Lots of news this week when it comes to ransomware. We have a Star Trek themed ransomware, new decryptors, lots of new crap ransomware, people modifying Petya for their own ends, and a new CryptoMix variant called Revenge. If your interested in ransomware, this week has a lot of news.
A heavily modified, but "unauthorized" version of the Petya ransomware has been seen by Kaspersky researchers used in targeted attacks on a small number of organizations.
A bunch of small ransomware variants were released, but we did have a new release of the Locky Osiris variant and the interesting Popcorn Time. To me the most interesting story is Popcorn Time as they offer victims the ability to get a free decryption key if they can get two other people infected and have them pay the ransom.
The author of the Petya-Mischa ransomware combo has returned with a new version that uses the name GoldenEye Ransomware, continuing the malware's James Bond theme.
Being infected with Ransomware is scary enough, but there are certain ones that my kids and others helped me pick out that they think are downright creepy. So a little Halloween treat, I have put this article together to showcase what I, and others consider, the creepiest ransomware infections.
Cisco Talos has released a Windows disk filter driver called MBRFilter that listens for programs trying to modify the Master Boot Record and blocks them. This effectively blocks these types of ransomware from being installed and encrypting the MBR.
This week we have leaked keys, analysis of a new family, 1 new ransomware variants, 3 new ransomware infections, and 1 new ransomware decryptor. It was a big week for the Petya and Mischa devs as they opened their Ransomware as a Service to the public and leaked 3,500 decryption keys for the Chimera Ransomware.
Today, the Petya and Mischa Ransomware devs have made their Ransomware as a Service, or RaaS, open to the public. For the past few months, the Petya & Mischa RaaS has been been in testing with a limited amount of supposed high volume distributors. As of today, any would-be criminal can signup and become an official distributor.
The devs behind the Mischa and Petya ransomware have leaked approximately 3500 RSA decryption keys for the Chimera Ransomware. These keys are in hex format, but can be converted back to their normal format and used within a decryptor by a security company or professional.
This week we have 3 new ransomware variants, 2 new ransomware infections, and 4 new ransomware decryptors. Stampado finally popped its head out of its hole, but was quickly squashed and a slew of new decryptors were released. Overall, a good week for the good guys.
A new version of the Petya disc-encrypting ransomware has been released that fixes a bug in its encryption algorithm. This bug used to be exploited, but with the implementation fixed, it may prevent these weakness from being exploited.
The developers behind the Petya and Mischa Ransomware infections have also released a Ransomware as a Service portal. This service allows malware distributors to earn a revenue share by distributing the Petya ransomware installers.