The Locky ransomware is back, spreading via a massive wave of spam emails distributed by the Necurs botnet, but the campaign appears to be a half-baked effort because the ransomware is not able to encrypt files on modern Windows OS versions, locking files only on older Windows XP & Vista machines.
What a crazy end of the week we had with the WanaCrypt0r RansomApocaGeddonWare! This ransomware literally took the entire world by storm by utilizing the NSA EternalBlue SMBv1 exploit to install ransomware on many high profile victims. While that was definitely the big news, the good news is we also saw a some decryptors released.
A new ransomware was discovered today called Jaff ransomware. This ransomware will encrypt your files and append the .jaff extension to encrypted files. It also joins the ranks of other ransomware that steal payment site templates from Locky.
It was quite a slow week in the beginning with most of the news being for the most part about small ransomware variants. It finished with a bang, though, with the reappearance of Locky riding on a strong wave of SPAM emails. As you can imagine, there were quite a few articles about Locky today.
After almost an almost non-existent presence in 2017 and a few weeks off, Locky is back with a fresh wave of SPAM emails containing malicious docs. While it is not known what caused Locky's hiatus, if they plan on pushing the ransomware like they previously did, then we all need to pay close attention.
Lots and lots of little crappy ransomware released this week with nothing new or innovative. We do have some interesting Spora stats, a story on the decline of Locky, and of course an updated decryptor by Fabian Wosar who continues to kick ransomware in the buttocks. Other than that, not really any of significance.
Over the past six months, the number of Locky ransomware infections has gone down and is expected to reach an all-time low this month, in March.
Typical week in ransomware with a lot of small little variants released and resurgence of activity from Crypt0L0cker. The biggest news this week is that someone posted the master decryption keys for the Dharma Ransomware in the BleepingComputer.com forums, which were used to create working decryptors.
Police in Cockrell Hill, Texas admitted yesterday in a press release that they lost years worth of evidence after the department's server was infected with ransomware.
The Sage 2.0 Ransomware, which is an updated variant of CryLocker, has been discovered being distributed by one of the same actors who is distributing Locky, Cerber, and Spora. Due to this there is a good chance of wider distribution of this ransomware. This guide provides information on Sage 2.0 and what to expect from it.
This week we continue to see more ransomware being released as well as changes in the distribution of the larger ransomware infections. For example, Locky has had a very low distribution lately since the holidays, but according to the Cisco Talos Group, it is starting to pick up again.
For more than four weeks, the only source of Locky ransomware infections has been through spam campaigns that distributed the Kovter click-fraud malware, as the primary source of Locky infections, the Necurs botnet, has been offline for the Christmas and New Year holidays.