Ransomware operators are always on the lookout for a way to take their ransomware to the next level. That’s particularly true of the gang behind LockBit. Following the lead of the Maze and REvil ransomware crime rings, LockBit’s operators are now threatening to leak the data of their victims in order to extort payment. And the ransomware itself also includes a number of technical improvements that show LockBit’s developers are climbing the ransomware learning curve—and have developed an interesting technique to circumvent Windows’ User Account Control (UAC).

A leading supplier of video delivery software solutions is reportedly the latest victim of the Sodinokibi Ransomware, who has posted images of data they claim to have stolen from the company during a cyberattack.

GrujaRS found a new Phobos Ransomware variant that appends the .iso extension to encrypted files.

MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of the functionality remains consistent. The most notable differences are changes to the file extension used for encrypted files and the look and feel of the ransom note that is left on systems following the encryption process.

A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds.

The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted.

Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .lezp extension to encrypted files.

In 2019, 966 government agencies, educational establishments and healthcare providers in the US were impacted by ransomware. While the early indicators were that the 2020 numbers would be similar to 2019’s or perhaps even worse, that has proved not to be the case. A total of 89 organizations were impacted by ransomware in Q1, however, as the COVID-19 crisis worsened, the number of successful attacks reduced considerably and is now at a level not seen in several years.

MalwareHunterTeam found a fake SMBGhost exploit that is actually ransomware that appends the .sepsys extension to encrypted files.

Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze Ransomware, BleepingComputer has learned.

Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using stolen Active Directory credentials months after exploiting a known remote code execution (RCE) vulnerability in their Pulse Secure VPN servers.

MalwareHunterTeam found a new in-development ransomware from Hungary called Fidesz ransomware.

A leading accounting firm in Canada forced a company-wide shutdown of their systems after getting hit with a cyberattack last weekend, BleepingComputer has learned.

GrujaRS found a new variant of the Balaclava Ransomware that appends the .KEY0004 extension and drops a ransom note named HOW_TO_RECOVERY_FILES.txt.

Jakub Kroustek found a new Dharma Ransomware variant that appends the .dec extension to encrypted files.

MalwareHunterTeam found a new Nemty 3.1 ransomware variant that has messages for Michael Gillespie, MalwareHunterTeam, and Amigo_A.

The Nemty Ransomware is shutting down its public Ransomware-as-a-Service (RaaS) operation and switching to an exclusive private operation where affiliates are hand-selected for their expertise.

Emsisoft has released a decryptor for the KokoCrypt ransomware.

Emsisoft updated their Aurora decryptor to support the .bukyak and .serpom extensions.

Michael Gillespie found a new variant of the STOP Ransomware that appends the .lalo extension to encrypted files.

S!Ri found a new Creepy Ransomware that appends the .creepy extension to encrypted files.

Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).

dnwls0719 found a new variant of the Dharma Ransomware that appends the .dop extension to encrypted files.

Michael Gillespie found a new ransomware that appends the .SARS-CoV-2 extension and drops a ransom note named RECOVER MY ENCRYPTED FILES.TXT.

Jirehlov and RedDrip found a new ransomware that that appends the .bug extension and drops a ransom note named Read_Bug.html.

The author of the KokoCrypt ransomware issued an apology after a ransomware he made got leaked into the wild.

A malware distributor has decided to play a nasty prank by locking victim's computers before they can start Windows and then blaming the infection on two well-known and respected security researchers.

The international e-discovery and managed services company Epiq Global has laid off some 200 employees, with more layoffs yet to come, according to several sources familiar with the situation.

The Sodinokibi Ransomware has started to accept the Monero cryptocurrency to make it harder for law enforcement to track ransom payments and plans to stop allowing bitcoin payments in the future.

Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online.

GrujaRS found a new Aurora Ransomware variant that appends the .bukyak extension.

GrujaRS found a new ransomware called BearCrypt that only targets .jpg and .png files. When encrypted it appends the .crypt extension and drops a ransom note named Readme.txt. Appears to be in-dev.

Travelex reportedly paid a $2.3 million ransom payment to get their systems back online after being encrypted by a Sodinokibi ransomware attack.

Michael Gillespie found new STOP Ransomware variant that appends the .mpaj extension to encrypted files.

One such spear-phishing campaign is being used by the Dharma ransomware variant (Crysis). First noted in 2016, Dharma ransomware has been around for almost five years now and keeps popping out with a new variant, periodically. The threat actors want to leverage every scenario to escape detection and deliver the payload.

FaLcon Intelligence found that a new variant of the Gibberish Ransomware is being spread through the RIG exploit kit.

S!Ri found a new ransomware that states it will decrypt your files if you win a game.

MalwareHunterTeam found a new "Corona Virus IQ" Ransomware from Iraqthat appends the .corona extension to encrypted files.

dnwls0719 found a new Phobos Ransomware variant that appends the .revon extension and drops ransom notes named info.txt and info.hta.

GrujaRS found anew BlackOrchid Ransomware variant that appends the .shinya extension to encrypted files.

The INTERPOL (International Criminal Police Organisation) warns that cybercriminals are increasingly attempting to lockout hospitals out of critical systems by attempting to deploy ransomware on their networks despite the currently ongoing COVID-19 outbreak.

Michael Gillespie found new STOP Ransomware variant that appends the .jope extension to encrypted files.

dnwls0719 found a new Dharma Ransomware variant that appends the .MSPLT extension to encrypted files.

S!Ri found the MrDec Ransomware that appends the .[ID]_RSA extension.

Michael Gillespie found a new Boruta Ouroboros Ransomware variant that appends the .Boruta extension.

GrujaRS found the new HiddenTear ransomware named Rogue Ransomware that appends the .rogue extension and impersonates

Alex Svirid found a new variant of the WannaCash Ransomware that appends the COVID-19 themed extension of .WANNACASH NCOV v310320.

Microsoft has started to send targeted notifications to dozens of hospitals about vulnerable public-facing VPN devices and gateways located on their network.

REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725.

dnwls0719 spotted the Nephilim ransomware, which was previously using a different and uncommon spelling of Nefilim in the past. This variant uses the .NEPHILIM extension and drops a ransom note named NEPHILIM-DECRYPT.txt.

Emsisoft updated their Aurora decryptor to support the .CoronaLock extension.

dnwls0719 found the BB Ransomware that appends the .encryptedbyBB extension to encrypted files.

MalwareHunterTeam found a new Stupid Ransomware variant called ILELECTION2020 that targets Israelis and appends the .likud extension to encrypted files.

JAMESWT found a new Jigsaw Ransomware variant targeted Italian users and appending the .math extension to encrypted files.

Michael Gillespie found a new variant of the STOP Ransomware that appends the .mado extension to encrypted files.