again. Otherwise, not much to report, which we are always happy about.
We have good news for once, which is a really slow week when it comes to ransomware. While we still had our share of smaller ransomware variants being release, overall there was not a lot of activity. The biggest activity is the continued by Locky distributors to become more widespread through the use of a variety of SPAM campaigns.
This week has seen a big push by Locky using numerous distribution campaigns to try and claim a spot with the big boys. Other than the normal releases of small ransomware creations, we also saw the RIG exploit kit pushing the Princess Ransomware.
This week has been dominated by GlobeImposter releases that do not seem to stop. We also have a few CryptoMix variants and smaller ransomware variants. Otherwise, no big news released this week, which is always a good thing.
This week has mostly been about small variants being released, GlobeImposters all over the place, and some new CryptoMix variants. Of particular interest is a self-healing file system called ShieldFS that shows great promise in ransomware protection and some research from Google about how ransomware devs cash out their payments.
Really slow week, which is great. We did have some decryptors and updated decryptors released this week, which is always great. Of particular concern is the increase releasing of new CryptoMix variants. Thankfully, these variants do not seem to be netting to many victims at this time..