Karsten Hahn found a new CryptoWire variant called FlyingShip.

Karsten Hahn found a new ransomware that threatens "fry" files and append the .silvertor extension to encrypted files.

Michael Gillespie found a new STOP Ransomware variant that appends the .erif extension to encrypted files.

Arete Threat Intelligence continues to work with law enforcement contacts to conduct analysis into WastedLocker. The cyber criminals behind this variant have been quick to identify and infect victims’ systems with ransomware resulting in a devastating blow to the victims IT infrastructure and interrupting profitable business operations

JAMESWT found a new bootlocker that shows a link to a RickRoll YouTube Video.

The UK National Cyber Security Centre (NCSC) today highlighted the increasing risks posed by ransomware attacks, phishing campaigns, and Business Email Compromise (BEC) fraud schemes targeting sports organizations and teams, including Premier League football clubs.

Wearable device maker Garmin shut down some of its connected services and call centers on Thursday following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack.

Leo found a new in-development ransomware that calls itself Davinci and only encrypts files on the desktop. Amigo-A states that this is a variant of the CobraLocker ransomware family.

Affiliate involved in Maze ransomware operations profiled from the actor perspective while also detailing their involvement in other groups.

A recently discovered malware framework known as MATA and linked to the North Korean-backed hacking group known as Lazarus was used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data theft.

Vitali Kremez posted a brief analysis of the Exorcist ransomware and how it avoids CIS countries.

MalwareHunterTeam found a new ransomware called Exorcist that is targeting enterprise networks and is promoted on hacker forums.

Michael Gillespie found a new Matrix ransomware variant that appends the .RE78P and drops the RE78P_README.rtf ransom note.

Michael Gillespie announced that ID Ransomware can now detect 900 ransomware families.

Michael Gillespie found a new ransomware/wiper that appends the .mechu4Po and .Ieph0uxo extensions or drops a ransom note named !!!ПРОЧИТАТЬ!!!.txt / README.txt.

A ransomware gang has infected the internal network of Telecom Argentina, one of the country's largest internet service providers, and is now asking for a $7.5 million ransom demand to unlock encrypted files.

Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident.

Since January 2020, the Arete IR practice has responded to forty-one (41) Sodinokibi engagements. The industry has seen two big changes with Sodinokibi/REvil from their shift to exfiltrating data as of January 2020, and more, recently with their move to only accepting payments in Monero cryptocurrency (XMR).

Michael Gillespie found a new STOP Ransomware variant that appends the .kuus extension to encrypted files.

Michael Gillespie found a new Maoloa Ransomware variant that appends the .Globeimposter-Alpha865qqz extension to encrypted files.

Michael Gillespie found a new Dharma Ransomware variant that appends the .spare extension to encrypted files.

Blackbaud, a provider of software and cloud hosting solutions, said it stopped a ransomware attack from encrypting files earlier this year but still had to pay a ransom demand anyway after hackers stole data from the company's network and threatened to publish it online.

Michael Gillespie found a new Makop Ransomware variant that appends the .BNFD extension to encrypted files.

Orange has confirmed to BleepingComputer that they suffered a ransomware attack exposing the data of twenty of their enterprise customers.

Recently, 360 Security Center has detected that a file encryption virus in the form of a hoax has appeared on the network. In view of the encrypted file suffix of the virus is named “.flowEncryption”, we named it “flowEncryption file encryption virus”.

Michael Gillespie is looking for a new ransomware that appends the .FastWind extension and drops a ransom note named ransomware.txt.

Michael Gillespie found a new Makop Ransomware variant that appends the .zbw extension and drops a ransom note named readme-warning.txt.

The data theft and name-and-shame tactics initiated by Maze in November 2019 and subsequently adopted by multiple other groups have blurred the line between ransomware attack and data breach.

Jakub Kroustek found two new variants of the Dharma Ransomware that append either the .data or .smpl extension to encrypted files.

Michael Gillespie found a new STOP Ransomware variant that appends the .repl extension to encrypted files.

A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files.

dnwls0719 found a new FonixCrypter variant that appends the .XINOF extension.

19.7.20

xiaopao found a new Matrix Ransomware variant that appends the .AL8P extension and drops a ransom note named Readme_AL8P.rtf.

10.7.20

JAMESWT found a new variant of the Thanos Ransomware that is asking for 20k ransom.

Michael Gillespie found a new Dharma variant that appends .smpl extension to encrypted files.

Jakub Kroustek found new variants of the Dharma Ransomware that append the .null, .felix, or the .gns extensions.

The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Conti's distribution is increasing.

10.7.20

Michael Gillespie found a new Dharma variant that appends .teamV extension to encrypted files.

Michael Gillespie found the new Panther Ransomware that targets users in China. This ransomware appends the .panther extension and drops a ransom note named LOCKED_README.txt.

xiaopao found a CoronaCrypt Ransomware variant that appends the .Encrypted extension.

Michael Gillespie found a new FonixCrypter variant that appends the .repter extension.

10.7.20

The ThiefQuest malware, which was discovered last week, may not actually be ransomware according to new findings. The behaviors that have been documented thus far are still all accurate, but we no longer believe that the ransom is the actual goal of this malware.

Emsisoft released a decryptor for the SpartCrypt ransomware.

Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows the recovery of encrypted files, which would remain lost in lack of a backup.

Michael Gillespie found a new STOP Ransomware variant that appends the .maas extension.

10.7.20

Jakub Kroustek found new variants of the Dharma Ransomware that append the .bmtf or the .prnds extension.

EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation's systems, the Portuguese multinational energy giant Energias de Portugal (EDP).

Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary.

dnwls0719 found the IT Ransomware that appends the .IT extension to encrypted files.

Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data.

A big portion of my work as malware analyst at G Data is writing detection signatures for our product. One of those signatures checks for a USB worm component that I have seen in certain variants of .NET based RATs like njRAT and BlackNet RAT. When this worm signature hit on an unidentified sample[1], I got curios. It was a .NET ransomware that seemed oddly familiar to me. I couldn’t put a finger on it yet.

S!Ri found the new Pojie ransomware that appends the .52pojie extension to encrypted files.

Jakub Kroustek has found two new Dharma Ransomware variants that append either the .NHLP or the .gyga extensions to encrypted files.

A flood of attacks is targeting unsecured MongoDB servers and wiping their databases. Left behind are notes demanding a ransom payment, or the data will be leaked, and the owners reported for GDPR violations.

The Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework.

dnwls0719 found the Rabbit Ransomware that appends the .RABBIT extension to encrypted files.

Ravi found a variant of the MedusaLocker Ransomware that appends the .VinDizelPux extension.

A new data wiper and info-stealer called ThiefQuest is using ransomware as a decoy to steal files from macOS users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers.

Maze ransomware operators have updated their list of victims adding Xerox Corporation to the roster. It appears that the encryption routine had completed on June 25.

xiaopao found the Lolkek ransomware that appends the .lolkek extension to encrypted files. According to Amigo_A_, it may still be in development.

Michael Gillespie found a new STOP ransomware variant that appends the .zida extension.

A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.

A leading medical-research institution working on a cure for Covid-19 has admitted it paid hackers a $1.14m (£910,000) ransom after a covert negotiation witnessed by BBC News.

The University of California San Francisco (UCSF) says that it paid $1.14 million to the Netwalker ransomware operators who successfully breached the UCSF School of Medicine’s IT network, stealing data and encrypting systems.

Jakub Kroustek has found two new Dharma Ransomware variants that append either the .lxhlp or the .HOW extensions to encrypted files.