GandCrab version 3 was released earlier this week with a few noticeable changes. The most noticeable change is the addition of a desktop background and an autorun that causes the ransomware to start automatically when you reboot the computer.
The UK Department of Health and Social Care has announced that it will transition all National Health Service (NHS) computer systems to Windows 10.
This was an interesting week for ransomware with various government servers being infected with VevoLocker, a new ransomware attack again HP iLO remote management interfaces, and the KCW Ransomware targeting web sites in Pakistan.
Team Kerala Cyber Warriors, a hacking group based out of India, have begun to install ransomware on web sites based out of Pakistan. This ransomware, called KCW Ransomware, encrypts the files on a web site and then demands a ransom payment in order to get the files back.
A new in-development ransomware was discovered that has an interesting characteristic. Instead of the distributed executable performing the ransomware functionality, the executables compiles an embedded encrypted C# program at runtime and launches it directly into memory.
Attackers are targeting Internet accessible HPE iLO 4 remote management interfaces, supposedly encrypting the drives, and then demanding Bitcoins to get access to the data again. While it has not been 100% confirmed if the hard drives are actually being encrypted, we do know that multiple victims have been affected by this attack.
The screen-locking feature added to a popular banking trojan was never intended to be used for ransomware-like operations, researchers from Fortinet revealed on Monday.
This week was mostly small variants released, but we did have some interesting news. First we had a Microsoft engineer facing federal charges for involvement in the Reveton Ransomware, a decryptor released for Vortex, the Magnitude exploit kit is now pushing GandCrab, and a ransomware is trying to make money off of Syrian refugees.
A new ransomware called RansSIRIA has been discovered by MalwareHunterTeam that encrypts your files and then states it will donate your ransom payments to Syrian refugees. This ransomware is a variant of the WannaPeace ransomware and is targeting Brazilian victims.
When ransomware developers achieve huge media buzz like we saw with the PUBG Ransomware, it is not surprising to see other developers creating copycats. This is the case with two new in-development ransomware programs, if we can even call them that, for both Minecraft and Counter-Strike: Global Offensive (CS: GO).
The authors of the XiaoBa ransomware have retooled their malware's code into a cryptocurrency miner (coinminer). Unfortunately, despite not encrypting files anymore, the XiaoBa coinminer still destroys users' data thanks to a series of bugs that primarily corrupt a user's executable files.
A Microsoft network engineer is facing federal charges in Florida for helping launder money obtained from victims of the Reventon ransomware.
Not too much new ransomware released this week, but rather just general ransomware news. One item of interest was the joke ransomware called PUBG Ransomware that made you play Player's Unknown Battleground in order to decrypt your files. Other than that, it was just news about new variants that were released or about variants.
While ransomware has evolved into targeted attacks rather than mass spam campaigns, it is still a significant threat to businesses and consumers. Microsoft must agree, as in the upcoming Spring Creators Update, Microsoft has added a dedicated Ransomware Protection section in the Windows Defender Security Center settings.
A script compile error has temporarily stopped the infection chain of a malspam campaign trying to infect users with the GandCrab ransomware.
Around four out of five ransomware victims who paid a ransom demand to recover their files said they would pay the ransom again to recover data if no backup files are available.
Kryptos Logic, the cyber-security firm running the main WannaCry sinkhole, announced today plans to allow organizations access to some of the WannaCry sinkhole data.
In what could only be a joke, a new ransomware has been discovered called "PUBG Ransomware" that will decrypt your files if you play the game called PlayerUnknown's Battlegrounds.
Two new Matrix Ransomware variants were discovered this week by MalwareHunterTeam that are being installed through hacked Remote Desktop services. While both of these variants encrypt your computer's files, one is a bit more advanced with more debugging messages and the use of cipher to wipe free space.
This week we saw the release of new decrypters for Magniber, LockCrypt, and WhiteRose. The other big news is that addition of ransomware detection and file restore in Office 365. Otherwise, it has mostly been small variants that were released this week.