A new variant of the Matrix RansomwareÂ has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting.
Towards the end of July 2018, we saw a new version of the AZORult trojan being used in malware campaigns targeting computers globally. In this article, we will dive into the malware and analyze its execution flow and payloads.
The biggest news was the release of the Princess Evolution RaaS and a new variant of the Dharma ransomwareÂ utilizing the .cmb extension for encrypted files. Otherwise, it was mostly small variants released that will not likely have many victims.
A new variant of the Princess Locker ransomware is being distributed called Princess Evolution. Like its predecessor, Princess Evolution is a Ransomware as a Service, or RaaS, that is being promoted on underground criminal forums.
On Monday, a Florida judge sentenced a former Microsoft network engineer to 18 months in prison for his role in helping launder money obtained from victims of the Reveton ransomware.
This was a pretty quiet week with mostly small variants, one new active release, and a large organization getting hit. This article outlines what new ransomware has been released and other ransomware related stories.
According to reports, computers at the PGA have been infected with ransomware. The victims learned they were infected on Tuesday when ransom notes started appearing on their screen.
This week was mostly small variants, but we did have some interesting news. First we had a in-depth look at the SamSamÂ ransomwareÂ by Sophos that details the staggering amount of money they are generating and the GandCrab devs trying to get back at AhnLab for creating a GandCrab vaccine
The author of the GandCrab ransomware is a little bit bitter at South Korean security vendor AhnLab after the security firm released a vaccine for the GandCrab ransomware.
The SamSam ransomware has earned its creator(s) more than $5.9 million in ransom payments since late 2015, according to the most comprehensive report ever published on SamSam's activity, containing information since the ransomware's launch in late 2015 and up to attacks that have happened earlier this month.
On Monday, officials from Matanuska-Susitna (Mat-Su), a borough part of the Anchorage Metropolitan Statistical Area, said they are still recovering from a ransomware infection that took place last week, on July 24.
While the distribution of ransomware has definitely decreased, it is still very much a threat as seen by the Alaskan borough ofÂ Matanuska-SusitnaÂ and the shipping company CoscoÂ getting hit by ransomware this week. Both attacks shut down their operations and caused normal workflow to be halted.
A ransomware infection has crippled the US network of one of the world's largest shipping giants âCOSCO (China Ocean Shipping Company).
Romanian antivirus firm Bitdefender released yesterday a decryption tool that can recover files encrypted by an older version of the LockCrypt ransomware, the one that locks files with the .1btc extension.
While it has been pretty slow for new ransomware this week, there was a quite a bit of ransomware related news such as the LabCorp attack being a ransomware infection, Magniber branching out, and a ransomware dev venting on Twitter.
I guess even ransomware developers do not like being called scammers as shown by a recent venting session by the King Ouroboros ransomware developer on Twitter.
After spending nine months targeting only South Korean users, the Magniber ransomware has expanded its targeting spectrum and is now also capable of infecting users who also feature a Chinese (Macau, China, Singapore) and Malay (Malaysia, Brunei) PC language setting.