The big news this week was the POC for a UEFI Ransomware presented at BlackHat Asia, Matrix Ransomware being distributed by RIG and having worm characteristics, and the joke ransomware called RensenWare that required a victim to get a very high score in a game to get a decryption key.
Lots and lots of little crappy ransomware released this week with nothing new or innovative. We do have some interesting Spora stats, a story on the decline of Locky, and of course an updated decryptor by Fabian Wosar who continues to kick ransomware in the buttocks. Other than that, not really any of significance.
Ransomware, ransomware, ransomware. It never seems to end. This week we see lots of little ransomware infections being developer or distributed. The good news is that we also have seen quite a few decryptors released to help those who were infected.
2017 is here and ransomware continues to pump out at a rapid pace. We have a lot of little variants popping up this week, with a special emphasis on malware devs adopting the FSociety brand name. We also have some new decryptors, a Christmas related ransomware, and plenty of small ransomware infections.
Lots of small little ransomware updates with no big news from any major Ransomware distributions. The biggest stories this week is the 450k earned by the Samas group, Cerber being distributed as credit card payment notifications, and more associated partners to No More Ransom.
A bunch of small ransomware variants were released, but we did have a new release of the Locky Osiris variant and the interesting Popcorn Time. To me the most interesting story is Popcorn Time as they offer victims the ability to get a free decryption key if they can get two other people infected and have them pay the ransom.
Lots of ransomware stories this week. We have two new decryptors, quite a few new ransomware infections, PadCrypt being hidden inside a fake credit card generator, and a few new variants. The biggest news is two new variants of the Locky ransomware that append the .zzzzz and .aesir extensions for encrypted files.
The Domino Ransomware is a new infection discovered by Daniel Gallagher and Michael Gillespie that is based off of the Hidden Tear open-source ransomware project. This ransomware is distributed as a KMSpico installer, encrypts your files with the .Domino extension, and contains a ransom note with a cow in it.
This was a big week for ransomware news primarily because the Necurs Botnet returned with a new campaign for the Locky ransomware. This week we also have 5 new ransomware infections, a change in the CryptXXX extension, and to end on a good note, a couple of decryptors.
In a post on the BleepingComputer.com forums, the developer of the Magic Ransomware infection is blackmailing the author of the open source Hidden Tear and EDA2 Ransomware Project. The malware developer's demands are simple; take down the Hidden Tear project or their Magic ransomware's victims lose their keys forever.