Romanian antivirus firm Bitdefender released yesterday a decryption tool that can recover files encrypted by an older version of the LockCrypt ransomware, the one that locks files with the .1btc extension.
While it has been pretty slow for new ransomware this week, there was a quite a bit of ransomware related news such as the LabCorp attack being a ransomware infection, Magniber branching out, and a ransomware dev venting on Twitter.
I guess even ransomware developers do not like being called scammers as shown by a recent venting session by the King Ouroboros ransomware developer on Twitter.
After spending nine months targeting only South Korean users, the Magniber ransomware has expanded its targeting spectrum and is now also capable of infecting users who also feature a Chinese (Macau, China, Singapore) and Malay (Malaysia, Brunei) PC language setting.
This week has mostly been small variants released, with a bunch of new Scarab Ransomware variants. The most interesting ransomware news this week are the CoinVault authors being in a Netherlands court in front of a three-judge panel.
The authors of the CoinVault ransomware have had their day in court today in the Netherlands, where their case was presented in front of a three-judge panel.
Cass Regional Medical Center, a Missouri health care center, announced on their Facebook page that they have been affected by an undisclosed ransomware. This incident affected their internal communications system and their electronic health record (EHR) system.
This week we had a new version 4 of the GandCrab ransomware released with a new KRAB extension as well as a new ransomware called Nozelesn that has been heavily distributed. The Nozelesn campaign started out targeting Poland, but since then has hit numerous other countries, including the USA.
An old foe and one of the first ransomware strains is still around and making new victims, but this malware is keeping up with the times and has added a cryptocurrency-mining component that it deploys on carefully selected computers.
Over the weekend, the GandCrab V4 Ransomware was released with numerous changes. These changes include a different encryption algorithms, a new .KRAB extension, a new ransom note name, and a new TOR payment site.
A distribution campaign for a new ransomware called Nozelesn is currently underway that is targeting Poland. This campaign started July 2nd and we already have reports from victims in our forums and numerous cases have been spotted on ID Ransomware.
It has been a very slow week for ransomware, which we are always happy about. While ransomware will never go away completely, as time goes on, more people become educated, and better backup strategies are created, we continue to see ransomware slowly diminishing.
Back in February we wrote about a new ransomware called Thanatos that was encrypting victim's data, but contained flaws that would not allow the authors to decrypt a victims files even if they paid. Thankfully, the Cisco Talos Group was able to find a method to break the encryption routine.
This has been the week of the Scarab with a continuous stream of Scarab Ransomware variants being released. We also had a few decryptors and some smaller variants, but by far Scarab dominated the ransomware distribution. Thankfully, under certain conditions Scarab can be decrypted by Dr. Web,
New versions of the SamSam ransomware will not execute unless the person running the malware's payload enters a special password via the command-line.
Mostly new variants of the same ransomware this week, with little new ransomware campaigns being conducted. Of particular interest was Kaspersky temporarily withdrawing their participation in the NoMoreRansom project and the rebranding of Satan Ransomware as DBGer Ransomware.
A decryptor for the Everbe Ransomware was released by Michael Gillespie and Maxime Meignan that allows victims to get their files back for free. It is not known how this ransomware is currently being distributed, but as long as victims have an unencrypted version of an encrypted file, they can use them to brute force the decryption
The authors of the Satan ransomware have rebranded their "product" and they now go by the name of DBGer ransomware, according to security researcher MalwareHunter, who spotted this new version earlier today.
Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware.