I can't tell if the Locky developers are trying to put us to sleep with all their extension changes or paying homage to the Tryptophan in Thanksgiving turkey, but they have changed the extension used for encrypted files to .zzzzz.
It may be possible that in the upcoming future we may see the group behind the Locky ransomware use MHT (MHTML) files as email attachments and deliver their malicious payload to victims' machines.
Nathan Scott, a malware analyst for Malwarebytes, was able to crack the encryption system used by the Telecrypt ransomware, discovered two weeks ago by researchers from Kaspersky Lab.
Polish security researcher Hasherezade has found a way to help victims of the PrincessLocker ransomware by cracking the ransomware's encryption system and releasing a free decryptor.
Early this morning, a new Locky campaign was discovered that is spewing out emails that pretend to be an ISP complaint stating that SPAM has been detected coming from the computer. Further testing of the new sample shows that Locky has also changed the extension for encrypted files to .AESIR.
An ongoing Facebook spam campaign is spreading the Nemucod malware downloader among users, which in some cases was seen downloading the Locky ransomware at later stages.
Very busy ransomware week. We have two new ransomware infections being pushed out by exploit kits, some decryptors, and lots of small variants being released. The big news is the release of the master decryption keys for the CrySiS ransomware and Kaspersky's Rakhnidecryptor being updated to use them.
Brad Duncan, a security researcher for Rackspace, is well known for monitoring exploit kit activity and the payloads that are being distributed by them. In an article posted yesterday, Brad shows how the RIG-E (Empire) exploit kit has started to distribute a new ransomware called CHIP.
Ever since it launched in April 2016, the ID Ransomware service has been slowly, but surely, becoming the default destination for victims looking for information to aid them in solving their ransomware infections.
Security researcher MalwareHunterTeam has discovered a new ransomware family that its creators have named Crypton. After a flood of poorly coded .NET-based ransomware families have invaded VirusTotal, Crypton is a little bit more complex.
Fake Flash Player update sites have long been a favorite distribution method for adware and other unwanted programs. Today, a fake Flash update site was discovered by ExecuteMalware that is pushing the Locky ransomware.
A new spam wave posing as emailed fax messages is delivering a malware downloader that fetches and installs a ransomware family known as PClock, a CryptoLocker clone.
Fabian Wosar, Emsisoft security researcher, is facing a moral dilemma like very few security researchers have faced before.
A new ransomware called CryptoLuck has been discovered being distributed via the RIG-E exploit kit. This ransom also utilizes an interesting method of infecting a victim through the legitimate GoogleUpdate.exe executable and DLL hijacking.
A new ransomware variant nicknamed Ransoc is currently distributed via malvertising campaigns and exploit kits, locking the user's desktop, searching for sensitive content, and employing the found information in an attempt to extort users who accessed questionable content into paying a ransom fee.
A security researcher has discovered the Karma Ransomware, which pretends to be a Windows optimization program called Windows-TuneUp. What is worse is that this sample was discovered as software that would potentially be distributed by a pay-per-install software monetization company when people install free software they download.
The master decryption keys for the CrySiS Ransomware have been released this morning in a post on the BleepingComputer.com forums. At approximately 1 AM EST, a member named crss7777 created a post in the CrySiS support topic at BleepingComputer with a Pastebin link to a file containing the master decryption keys and how to use them.
Another week of annoying little ransomware programs. There was really nothing significant released this week, which is good news for a change. Hopefully it will stay that way.
A Brazilian developer named Lenon Leite has released proof-of-concept code for a ransomware family coded in PHP that will allow an attacker to encrypt the contents of web servers.