Ransomware News 2020 June -  Úvod  2020  2019  2018  0  1  2  3 


2020 -  January February March April May June July August September October November December


H  Ransomware  Jak útočí  Klany  Techniky  Obrana  Popisky  Anti-Ramson Tool  Rescue plan  Anti-ransomware vaccine  RansomFree  Prevence  Video  Vývoj 

26.6.20

New Credo Dharma Ransomware variant

Dharma

dnwls0719 found a new Dharma Ransomware variant that appends .credo extension and drops a ransom note named FILES ENCRYPTED.txt.

26.6.20

New Credo Dharma Ransomware variant

Dharma

dnwls0719 found a new Dharma Ransomware variant that appends .credo extension and drops a ransom note named FILES ENCRYPTED.txt.

26.6.20

New ransomware hunt

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a new ransomware that appends extensions in the format ._HE and ._HE._LP and drops a ransom note named READ_ME_.txt.

26.6.20

New ransomware hunt

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a new ransomware that appends extensions in the format ..id=.[]..jwjs and drops a ransom note named ReadMe.txt.

26.6.20

FBI warns K12 schools of ransomware attacks via RDP

Výsledek obrázku pro ransomware

The US Federal Bureau of Investigation sent out on Tuesday a security alert to K12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.

26.6.20

LG Electronics allegedly hit by Maze ransomware attack

Výsledek obrázku pro ransomware

Maze ransomware operators have claimed on their website that they breached and locked the network of the South Korean multinational LG Electronics.

26.6.20

Sizing Up: How Mandiant Evaluates Ransomware Defense

Výsledek obrázku pro ransomware

Organizations across various regions, industries, and sectors have identified ransomware as a significant risk and wonder if they are positioned to successfully detect and prevent a ransomware attack. At FireEye Mandiant, we use a methodology that determines our client’s susceptibility to ransomware and evaluates their ability to detect and respond to a ransomware attack.

26.6.20

Maze Ransomware still loves Vitali Kremez

Výsledek obrázku pro ransomware

Maze Ransomware had a shout out to Advanced Intel's Vitali Kremez by naming their a malware executable found by Arkbird as kremez._dl_.

26.6.20

New Team Dharma Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Dharma Ransomware variant that appends the .team extension to encrypted files.

26.6.20

New ransomware posing as COVID-19 tracing app targets Canada; ESET offers decryptor

Výsledek obrázku pro ransomware

ESET researchers dissect an Android app that masquerades as an official COVID-19 contact-tracing app and encrypts files on the victim's device

26.6.20

New CryDroid Ransomware

Výsledek obrázku pro ransomware

Re-ind found a fake COVID-19 tracer app for Canada that was later identified by NtRaiseException() as the CryDroid ransomware. More info about CryDroid in the next article from ESET.

26.6.20

New STOP Ransomware variants

Výsledek obrázku pro ransomware

Michael Gillespie found two new variants of the STOP Ransomware that append either the .moba or .pykw extensions to encrypted files.

26.6.20

Ryuk ransomware deployed two weeks after Trickbot infection

Výsledek obrázku pro ransomware

Activity logs on a server used by the TrickBot trojan in post-compromise stages of an attack show that the actor takes an average of two weeks pivoting to valuable hosts on the network before deploying Ryuk ransomware.

26.6.20

REvil ransomware scans victim's network for Point of Sale system

Výsledek obrázku pro ransomware

REvil ransomware operators have been observed while scanning one of their victim's network for Point of Sale (PoS) servers by researchers with Symantec's Threat Intelligence team.

26.6.20

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

Výsledek obrázku pro ransomware

WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the Evil Corp group in 2020. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017.

26.6.20

New WastedLocker Ransomware distributed via fake program updates

Výsledek obrázku pro ransomware

The Russian cybercrime group known as Evil Corp has added a new ransomware to its arsenal called WastedLocker. This ransomware is used in targeted attacks against the enterprise.

26.6.20

European victims refuse to bow to Thanos ransomware

Výsledek obrázku pro ransomware

A Thanos ransomware campaign targeting mid-level employees of multiple organizations from Austria, Switzerland, and Germany was met by the victims' refusal to pay the ransoms demanded to have their data decrypted.

26.6.20

New Gomer Ransomware

Gomer Ransomware

dnwls0719 found the Gomer Ransomware that appends the .gomer and drops a ransom note named GOMER-README.txt.

