What a crazy week. The biggest news is that we had a hosting company who actually paid a 1 million dollar (think Dr. Evil) ransomware payment. We then had the return of Locky, which at one point was the preminent ransomware being distributed. Will have to see if it can become king of the hill again.
Despite being an expanding threat, ransomware infections are rarely reported to law enforcement agencies, according to conclusions from the 2016 Internet Crime Report, released yesterday by the FBI's Internet Crime Complaint Center (IC3).
The Locky ransomware is back, spreading via a massive wave of spam emails distributed by the Necurs botnet, but the campaign appears to be a half-baked effort because the ransomware is not able to encrypt files on modern Windows OS versions, locking files only on older Windows XP & Vista machines.
Fifty-five speed and red-light cameras in the Australia's state of Victoria were infected with the WannaCry ransomware.
I was told about a new ransomware called TeslaWare that is being promoted on a black hat criminal site. After a quick search, I was able to find a sample that was compiled yesterday and I began to dig into to it. What did I find? That the marketing poster promoting TeslaWare was more advanced than the ransomware itself.
On Monday, Honda was forced to temporarily shut down its car plant in Sayama, Japan, after some of its computer systems were infected with the infamous WannaCry ransomware.
Nayana, a web hosting provider based in South Korea, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin, following a ransomware infection that encrypted data on customer' servers.
For the most part, mostly in-development ransomware released this week. No really major ransomware variants released that are much of a threat. The big news, though, is that Kaspersky was able to figure out how to crack the decryption for the Jaff Ransomware and release a free decryptor.
The author of a new ransomware strain named Executioner has bungled the tool's encryption routine, which means security researchers will be able to decrypt victims' files. The good news is that this ransomware is not the subject of a massive distribution campaign, so the number of affected victims is low if any even exist.
University College London admitted in a status report published yesterday afternoon that it had succumbed to a ransomware infection that affected computers on its network. The infection appears to have taken place yesterday afternoon after an employee or student opened an email attachment.
Fedor Sinitsyn, a senior malware analyst at Kaspersky Labs, has discovered a weakness in the Jaff ransomware and was able to release a decryptor for all current variants For those who were infected with Jaff and had their files encrypted with the .jaff, .wlu, or .sVn extensions, this decryptor can recover your files for free.
I have been playing with ransomware for quite some time, but a new ransomware note really brings it to a new level of scumbaggery and disgust.