Bitdefender has released a free decrypter that helps victims of GandCrab ransomware infections recover files without paying the ransom.
The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player —the RIG exploit kit— has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers).
Ransomware developers continue to release infections that are clearly not tested well and contain bugs that may make it difficult, if not impossible, for victims to recover their files. Such is the case with the new in the wild ransomware called Thanatos that has been discovered by security research MalwareHunterTeam.
Two days after crooks started advertising the Data Keeper Ransomware-as-a-Service (RaaS) on the Dark Web, ransomware strains generated on this portal have already been spotted in the wild, infecting the computers of real-world users.
The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21.
Today a reader sent me info regarding the LockCrypt Ransomware still being actively distributed over hacked remote desktop services. This variant, when installed, will encrypt a victim's files and then append the .1btc extension to encrypted file names.
The authors of the newly-discovered Saturn ransomware are allowing anyone to become a ransomware distributor for free via a newly launched Ransomware-as-a-Service (RaaS) affiliate program.
All the countries part of the Five Eyes intelligence-sharing alliance — the US, the UK, Canada, Australia, and New Zealand— have made formal statements accusing the Russian Federation of orchestrating the NotPetya ransomware outbreak.
A new ransomware was discovered this week by MalwareHunterTeam called Saturn. This ransomware will encrypt the files on a computer and then append the .saturn extension to the file's name. At this time it is not known how Saturn Ransomware is being distributed.
The UK has become the first major Western country to formally accuse the Russian military of orchestrating and launching the NotPetya ransomware outbreak.
A new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service. First detected by Derek Knight, this campaign is a mixup of countries with the IRS being a U.S. entity, the send being a UK email address, and the spam attachment being in German.
Lots of small variants released this week, but surprisingly most are actually active and being distributed. The big stories are new distribution methods for GandCrab, decryptors for Cryakl variants and MoneroPay, and a new ransomware called Black Ruby.
A new Chinese MBRLocker called DexLocker has been discovered that asks for 30 Yuan to get access to a computer. First discovered by security researcher JAMESWT, this ransomware will modify the master boot record of the victim's computer so that it shows a ransom note before Windows starts.
A new ransomware was discovered this week by MalwareHunterTeam called Black Ruby. This ransomware will encrypt the files on a computer, scramble the file name, and then append the BlackRuby extension. To make matters worse, Black Ruby will also install a Monero miner on the computer that utilizes as much of the CPU as it scan.
Belgian Federal Police together with Kaspersky Lab have released a free decryption tool for some versions of the Cryakl ransomware.
A new malspam campaign is underway that is pretending to be PDF receipts, but instead installs the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.
A security researcher has found a way to bypass the "Controlled Folder Access" feature added in Windows 10 in October 2017, which Microsoft has touted as a reliable anti-ransomware defensive measure.
A study of 2,700 IT professionals across the globe has revealed that 54% of organizations suffered a ransomware attack in the last year, and most organizations were hit more than twice, with the average number of ransomware per attacks being two.