Several hospitals part of the NHS Lanarkshire board were hit on Friday by a version of the Bit Paymer ransomware. The infection took root on late Friday, August 25. NHS Lanarkshire officials acknowledged the incident right away.
A new variant of the BTCWare ransomware was discovered that appends the .[affiliate_email].nuclear extension to encrypted files. The BTCWare family of ransomware is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services.
Not a lot out this week other than some new variants of CryptoMix, Crysis, and someone paying homage to security researcher Karsten Hahn. Of particular interest is an Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons.
A new variant of the Crysis Ransomware was released yesterdary that appends the .arena extension to encrypted files. This article will provide a brief description of the ransomware and how to protect your computer from ransomware.
Chinese malware developers have created a specialized Android application that allows anyone to generate a fully-working Android ransomware just by filling in a form and pushing a few buttons.
Today, MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses EMPTY, it is clear that the developers are running out of extensions to use.
Ukrainian authorities and businesses are on alert after a local security firm reported that another accounting software maker got hacked and its servers were being used to spread malware.
While the week was dominated by small little ransomware creations, we did have some interesting news. First, we have had a resurgence of Locky variants, then a constant stream of GlobeImposter variants variants, and finally the SynCrypt ransomware that utilizes an interesting distribution method.
Representatives for LG South Korea said on Wednesday that a mysterious ransomware strain has infected self-servicing kiosks at various service centers across the country.
Malware activity has ramped up in the second quarter of 2017, according to reports from cyber-security firms Cyren, Check Point, Kaspersky Lab, Proofpoint, and Symantec.
Today a new Locky Ransomware variant was discovered that switches to the .lukitus extension for encrypted files. It is not currently known how this variant is being distributed, but as the ransomware is being downloaded from a remote site it is most likely malspam.
A new ransomware called SyncCrypt was discovered that is being distributed by spam attachments pretending to be court orders. This ransomware uses a interesting approach of embedding a zip file in a jpg image in order to avoid detection.
A PHP ransomware project open-sourced on GitHub is still spawning active threats, more than a year after it was released in early 2016.
Ukrainian authorities have arrested a 51-year-old man from Nikopol, Dnipropetrovsk region, on accusations of distributing a version of the NotPetya ransomware.
A large malspam campaign is underway that is pushing a new Locky variant that appends the .diablo6 extension to encrypted files. Is this the return of Locky or just a brief resurgence?
It has been a week heavily dominated by GlobeImposter variants being released here and there and smaller ransomware variants with little or no distribution. We also saw news about companies still being affected by the NotPetya attack.
The Cerber ransomware has received an update that allows it to collect and steal data from a victim's computer, similar to an infostealer.
The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, the point of origin of the NotPetya ransomware outbreak.