While the week was dominated by small little ransomware creations, we did have some interesting news. First, we have had a resurgence of Locky variants, then a constant stream of GlobeImposter variants variants, and finally the SynCrypt ransomware that utilizes an interesting distribution method.
Today a new Locky Ransomware variant was discovered that switches to the .lukitus extension for encrypted files. It is not currently known how this variant is being distributed, but as the ransomware is being downloaded from a remote site it is most likely malspam.
A large malspam campaign is underway that is pushing a new Locky variant that appends the .diablo6 extension to encrypted files. Is this the return of Locky or just a brief resurgence?
What a crazy week. The biggest news is that we had a hosting company who actually paid a 1 million dollar (think Dr. Evil) ransomware payment. We then had the return of Locky, which at one point was the preminent ransomware being distributed. Will have to see if it can become king of the hill again.
The Locky ransomware is back, spreading via a massive wave of spam emails distributed by the Necurs botnet, but the campaign appears to be a half-baked effort because the ransomware is not able to encrypt files on modern Windows OS versions, locking files only on older Windows XP & Vista machines.
What a crazy end of the week we had with the WanaCrypt0r RansomApocaGeddonWare! This ransomware literally took the entire world by storm by utilizing the NSA EternalBlue SMBv1 exploit to install ransomware on many high profile victims. While that was definitely the big news, the good news is we also saw a some decryptors released.
A new ransomware was discovered today called Jaff ransomware. This ransomware will encrypt your files and append the .jaff extension to encrypted files. It also joins the ranks of other ransomware that steal payment site templates from Locky.
It was quite a slow week in the beginning with most of the news being for the most part about small ransomware variants. It finished with a bang, though, with the reappearance of Locky riding on a strong wave of SPAM emails. As you can imagine, there were quite a few articles about Locky today.
After almost an almost non-existent presence in 2017 and a few weeks off, Locky is back with a fresh wave of SPAM emails containing malicious docs. While it is not known what caused Locky's hiatus, if they plan on pushing the ransomware like they previously did, then we all need to pay close attention.
Lots and lots of little crappy ransomware released this week with nothing new or innovative. We do have some interesting Spora stats, a story on the decline of Locky, and of course an updated decryptor by Fabian Wosar who continues to kick ransomware in the buttocks. Other than that, not really any of significance.
Over the past six months, the number of Locky ransomware infections has gone down and is expected to reach an all-time low this month, in March.
Typical week in ransomware with a lot of small little variants released and resurgence of activity from Crypt0L0cker. The biggest news this week is that someone posted the master decryption keys for the Dharma Ransomware in the BleepingComputer.com forums, which were used to create working decryptors.