With file-encrypting ransomware on the rise, everyone needs to learn tips and tricks on how to protect yourself of mitigate the damages done by these infections. In this article we discuss a tip where Windows alerts you in a not so obvious way that something is not right.
The developer of the Radamant Ransomware Kit does not appear to be happy with Fabian Wosar and Emsisoft for the releases of decrypters that allow the victim's to recover their files for free. This displeasure is being shown in the names of their C2 servers and strings in the malware executable.
It has been discovered that The Radamant Ransomware Kit has been for sale on underground malware and exploit sites for almost three weeks. This kit is a full turn-key solution that allows any budding criminal to distribute their own ransomware.
The latest release of TeslaCrypt still refers to itself as version 2.2.0, but there are still some minor changes compared to the last release. These changes include minor differences in the ransom note and differ file header for the encrypted files.
Last week we wrote about a new ransomware called the Ramadant Ransomware Kit that was encrypting files and adding the .RDM extension. Fabian Wosar, of Emsisoft, further analyzed the infection and was able to find a weakness in the encryption algorithm so that victim's can recover their files for free.
A new ransomware is in the wild that has been dubbed Gomasom (GOogle MAil ranSOM) by Fabian Wosar of Emsisoft due to its use of gmail email addresses in the encrypted file names. This ransomware is particularly destructive as it will not only encrypt data files but will also encrypt executables.
A new ransomware has been discovered called the Radamant Ransomware Kit that encrypts your data using AES-256 encryption and requires you to pay .5 Bitcoins, or approximately $230.88 USD, to get your files back. Any files encrypted by this ransomware will have the RDM extension added to them.
A new ransomware called the XRTN Ransomware is in the wild that encrypts your data with RSA-1024 encryption using the open source Gnu Privacy Guard (GnuPG) encryption software. This ransomware is part of the same family as the VaultCrypt ransomware that we reported on in March.
A new version of TeslaCrypt was released on Tuesday that contains some minor changes such as new ransom note names, a new name for the autorun entry, and a slight change to how it removes the Shadow Volume Copies.
A new version of the TeslaCrypt ransomware has been released that changes the ransom note filenames and uses the new .vvv extension for encrypted files. Unfortunately, at this time there is still no way of decrypting files encrypted by this version of TeslaCrypt.
CryptoWall 4.0 has been discovered being installed via the Nuclear Exploit kit. As an added twist, the malware payload is also being delivered as a NSIS installer that when executed installs the CryptoWall 4.0 ransomware.
A new file-encrypting ransomware has been floating around this past week called CryptInfinite or DecryptorMax. At first this ransomware looked secure, but with further analysis by Fabian Wosar, it was discovered that a decrypter could be made that would recover your files for free.
The Chimera Ransomware uses a new technique for distributing decryption keys through a peer-to-peer messaging application called Bitmessage. This method provides a very easy method of pushing decryption keys out to the victim while staying anonymous behind the peer-to-peer network.
A new variant of TeslaCrypt has been released that utilizes the same .CCC extension for encrypted files, but now uses the _how_recover_
A new Ransomware as a Service has been discovered called the Cryptolocker Service. This service states it will go live in the next few days and allow affiliates to distribute their ransomware for a 10% commission.
Kaspersky has released 14,000 additional decryption keys for users infected with the CoinVault or BitCryptor ransomware infections. Using their decryption tool you may be able to recover your encrypted files for free.
Vssadmin.exe is a utility bundled with Windows that allows you to administer Shadow Volume Copies. Unfortunately, this tool is also being used by Ransomware developers to make it harder for you to recover your files. This article explains how Shadow Volume Copies work and why it is important for every user to disable vssadmin.exe.
A new version of CryptoWall has been released that displays a redesigned ransom note, new file names, and now encrypts a file's name along with the data as well. A new version of CryptoWall has been released that displays a redesigned ransom note, new file names, and now encrypts a file's name along with the data as well.
A new ransomware has started to become seen on various computer support forums that encrypts your data and then appends the firstname.lastname@example.org string to the filename. Thankfully Kaspersky's RakhniDecryptor tool is able to decrypt this infection.