During this week, we did not see a large amount of smaller variants released compared to what we have historically seen. This is because ransomware has moved towards large network-wide breaches by variants such SamSam, BitPaymer, and Dharma over publicly exposed remote desktop services.
This week was mostly small variants, but we did have some interesting news. First we had a in-depth look at the SamSam ransomware by Sophos that details the staggering amount of money they are generating and the GandCrab devs trying to get back at AhnLab for creating a GandCrab vaccine
The SamSam ransomware has earned its creator(s) more than $5.9 million in ransom payments since late 2015, according to the most comprehensive report ever published on SamSam's activity, containing information since the ransomware's launch in late 2015 and up to attacks that have happened earlier this month.
While it has been pretty slow for new ransomware this week, there was a quite a bit of ransomware related news such as the LabCorp attack being a ransomware infection, Magniber branching out, and a ransomware dev venting on Twitter.
New versions of the SamSam ransomware will not execute unless the person running the malware's payload enters a special password via the command-line.
This week was definitely a lot busier than the previous one. During the past two weeks we have had some interesting ransomware released such as Zenis, which deletes files associated with backups, and AVCrypt that tries to uninstall your security software. We also had a bunch of organizations affected by SamSam.
The Mayor of Atlanta, Georgia has confirmed today in a press conference that several local government systems are currently down due to a ransomware infection.
This week's article combines the previous week's stories as well. Lots of small in-dev ransomware over the last two weeks, but also a few RaaS (Ransomware as a Service) implementations were released and decryptor for GandCrab was released.
The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21.
While we are continuing to see less ransomware developed and more attackers focusing on a few large-impact strains, Ransomware is unfortunately not dead. This was particularly apparent this week with plenty of news to go around.
The SamSam ransomware group seems to have gotten to a "great" start in 2018, hitting several high-profile targets such as hospitals, a city council, and an ICS firm.
An Indiana hospital paid a ransom of $55,000 to get rid of ransomware that had infected its systems and was hindering operations last week.
This week we continue to see more ransomware being released as well as changes in the distribution of the larger ransomware infections. For example, Locky has had a very low distribution lately since the holidays, but according to the Cisco Talos Group, it is starting to pick up again.
A bunch of small ransomware variants were released, but we did have a new release of the Locky Osiris variant and the interesting Popcorn Time. To me the most interesting story is Popcorn Time as they offer victims the ability to get a free decryption key if they can get two other people infected and have them pay the ransom.