This week we had our fair share of smaller variants being distributed or created, but the big news was by far the release of Magniber and the use of the Hermes ransomware as a cover to steal money from a Taiwan bank. With the release of Magniber we also see the downward spiral of Cerber,.
Magniber is a new ransomware being distributed by the Magnitude Exploit Kit that appears to be the successor to the Cerber Ransomware. While many aspects of the Magniber Ransomware are different than Cerber, the payment system and the files it encrypts are very similar.
Evidence suggests the infamous Lazarus Group, a hacking crew believed to be operating out of North Korea, is behind the recent hack on the Far Eastern International Bank (FEIB) in Taiwan.
A new ransomware called Anubi was discovered by Malwarebytes security researcher S!Ri that appends the .[email@example.com].anubi extension to encrypted files. While not much is known about how this ransomware is distributed, as it is in the wild I thought I would provide a brief summary of the ransomware.
A new variant of the CryptoMix ransomware that is appending the .x1881 extension to encrypted file names. It's has been about three weeks since a new CryptoMix variant was released, which is quite long for this family of ransomware.
A new ransomware targeting Android devices has been spotted in the wild. Codenamed DoubleLocker, the ransomware abuses Android's Accessibility service and reactivates itself every time the user presses the phone's Home button.
Today a new Locky Ransomware variant was released that now uses the .asasin extension for encrypted files. Personally, I thought the previous extension, ykcol, was more clever, while this one seriously needs a spell checker. Thankfully, the current distribution for this variant is broken due to malformed spam campaign.
Since I started writing these weekly ransomware articles back in May 2016, this is the first time that we had an article with only six stories in it! I am hoping that this means people are getting bored of ransomware and things will calm down, but I am also worried that this may be just a lull in the storm.
Not much to report this week as we did not have a lot of releases of new variants or updated existing variants. The biggest news was the discovery of the RedBoot bootlocker ransomware and Locky continuing its mass spam campaigns.
A new bootlocker ransomware called RedBoot will encrypt files on the computer, replace the MBR, or Master Boot Record, of the system drive and then appears to trash the partition table.
Here's one group of fans George R. R. Martin may not want on the Game of Thrones bandwagon — the authors of the Locky ransomware.
The big news this week is a new variant of the Locky ransomware and its distributors continuing to use massive spam campaigns to distribute it. In other news, we had some small variants that will never make it into distribution or are jokes, but have an interesting "twist" to them.
A new ransomware called InfinityLock utilizes an interesting ransom note that pretends to be a hacker typing commands into a Windows Command Prompt.
A new variant of the BTCWare ransomware was discovered by ID-Ransomware's Michael Gillespie that appends the .[email]-id-[id].wyvern extension to encrypted files. The BTCWare family of ransomware is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services.
A new joke screen locker called nRansomware was released that demands 10 nude pictures, which they will sell on under ground sites, in order to unlock the screen. This article will take a brief look at the malware and show how its nothing to be concerned about.
Reports are coming in from multiple security researchers and security firms about increased activity from one of the groups spreading the Locky ransomware.
Today, I discovered a new variant of the CryptoMix ransomware that is appending the .SHARK extension to encrypted file names. This family of ransomware usually releases a new version almost every week, if not sooner, so it is a bit surprising to see them take almost three weeks to release this variant.
Administrators of various underground hacking forums hosted on both the public Internet and Dark Web are having serious discussions about the "good idea" of allowing the sale of ransomware via their platforms.
Today a new Locky Ransomware variant was discovered by Stormshield malware analyst coldshell that switches to the .ykcol extension for encrypted files. It is important to note that if you are infected with this ransomware, you are not infected with the Ykcol Ransomware, but rather Locky.