The authors of the XiaoBa ransomware have retooled their malware's code into a cryptocurrency miner (coinminer). Unfortunately, despite not encrypting files anymore, the XiaoBa coinminer still destroys users' data thanks to a series of bugs that primarily corrupt a user's executable files.
A Microsoft network engineer is facing federal charges in Florida for helping launder money obtained from victims of the Reventon ransomware.
Not too much new ransomware released this week, but rather just general ransomware news. One item of interest was the joke ransomware called PUBG Ransomware that made you play Player's Unknown Battleground in order to decrypt your files. Other than that, it was just news about new variants that were released or about variants.
While ransomware has evolved into targeted attacks rather than mass spam campaigns, it is still a significant threat to businesses and consumers. Microsoft must agree, as in the upcoming Spring Creators Update, Microsoft has added a dedicated Ransomware Protection section in the Windows Defender Security Center settings.
A script compile error has temporarily stopped the infection chain of a malspam campaign trying to infect users with the GandCrab ransomware.
Around four out of five ransomware victims who paid a ransom demand to recover their files said they would pay the ransom again to recover data if no backup files are available.
Kryptos Logic, the cyber-security firm running the main WannaCry sinkhole, announced today plans to allow organizations access to some of the WannaCry sinkhole data.
In what could only be a joke, a new ransomware has been discovered called "PUBG Ransomware" that will decrypt your files if you play the game called PlayerUnknown's Battlegrounds.
Two new Matrix Ransomware variants were discovered this week by MalwareHunterTeam that are being installed through hacked Remote Desktop services. While both of these variants encrypt your computer's files, one is a bit more advanced with more debugging messages and the use of cipher to wipe free space.
This week we saw the release of new decrypters for Magniber, LockCrypt, and WhiteRose. The other big news is that addition of ransomware detection and file restore in Office 365. Otherwise, it has mostly been small variants that were released this week.
Three months after news first leaked, Microsoft officially announced today the launch of new anti-ransomware features for Office 365, the company's commercial subscription-based office tools suite.
A new ransomware has been discovered by MalwareHunterTeam that is based off of the InfiniteTear ransomware family, of which BlackRuby and Zenis are members. When this ransomware infects a computer it will encrypt the files, scramble the filenames, and append the .WHITEROSE extension to them.
On Monday, Michigan Governor Rick Snyder signed two bills into law that criminalize the possession of ransomware "with the intent to introduce it into a computer or computer network without authorization" and punish offenders with a three-year prison sentence, respectively.
Security researchers from AhnLab, a South Korea-based cyber-security firm, have created decrypters for some versions of the Magniber ransomware.
It was mostly small variants released this week. We did have a new Cryptomix variant released, a wiper called UselessDisk disguised as a ransomware, and a strange report that Boeing had been infected with WannaCry. Overall, though, it has been a slow week.
Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .MOLE66 extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new variants a few times a month, but this time it has been almost 2 months since the previous variant.
A new MBR bootlocker called DiskWriter, or UselessDisk, has been discovered that overwrites the MBR of a victim's computer and then displays a ransom screen on reboot instead of booting into Windows. This ransom note asks for $300 in bitcoins in order to gain access to Windows again.
This week was definitely a lot busier than the previous one. During the past two weeks we have had some interesting ransomware released such as Zenis, which deletes files associated with backups, and AVCrypt that tries to uninstall your security software. We also had a bunch of organizations affected by SamSam.
Precisely two months on the day since the release of its first version, the group behind the Rapid ransomware strain has released v2.0 today.