20.12.20 | New Inferno RaaS |  | RAKESH KRISHNAN found a new ransomware-as-a-service called Inferno that is recruiting affiliates. |
20.12.20 | New Hakbit variant |  | xiaopao found a new Hakbit variant that appends the .rastar extension. |
20.12.20 | New STOP Ransomware variant | | Michael Gillespie found a new STOP Ransomware variant that appends the .omfl extension. |
20.12.20 | Ransomware masquerades as mobile version of Cyberpunk 2077 |  | A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare. |
20.12.20 | Iranian nation-state hackers linked to Pay2Key ransomware | | Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil. |
20.12.20 | The COVID-20 Ransomware | | MalwareHunterTeam found a silly bootlocker named COVID-20 ransomware. |
20.12.20 | New HiddenTear variant | | MalwareHunterTeam found a HiddenTear variant that appends the .fmfgmfgm extension. |
20.12.20 | New Hades Ransomware |  | Michael Gillespie found a new ransomware calling itself Hades Ransomware that appends a random extension and drops ransom note named "HOW-TO-DECRYPT-xxxxx.txt." |
20.12.20 | Beazley Breach Insights - Q3 2020 | | In an incredibly challenging year in which ransomware has easily become the biggest cyber threat to impact individuals and organizations alike, the severity of ransomware attacks has continued to escalate. During 2020, these incidents have reached new levels of complexity, having developed a long way from the early incarnations of ransomware designed to trick an employee into clicking on a bad email that then encrypts a workstation and file shares. |
20.12.20 | Ransomware gangs automate payload delivery with SystemBC malware | | SystemBC, a commodity malware sold on underground marketplaces, is being used by ransomware-as-a-service (RaaS) operations to hide malicious traffic and automate ransomware payload delivery on the networks of compromised victims. |
20.12.20 | New Phobos Ransomware variant | | Michael Gillespie found a new Phobos variant that appends the ".id[].[ICQ_Sophos].Antivirus" extension. |
20.12.20 | New Dharma ransomware variants | | Jakub Kroustek found two new Dharma Ransomware variants that append the .msf or .lock extensions. |
20.12.20 | Ransomware attack causing billing delays for Missouri city | | The City of Independence, Missouri, suffered a ransomware attack last week that continues to disrupt the city's services. |
20.12.20 | Clop sample used on Symrise | | Minhee Lee found the Clop ransomware variant used in the Symrise attack. |
20.12.20 | Hacker legen Symrise lahm – warum der Fall besonders schwerwiegend ist | | Der niedersächsische MDax-Konzern Symrise ist Opfer einer schweren Attacke unbekannter Hacker geworden. Die Produktion in dem 2003 gegründeten Unternehmen in Holzminden steht weitgehend still. „Um die Folgen bewerten zu können und mögliche weitere Auswirkungen zu verhindern, hat das Unternehmen alle wesentlichen Systeme heruntergefahren“, teilte Symrise mit. |
20.12.20 | New STOP Ransomware variant | | Michael Gillespie found a new STOP Ransomware variant that appends the .booa extension. |
20.12.20 | New Zeoticus variant | | MalwareHunterTeam found a new Zeoticus 2.0 ransomware variant that appends the .2020END extension. Guess they are fed up with this year also. |
20.12.20 | New Ouroboros ransomware variant |  | S!ri found a new variant of the Ouroboros ransomware that appends the .Sophos extension. |
20.12.20 | New Conti variant | | S!ri found a new Conti variant that appends the .KCWTT extension to encrypted files. |
20.12.20 | Intel's Habana Labs hacked by Pay2Key ransomware, data stolen | | Intel-owned AI processor developer Habana Labs has suffered a cyberattack where data was stolen and leaked by threat actors. |
12.12.20 | MountLocker ransomware gets slimmer, now encrypts fewer files | | MountLocker ransomware received an update recently that cut its size by half but preserves a weakness that could potentially allow learning the random key used to encrypt files. |
12.12.20 | Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company | | Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business. |
12.12.20 | New Nefilim variant | | Michael Gillespie found a Nefilim variant that appends the .INFECTION extension and drops the INFECTION-HELP.txt ransom note. |
12.12.20 | Ransomware : Ragnar Locker revendique une cyberattaque contre Dassault Falcon Jet Corp. | | Non sans une certaine fierté pour leur « travail de recherche », les opérateurs de Ragnar Locker nous ont assuré que si Dassault Falcon Jet « continue à garder le silence, ils seront très surpris du paquet de données que nous avons collectées ». |
12.12.20 | U.S. warns of increased cyberattacks against K-12 distance learning | | K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year. |
12.12.20 | New STOP Djvu ransomware variant | | Michael Gillespie found a new STOP Djvu ransomware variant that appends the .igdm extension to encrypted files. |
12.12.20 | New Conti Ransomware variants | | S!ri found new Conti variants that append the .FBSYW and .TJMBK extensions to encrypted files. |
12.12.20 | New Dharma Ransomware variant | | Emmanuel_ADC-Soft found a new Dharma variant that appends the .yoAD extension to encrypted files. |
