Lots of Scarab, Matrix, and Dharma variants this week as well as some good writeups on the GandCrab ransomware. Also of interest is ESET publishing of their report that ties NotPetya and Industroyer to the TeleBots Group.
Two new reports from eSentire and Proofpoint show that that as online threats remain an issue, user security leaves much to be desired. The mismatch between the danger of cyberthreats and lack of user readiness could leave individuals or businesses at risk of serious losses to data or property.
In Windows 10, Microsoft added a new ransomware protection feature called Controlled Folder Access that can be used to prevent modifications to files in protected folders by unknown programs. At DerbyCon last week, a security researcher has explained a new method that a ransomware can use DLL injection to bypass the Controlled Folder
Very very quiet week this. Not much new ransomware to report and only released of well known variants like Matrix, Unlock92, and Dharma ransomware infections. The biggest news was the shut down of numerous restaurants that are part of the Recipe Unlimited group and the Kraken Cryptor ransomware being distributed by the Fallout EK.
The Fallout Exploit has been distributing the GandCrab Ransomware for the past few weeks, but has now switched its payload to the Kraken Cryptor Ransomware.
During this week, we did not see a large amount of smaller variants released compared to what we have historically seen. This is because ransomware has moved towards large network-wide breaches by variants such SamSam, BitPaymer, and Dharma over publicly exposed remote desktop services.
The Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the FBI, have issued a security alert regarding attacks being conducted through the Windows Remote Desktop Protocol. This article will provide more information about these attacks and how to protect yourself.
On September 25th, the Port of San Diego announced that their information technology systems had been disrupted by a cyber attack. In an announcement today, it was announced that this disruption was caused by a ransomware attack.
The GandCrab v5 ransomware has started to use the recently disclosed Task Scheduler ALPC vulnerability to gain System privileges on an infected computer. This vulnerability was recently patched by Microsoft in the September 2018 Patch Tuesday, but many companies may not have installed the patch.
GandCrab v5 has been released with a few noticeable changes. The first change is that the ransomware now uses a random 5 character extension for encrypted files and a new HTML ransom note.
This has been a busy week. We had a brewery hit, an airport's flight and arrival time displays taken out, and Dharma deciding to release three different variants in one week. The NSA CodeBreaker Challenge was also kicked off today and it has a ransomware theme this year.
This week we have seen three new Dharma Ransomware variants released that append either the .Gamma, .Bkp, & .Monro extensions to encrypted files.
A Romanian woman admitted on Thursday her participation in a ransomware distribution scheme that ended up disabling computers used by the Washington D.C. police for surveillance.
What may very well be considered a cybercriminal's dream tool is now real and it is hunting Windows and Linux servers: a botnet with self-spreading capabilities that combines cryptomining and ransomware functions.
Was a quiet week for new variants, but a bunch of long-running ransomware infections released new variants this week. We had a few from Scarab, a new Dharma variant, and a new Matrix ransomware variant.
Last week the Fallout Exploit kit was distributing the GandCrab ransomware. This week, it has started to distribute a new ransomware called SAVEfiles, for lack of a better name, through malvertising campaigns.
The Kraken Ransomware is a newer ransomware that was released in August 2018. A new version, called Kraken 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it.
It has been a quiet week with just small variants and new variants of existing ones such as Matrix. As much as we would like to see ransomware die off altogether, it is hear to stay.
Every once in a while you come across a really strange malware and such is the case with a new ransomware that only encrypts .EXE files on a computer. It then displays a screen with a picture of President Obama that asks for a "tip" to decrypt the files.