What a crazy end of the week we had with the WanaCrypt0r RansomApocaGeddonWare! This ransomware literally took the entire world by storm by utilizing the NSA EternalBlue SMBv1 exploit to install ransomware on many high profile victims. While that was definitely the big news, the good news is we also saw a some decryptors released.
A portal hidden on the Dark Web is responsible for the small deluge of PadCrypt ransomware versions that have been spotted almost on a monthly basis in the past year.
It is another week and more ransomware to alert everyone about. The biggest news this week is the release of Serpent Ransomware, which is a new version of the Wildfire Ransomware and the continuing rise of Spora as a major player in the ransomware threat landscape.
Lots of small little ransomware updates with no big news from any major Ransomware distributions. The biggest stories this week is the 450k earned by the Samas group, Cerber being distributed as credit card payment notifications, and more associated partners to No More Ransom.
This was a slow ransomware week in the beginning, but picked up steam towards the end. This week we had 1 new decryptor, 4 new ransomware infections, a new variant of CrytpXXX, and the reemergence of PadCrypt.
A new version of PadCrypt has been released that includes an updated live support chat, blacklisted computer names, and a new decrypter. This ransomware is actively being supported, updated, and evolving and is one that we need to keep an eye on.
The PadCrypt ransomware is still alive and being actively distributed by the developer. A new sample of the PadCrypt ransomware has been discovered that utilizes a functional Command & Control server that is encrypting victims and being used to sent chat messages to the victims.
A new ransomware called PadCrypt was discovered that for the first time comes with a live support chat and an uninstaller. Though the command and control servers are currently down, and thus the ransomware is broken, these new features add a new level functionality to existing ransomware.