Ukrainian authorities and businesses are on alert after a local security firm reported that another accounting software maker got hacked and its servers were being used to spread malware.
While the week was dominated by small little ransomware creations, we did have some interesting news. First, we have had a resurgence of Locky variants, then a constant stream of GlobeImposter variants variants, and finally the SynCrypt ransomware that utilizes an interesting distribution method.
Representatives for LG South Korea said on Wednesday that a mysterious ransomware strain has infected self-servicing kiosks at various service centers across the country.
Malware activity has ramped up in the second quarter of 2017, according to reports from cyber-security firms Cyren, Check Point, Kaspersky Lab, Proofpoint, and Symantec.
Today a new Locky Ransomware variant was discovered that switches to the .lukitus extension for encrypted files. It is not currently known how this variant is being distributed, but as the ransomware is being downloaded from a remote site it is most likely malspam.
A new ransomware called SyncCrypt was discovered that is being distributed by spam attachments pretending to be court orders. This ransomware uses a interesting approach of embedding a zip file in a jpg image in order to avoid detection.
A PHP ransomware project open-sourced on GitHub is still spawning active threats, more than a year after it was released in early 2016.
Ukrainian authorities have arrested a 51-year-old man from Nikopol, Dnipropetrovsk region, on accusations of distributing a version of the NotPetya ransomware.
A large malspam campaign is underway that is pushing a new Locky variant that appends the .diablo6 extension to encrypted files. Is this the return of Locky or just a brief resurgence?
It has been a week heavily dominated by GlobeImposter variants being released here and there and smaller ransomware variants with little or no distribution. We also saw news about companies still being affected by the NotPetya attack.
The Cerber ransomware has received an update that allows it to collect and steal data from a victim's computer, similar to an infostealer.
The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, the point of origin of the NotPetya ransomware outbreak.
US pharmaceutics giant Merck was severely affected by the NotPetya ransomware outbreak that took place at the end of June, and the company is still struggling to restore all systems and resume normal operations, according to an 8-K report filed with the US Securities and Exchange Commission (SEC).
This week has mostly been about small variants being released, GlobeImposters all over the place, and some new CryptoMix variants. Of particular interest is a self-healing file system called ShieldFS that shows great promise in ransomware protection and some research from Google about how ransomware devs cash out their payments.
Research presented yesterday at the Black Hat USA 2017 security conference revealed that Bitcoin trading platform BTC-e is responsible for cashing out 95% of all ransomware payments made since the start of 2014.
Italian researchers have developed a Windows drop-in driver and custom filesystem that are capable of detecting the telltale signs of a ransomware infection, stop any malicious actions and even revert any encrypted files to their previous state.
Greek police arrested a Russian national, Alexander Vinnik, 38, for his role as owner of the BTC-e Bitcoin trading platform. In the US, the Department of Justice (DOJ) formally indicted Vinnik on 21 charges related to money laundering and the operation of an unlicensed money exchange.
Really slow week, which is great. We did have some decryptors and updated decryptors released this week, which is always great. Of particular concern is the increase releasing of new CryptoMix variants. Thankfully, these variants do not seem to be netting to many victims at this time..
CryptoMix is releasing new variants very quickly now and is reminiscent of how the Locky developers used to distribute Locky.