While the week was dominated by small little ransomware creations, we did have some interesting news. First, we have had a resurgence of Locky variants, then a constant stream of GlobeImposter variants variants, and finally the SynCrypt ransomware that utilizes an interesting distribution method.
Representatives for LG South Korea said on Wednesday that a mysterious ransomware strain has infected self-servicing kiosks at various service centers across the country.
Malware activity has ramped up in the second quarter of 2017, according to reports from cyber-security firms Cyren, Check Point, Kaspersky Lab, Proofpoint, and Symantec.
Today a new Locky Ransomware variant was discovered that switches to the .lukitus extension for encrypted files. It is not currently known how this variant is being distributed, but as the ransomware is being downloaded from a remote site it is most likely malspam.
A new ransomware called SyncCrypt was discovered that is being distributed by spam attachments pretending to be court orders. This ransomware uses a interesting approach of embedding a zip file in a jpg image in order to avoid detection.
A PHP ransomware project open-sourced on GitHub is still spawning active threats, more than a year after it was released in early 2016.
Ukrainian authorities have arrested a 51-year-old man from Nikopol, Dnipropetrovsk region, on accusations of distributing a version of the NotPetya ransomware.
A large malspam campaign is underway that is pushing a new Locky variant that appends the .diablo6 extension to encrypted files. Is this the return of Locky or just a brief resurgence?
It has been a week heavily dominated by GlobeImposter variants being released here and there and smaller ransomware variants with little or no distribution. We also saw news about companies still being affected by the NotPetya attack.
The Cerber ransomware has received an update that allows it to collect and steal data from a victim's computer, similar to an infostealer.
The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, the point of origin of the NotPetya ransomware outbreak.