According to data gathered via the ID-Ransomware service, what all of us had predicted is now happening, as the Spora ransomware has started to spread to new territories outside former Soviet states.
The Sage 2.0 Ransomware, which is an updated variant of CryLocker, has been discovered being distributed by one of the same actors who is distributing Locky, Cerber, and Spora. Due to this there is a good chance of wider distribution of this ransomware. This guide provides information on Sage 2.0 and what to expect from it.
This week we continue to see more ransomware being released as well as changes in the distribution of the larger ransomware infections. For example, Locky has had a very low distribution lately since the holidays, but according to the Cisco Talos Group, it is starting to pick up again.
The Saint Louis Public Library (SLPL) announced that ransomware had hit all computers at all their branches across the city forcing the institution to halt all operations for the time being.
A new Ransomware as a Service, or RaaS, called Satan has been discovered by security researcher Xylitol. This service allows any wannabe criminal to register an account and create their very own customized version of the Satan Ransomware.
A new ransomware family is targeting Android devices, locking access to the screen, and constantly pestering the user to enter his payment card details.
A ransomware group has infected the computers of an Indiana-based cancer agency and have asked for a large payment of 50 Bitcoin ($44,800). The victim is Cancer Services of East Central Indiana-Little Red Door, an organization that helps "reduce the financial and emotional burdens of those dealing with a cancer diagnosis."
For more than four weeks, the only source of Locky ransomware infections has been through spam campaigns that distributed the Kovter click-fraud malware, as the primary source of Locky infections, the Necurs botnet, has been offline for the Christmas and New Year holidays.
Named CryptoSearch, this tool identifies files encrypted by several types of ransomware families and provides the user with the option to copy or move the files to a new location, in hopes that a decrypter that can recover the locked files will be released in the future.
Security researchers have gained access to one of the servers used by the Cerber gang, from where they were able to extract basic statistics about their operation.
The ransomware scourge does not want to let up. This week we have seen lots of small infections released, a very professional Spora Ransomware payment site, the continuing relentless attack on MongoDB databases, and a big time ransomware payout. The good news is that wwe also had a few decryptors released by Emsisoft!