12.12.20 | Threat Assessment: Egregor Ransomware | | Since September 2020, Unit 42 researchers have observed Egregor ransomware affecting multiple industries globally, including those within the U.S, Europe, Asia Pacific and Latin America, following the decline in operations utilizing the Maze ransomware. Egregor operations mimic that of Maze operations, leading us to believe that although Maze operators announced a shutdown of the “Maze Team Project,” the operators behind those activities have simply developed a new ransomware to move their objectives forward. |
12.12.20 | Egregor ransomware: Maze’s heir apparent | | In September, a new ransomware brand emerged just as the Maze ransomware gang began shuttering its operation. Named Egregor (from an occult term derived from the Greek word ἑγρήγορος, “wakeful”—a term used to refer to an angel-like spirit or group mind), the ransomware leverages data stolen during the attack to extort the victim for payment, following a trail blazed by Maze. |
12.12.20 | Ransomware forces hosting provider Netgain to take down data centers | | Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November. |
12.12.20 | Foxconn electronics giant hit by ransomware, $34 million ransom | | Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices. |
12.12.20 | Boston's GBMC HealthCare discloses ransomware attack | | On the morning of Sunday, December 6, 2020, GBMC HealthCare detected a ransomware incident that impacted information technology systems. Although many of our systems are down, GBMC HealthCare has robust processes in place to maintain safe and effective patient care. We are collectively responding in accordance with our well-planned process and policies for this type of event. |
12.12.20 | Ransomware hits helicopter maker Kopter | | Helicopter maker Kopter has fallen victim to a ransomware attack after hackers breached its internal network and encrypted the company's files. |
5.12.20 | New STOP Ransomware variant |
| Emmanuel_ADC-Soft fond a new STOP Ransomware variant that appends the .NOBU extension. |
5.12.20 | New Conti Ransomware variant |
| Siri found a new Conti ransomware variant that appends the .SYTCO extension. |
5.12.20 | New CryptoJoker variants | 
| xiaopao found new CryptoJoker ransomware variants that are appending the .partially.nocry, .devos, and .devoscpu extensions. |
5.12.20 | Largest global staffing agency Randstad hit by Egregor ransomware |
| Staffing agency Randstad NV announced today that their network was breached by the Egregor ransomware, who stole unencrypted files during the attack. |
5.12.20 | Metro Vancouver's transit system hit by Egregor ransomware |
| The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems. |
5.12.20 | Georgia dental practice discovers it was attacked by ransomware when the attackers call them on the phone |
| Galstan & Ward Family and Cosmetic Dentistry (Galstan & Ward) is a dental practice in Georgia. On September 9, 2020, they learned that they had been a victim of a ransomware attack — or an attempted attack — when they got a phone call from a group claiming to have attacked them and demanding a ransom. |
5.12.20 | Kmart nationwide retailer suffers a ransomware attack |
| US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned. |
5.12.20 | Ransomware gang says they stole 2 million credit cards from E-Land |
| Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. |
5.12.20 | K12 online schooling giant pays Ryuk ransomware to stop data leak |
| Online education giant K12 Inc. has paid a ransom after their systems were hit by Ryuk ransomware in the middle of November. |
5.12.20 | Alabama school district shut down by ransomware attack |
| Ransomware operators have attacked the Huntsville City Schools district in Alabama, forcing them to shut down schools for the rest of the week and possibly next week. |
5.12.20 | New Xorist variant |
| Michael Gillespie found a new Xorist ransomware variant that appends the '.hacker crypt http://2020.data' extension. |
5.12.20 | Egregor press releases called paid ransoms a contract | 
| MalwareHunterTeam noticed that Egregor added a press release that calls the relationship between paid victims as a "a contract." |
5.12.20 | New STOP Ransomware variant |
| Michael Gillespie found a new STOP ransomware variant that appends the .weui extension to encrypted files. |
5.12.20 | IoT chip maker Advantech confirms ransomware attack, data theft |
| Industrial automation and Industrial IoT (IIoT) chip maker Advantech confirmed a ransomware attack that hit its network and led to the theft of confidential, albeit low-value, company documents. |
5.12.20 | Vermont hospitals still recovering from October ransomware attack |
| The University of Vermont Health Network is still recovering from a Ryuk Ransomware attack in October 2020, with services slowly coming back online. |
5.12.20 | Baltimore students told to ditch Windows PCs after ransomware attack |
| Baltimore County Public Schools (BCPS) urged students and staff to stop using their school-issued Windows computers and only use Chromebooks and Google accounts following a ransomware attack that hit the district's network last Wednesday. |
5.12.20 | Gootkit malware returns to life alongside REvil ransomware |
| After a year-long vacation, the Gootkit information-stealing Trojan has returned to life alongside REvil Ransomware in a new campaign targeting Germany. |
5.12.20 | New Dharma Ransomware variants |
| Jakub Kroustek found new Dharma ransomware variants that append the .ZIN and .SUKA extension. |
5.12.20 | Pennsylvania county pays 500K ransom to DoppelPaymer ransomware |
| Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend. |
