The holidays are upon us and that means even ransomware developers are taking some time off. This showed this week with very few ransomware infections being released and for the most part we have only seen new variants of existing infections.
A new malspam campaign is underway that is distributing a GlobeImposter variant that appends the ..doc extension to encrypted files. This malspam is pretending to photos being sent to the recipient and will have a subject line that starts in a similar way to "Emailing: IMG_20171221_".
This is a quick analysis of a newly discovered ransomware called File-Locker. This brief will contain technical information related to how it infects a computer, how it is distributed, and whether it can be decrypted or not.
This is a security brief for the newly discovered ransomware called Retis. This brief will contain technical information related to how it infects a computer, how it is distributed, and whether it can be decrypted or not.
A Romanian man and woman are accused of hacking into the outdoor surveillance system deployed by Washington DC police, which they used to distribute ransomware.
The criminal group behind previous campaigns that have spread the VenusLocker ransomware have now switched their focus to delivering a Monero cryptocurrency miner instead.
Romanian authorities have arrested five people on accusations of spreading email spam that infected users with the CTB-Locker and Cerber ransomware families.
This week was mostly about in-dev ransomware or new variants of older ransomware being released. The biggest news was the File Spider Ransomware campaign that was targeting countries in the Balkans. The other big news is the entire California voters database being leaked on the Internet and held for ransom.
A new ransomware called File Spider is being distributed through spam that targets victims in Bosnia and Herzegovina, Serbia, and Croatia. These spam emails contains malicious Word documents that will download and install the File Spider ransomware onto a victims computer.
This week was mostly about small ransomware variants being released, but we did have some big stories. First, we have HC7, which is targeting entire networks through hacked remote desktop services, then we had StorageCrypt being installed on NAS devices, and finally the county computers of Mecklenburg County were hit by LockCrypt.
A new ransomware called HC7 is infecting victims by hacking into Windows computers that are running publicly accessible Remote Desktop services. Once the developers gain access to the hacked computer, the HC7 ransomware is then installed on all accessible computers on the network.
Recently BleepingComputer has received a flurry of support requests for a new ransomware being named StorageCrypt that is targeting NAS devices such as the Western Digital My Cloud. Victims have been reporting that their files have been encrypted and a note left with a ransom demand of between .4 and 2 bitcoins.
It has been a busy ransomware week with lots of small and some bigger variants released. This week we had a new CryptoMix, a new BTCWare, and a few new malspam campaigns for GlobeImposter and Sigma. Even better, we had a few new and updated decryptors released so that people can recover their files for free.
A malware author by the name of Luc1F3R is peddling a new ransomware strain called Halloware for the lowly price of $40.
A new variant of the BTCWare ransomware was discovered by Michael Gillespie, that appends the .[email]-id-id.shadow extension to encrypted files. The BTCWare family of ransomware infections targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
A new variant of the CryptoMix ransomware was discovered today that appends the .TEST extension to encrypted files and changes the contact emails used by the ransomware. This article will provide information what changes were made in this new version.
Not much to report this week other than Necurs starting to push the Scarab Ransomware and a new office document infecting ransomware called qkG. Otherwise, it has been a week of small variants that are in various stages of development.
A ransomware strain known as Scarab, and detected for the first time in June, is now being pushed to millions of users via Necurs, the Internet's largest email spam botnet.