16.2.20
S!Ri found a unknown ransomware that targets both Russian and English speaking victims.
16.2.20
Michael Gillespie found a new variant of the STOP Ransomware that appends the .rooe extension to encrypted files.
16.2.20
Germán Fernández found a new version 3.3 of the CXK-NMSL ransomware that pretends to be '2020.1.10-2020.1.23Information on Travelers from Wuhan China to India.xlsx.
16.2.20
Ransomware meets sextortion: this ransomware demands explicit pics to unlock your data
We just released an updated decryptor for the “Ransomwared” strain of ransomware that can unlock files appended with extensions such as .ransomwared and .iwanttits.
16.2.20
Jakub Kroustek found two new variants of the Dharma Ransomware that appends the .WHY, .Z9, and .LIVE extensions to encrypted files.
16.2.20
Amigo-A found a new variant of the Major Ransomware that's is calling itself Onix and appends the .ONIX extension and drops a ransom note named TRY_TO_READ.html.
16.2.20
Report: The cost of ransomware in 2020. A country-by-country analysis
In The State of Ransomware in the US: Report and Statistics 2019, we examined the number of ransomware attacks on the U.S. public sector and the cost of those attacks. In this report, we will examine the number of attacks on both the public and private sectors for a number of countries and estimate the cost, including the cost of downtime, of those attacks on a country-by-country basis as well as estimate the overall global cost
16.2.20
CollabVM found an unknown Chinese Ransomware on a hacked remote desktop server.
16.2.20
GrujaRS found a new ransomware that appends the .cuba extension and drops a ransom note named !!FAQ for Decryption!!.txt.
16.2.20
Ragnar Locker Ransomware Targets MSP Enterprise Support Tools
A ransomware called Ragnar Locker is specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped.
16.2.20
GrujaRS found a new variant of the MedusaLocker Ransomware that appends the .hellomynameisransom extension to encrypted files and drops a ransom note named HOW_TO_RECOVER_DATA.html.
16.2.20
Amigo-A found two new variants of the Phobos Ransomware that append the .Devos or .Caley extensions to encrypted files.
9.2.20
S!Ri found a new DesuCrypt ransomware variant that appends the .desucrpt extension but does not provide a way of contacting them for ransom info.
9.2.20
Michael Gillespie found a new variant of the STOP Ransomware that appends the .bboo extension to encrypted files.
9.2.20
dnwls0719 found a new variant of the Snatch Ransomware that appends the .egmwv extension to encrypted files and drops a ransom note named DECRYPT_EGMWV_FILES.txt.
9.2.20
The attackers behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows that is used to terminate antivirus and security software.
9.2.20
Emsisoft released a decryptor for the Ransomwared Ransomware whose encrypted files utilize the .ransomwared extension.
9.2.20
With the high ransom prices and big payouts of enterprise-targeting ransomware, we now have another ransomware known as Mailto or Netwalker that is compromising enterprise networks and encrypting all of the Windows devices connected to it.
9.2.20
Australian transportation and logistics company Toll Group stated today that systems across multiple sites and business units were encrypted affected by a ransomware called the Mailto ransomware.
9.2.20
S!Ri found a new ransomware called PassLock that appends the .encrypted extension to encrypted files.
9.2.20
Under the Breach noticed that REvil had begun to publish a victim's data online after they did not pay a ransom.
9.2.20
Warning to law firms: a ransomware group is stealing data and posting it online
Five law firms have been hit by a notorious ransomware group known as Maze – three within the last 72 hours alone. It is highly likely Maze will target more law firms in the days and weeks ahead. While only U.S. firms have so been hit, firms in other countries are equally at risk.
9.2.20
DoppelPaymer Ransomware Sells Victims' Data on Darknet if Not Paid
The DoppelPaymer Ransomware is the latest family threatening to sell or publish a victim's stolen files if they do not pay a ransom demand.
9.2.20
Bouygues Construction Shuts Down Network to Thwart Maze Ransomware
French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware.
9.2.20
Jirehlov found a new ransomware that appends the .adv extension but does not seem to drop a ransom note. Not sure if its buggy, in dev, or meant to be a wiper.
2.2.20
Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .alka extension to encrypted files.
2.2.20
A ransomware infection has brought down TVEyes, a company that manages a popular platform for monitoring TV and radio news broadcasts, broadly used by newsrooms and PR agencies across the globe.
2.2.20
Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .repp extension to encrypted files.
2.2.20
Albert Zsigovits found a new variant of the LockBit ransomware that appends the .lockbit extension.
2.2.20
Ransomware predicted to target U.S. 2020 election – and local governments are not prepared
We now feel it necessary to issue a similar warning in relation to the threat ransomware presents to the 2020 election and again call on governments to act immediately to improve their security.
2.2.20
Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .npsg extension to encrypted files.
2.2.20
Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .btos extension to encrypted files.
2.2.20
Amigo_A found the new CryptoPatronum Ransomware that appends the .cryptopatronum@protonmail.com.enc and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.txt.
2.2.20
After the message GandCrab quit, a hole was left in the scene. It was time for a new contender. In the last few months REvil/Sodinokibi seems to have filled that gap. There already have been multiple blogs describing the similarities between GandCrab and REvil affiliates. We’ll stay clear of the similarities in this blog and focus on the usage statistics of the ransomware family by looking at samples, infection rates and ransom demands.
2.2.20
Vitali Kremez has noticed that the Maze Ransomware operators are taunting and having some fun with security researchers.
2.2.20
Ragnarok Ransomware Targets Citrix ADC, Disables Windows Defender
A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.
2.2.20
Ransomware Bitcoin Wallet Frozen by UK Court to Recover Ransom
A victim's insurance company convinced the UK courts to freeze a bitcoin wallet containing over $800K worth of a ransomware payment.
2.2.20
Michael Gillespie found a new Dharma Ransomware variant that appends the .2NEW extension to encrypted files.
2.2.20
Amigo-A found a new Dharma Ransomware variant that appends the .LIVE and drops the ransom notes Info.hta and FILES ENCRYPTED.txt. Appears to call itself CryptLive.
2.2.20
MalwareHunterTeam discovered a new ransomware called "Strawberry Fields Crypto Locker" that does not encrypt. Looks like a joke ransomware.
2.2.20
MalwareHunterTeam noticed that DoppelPaymer has finally switched to its own extension of .doppled and now ends their ransom notes with .how2decrypt.txt.