A new MBR bootlocker called DiskWriter, or UselessDisk, has been discovered that overwrites the MBR of a victim's computer and then displays a ransom screen on reboot instead of booting into Windows. This ransom note asks for $300 in bitcoins in order to gain access to Windows again.
This week was definitely a lot busier than the previous one. During the past two weeks we have had some interesting ransomware released such as Zenis, which deletes files associated with backups, and AVCrypt that tries to uninstall your security software. We also had a bunch of organizations affected by SamSam.
Precisely two months on the day since the release of its first version, the group behind the Rapid ransomware strain has released v2.0 today.
A new ransomware named AVCrypt has been discovered that tries to uninstall existing security software before it encrypts a computer. Furthermore, as it removes numerous services, including Windows Update, and provides no contact information, this ransomware may be a wiper.
The Mayor of Atlanta, Georgia has confirmed today in a press conference that several local government systems are currently down due to a ransomware infection.
The most recent version of the TrickBot banking trojan now includes a screenlocker component, suggesting the malware's operators might soon start holding victims for ransom if infected targets don't appear to be e-banking users.
Purdue University scientists have developed a data protection technique called Reactive Redundancy for Data Destruction (R2D2) that can protect data sitting inside a virtual machine from modern data-wiping malware and even some secure file deletion methods.
Polish law enforcement announced on Friday the arrest of Tomasz T., a well-known cyber-criminal believed to be the author of the Polski, Vortex, and Flotera ransomware strains.
A new ransomware was discovered this week called Zenis Ransomware. While it is currently unknown how Zenis is being distributed, multiple victims have already become infected with this ransomware. What is most disturbing about Zenis is that it not encrypts your files, but also purposely deletes your backups.
The United States has imposed sanctions against Russian entities for the NotPetya ransomware outbreak, cyber-attacks on the US power grid, and their attempts to influence the 2016 US presidential election process.
In the land of IT security, there is no better source for malware statistics than Microsoft, the company that has an antivirus engine running on almost all recent Windows operating systems.
Today one of our volunteers, Aura, told me about a new new malspam campaign pretending to be from Craigslist that is under way and distributing the Sigma Ransomware. These spam emails contain password protected Word or RTF documents that download the Sigma Ransomware executable from a remote site and install it on a recipients comput
Just two botnets accounted for 97% of all spam emails in the last three months of 2017, according to a McAfee report released earlier today.
It has been a pretty slow ransomware week as most of the malware developers have started pushing cryptominers. We did see the continued distribution of the GnuPG based Qwerty Ransomware and a new variant of the GandCrab ransomware that makes it secure again.
A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victim's files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted file's name.
A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand.
GandCrab version 2 was released, which contains changes that supposedly make it more secure & allow us to differentiate it from the original version. In this article we will provide a quick overview as to what has changed & how you can identify that you are are infected with the new GandCrab version.
This week's article combines the previous week's stories as well. Lots of small in-dev ransomware over the last two weeks, but also a few RaaS (Ransomware as a Service) implementations were released and decryptor for GandCrab was released.
Bitdefender has released a free decrypter that helps victims of GandCrab ransomware infections recover files without paying the ransom.
The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player —the RIG exploit kit— has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers).