A new ransomware called DMA Locker was discovered by a Malwarebytes researcher last week. One feature that has not been discussed yet is its ability to encrypt files located on unmapped network shares. Thankfully, earlier versions of this ransomware can be decrypted for free using a utility by Fabian Wosar of Emsisoft.
A new ransomware was discovered last week that incorporates some interesting features such as ICMP communication with Command & Control server and a unique payment/key retrieval mechanism. This ransom also has a flaw in its key storage method that could allow user's to retrieve their decryption key under the right circumstances.
A new ransomware has been spotted called 7ev3n that encrypts your data and demands 13 bitcoins to decrypt your files. A 13 bitcoin ransom demand is the largest we have seen to date for this type of infection, but this ransomware also has another surprise as it does a good job trashing your system.
A vulnerability for the LeChiffre ransomware has been discovered that allows Fabian Wosar of Emsisoft to create a free decryptor for it. This articles explains how to use the decrypter to recover files encrypted by LeChiffre for free.
Today Malwarebytes released their latest security offering called Malwarebytes Anti-Ransomware. Malwarebytes Anti-Ransomware, or MBARW for short, is currently in beta and is a small utility that runs in the background while quietly monitoring computer for behavior associated with file encrypting ransomware.
In a post on the BleepingComputer.com forums, the developer of the Magic Ransomware infection is blackmailing the author of the open source Hidden Tear and EDA2 Ransomware Project. The malware developer's demands are simple; take down the Hidden Tear project or their Magic ransomware's victims lose their keys forever.
A new ransomware has been discovered that utilizes the open source ransomware kit called eda2. This ransomware will encrypt your data with AES encryption, append the .magic extension to encrypted files, and then demand 1 bitcoin to decrypt your data.
Now that TeslaCrypt 3.0 has been released and the malware developer has fixed a flaw in his program, we are releasing information on how to decrypt files encrypted by earlier variants. This article explains how volunteers cracked TeslaCrypt's encryption key storage algorithm to help people recover their files for free.
The TeslaCrypt developers release version 3.0 of their ransomware infection, which includes a modified encryption algorithm and the .XXX extension for encrypted files.
A new ransomware has been spotted called CryptoJoker that encrypts your data with AES-256 encryption and then demands a ransom to recover your files.
With file-encrypting ransomware on the rise, everyone needs to learn tips and tricks on how to protect yourself of mitigate the damages done by these infections. In this article we discuss a tip where Windows alerts you in a not so obvious way that something is not right.
The developer of the Radamant Ransomware Kit does not appear to be happy with Fabian Wosar and Emsisoft for the releases of decrypters that allow the victim's to recover their files for free. This displeasure is being shown in the names of their C2 servers and strings in the malware executable.
It has been discovered that The Radamant Ransomware Kit has been for sale on underground malware and exploit sites for almost three weeks. This kit is a full turn-key solution that allows any budding criminal to distribute their own ransomware.
The latest release of TeslaCrypt still refers to itself as version 2.2.0, but there are still some minor changes compared to the last release. These changes include minor differences in the ransom note and differ file header for the encrypted files.
Last week we wrote about a new ransomware called the Ramadant Ransomware Kit that was encrypting files and adding the .RDM extension. Fabian Wosar, of Emsisoft, further analyzed the infection and was able to find a weakness in the encryption algorithm so that victim's can recover their files for free.
A new ransomware is in the wild that has been dubbed Gomasom (GOogle MAil ranSOM) by Fabian Wosar of Emsisoft due to its use of gmail email addresses in the encrypted file names. This ransomware is particularly destructive as it will not only encrypt data files but will also encrypt executables.
A new ransomware has been discovered called the Radamant Ransomware Kit that encrypts your data using AES-256 encryption and requires you to pay .5 Bitcoins, or approximately $230.88 USD, to get your files back. Any files encrypted by this ransomware will have the RDM extension added to them.
A new ransomware called the XRTN Ransomware is in the wild that encrypts your data with RSA-1024 encryption using the open source Gnu Privacy Guard (GnuPG) encryption software. This ransomware is part of the same family as the VaultCrypt ransomware that we reported on in March.
A new version of TeslaCrypt was released on Tuesday that contains some minor changes such as new ransom note names, a new name for the autorun entry, and a slight change to how it removes the Shadow Volume Copies.