26.6.20

Ransomware operators lurk on your network after their attack

Výsledek obrázku pro ransomware

When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won't get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control.

26.6.20

Avaddon Ransomware gives broken decryptors

Výsledek obrázku pro ransomware

Watch out if you get affected by Avaddon Ransomware as the decryptors they provide are not working and they don't offer a way to contact them.

12.6.20

Lion warns of beer shortages following ransomware attack

Výsledek obrázku pro ransomware

Australian beverage giant Lion on Friday added further detail to the cyber incident it disclosed earlier this week, confirming it fell victim to a ransomware attack.

12.6.20

New Makop Ransomware variant

Výsledek obrázku pro ransomware

dnwls0719 found a new Makop Ransomware variant that appends the .origami extension to encrypted files.

12.6.20

New Dharma Ransomware variant

Výsledek obrázku pro ransomware

Jakub Kroustek found new Dharma ransomware variants that append the .php or .hack extensions to encrypted files.

12.6.20

New SFile ransomware variant

Výsledek obrázku pro ransomware

Ravi found a new SFile ransomware variant that appends the .ESCAL-p9yqoly extension to encrypted files.

12.6.20

New DCRTR Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new variant of the DCRTR Ransomware that appends the .coka extension.

12.6.20

New NYPD STOP Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP ransomware variant that appends the .nypd extension to encrypted files.

12.6.20

Power company Enel Group suffers Snake Ransomware attack

Výsledek obrázku pro ransomware

European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network.

12.6.20

City of Knoxville shuts down network after ransomware attack

Výsledek obrázku pro ransomware

The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices.

12.6.20

New Such_Crypt variant

Výsledek obrázku pro ransomware

GrujaRS found a new Such_Crypt Ransomware variant that appends the .mwahahah extension.

12.6.20

Thanos ransomware auto-spreads to Windows devices, evades security

Thanos

The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on.

12.6.20

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

Výsledek obrázku pro ransomware

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.

12.6.20

Zorab Ransomware decryptor released

Výsledek obrázku pro ransomware

Emsisoft released a decryptor for the Zorab Ransomware that appends the .ZRB extension.

12.6.20

New Matrix Ransomware variant discovered

Výsledek obrázku pro ransomware

Michael Gillespie found a new Matrix Ransomware variant that appends the .AG88G extension and drops a ransom note named Readme_AG88G.rtf.

12.6.20

New ZWER STOP Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP ransomware variant that appends the .zwer extension to encrypted files.

12.6.20

Maze Ransomware adds Ragnar Locker to its extortion cartel

Maze cartel

A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.

12.6.20

New Avaddon Ransomware launches in massive smiley spam campaign

Avaddon ransom note

With a wink and a smile, the new Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide.

12.6.20

Honda investigates possible ransomware attack, networks impacted

Výsledek obrázku pro ransomware

Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.

12.6.20

Fake ransomware decryptor double-encrypts desperate victims' files

Fake decryptor

A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse.

5.6.20

Fake STOP decryptor installs ransomware

Výsledek obrázku pro ransomware

Michael Gillespie found a fake STOP ransomware decryptor that is actually ransomware.

5.6.20

US aerospace services provider breached by Maze Ransomware

Výsledek obrázku pro ransomware

The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace, as well as stole and leaked unencrypted files from the company's compromised devices in April 2020.

5.6.20

Ongoing eCh0raix ransomware campaign targets QNAP NAS devices

Kupidon TOR site

After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices.

5.6.20

Kupidon is the latest ransomware targeting your data

Kupidon ransom note

The latest ransomware that everyone needs to watch out for is called Kupidon, and it targets not only corporate networks but also home user's personal data.

5.6.20

New RedRum Ransomware released

Výsledek obrázku pro ransomware

Emsisoft has released a decryptor for the RedRum/Tycoon ransomware.

5.6.20

New NLAH STOP ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP Ransomware variant that appends the .kkll extension to encrypted files.

5.6.20

New FRM, WCH, and CLUB Dharma Ransomware variants

Výsledek obrázku pro ransomware

Jakub Kroustek found new variants of the Dharma ransomware that append the .FRM, .WCH, or .CLUB extensions to encrypted files.

5.6.20

Spike in ransomware predicted as remote workers return to office

Výsledek obrázku pro ransomware

COVID-19 set the scene for an explosion of ransomware incidents. As companies pivoted to remote working with little time to prepare, certain compromises had to be made in the interest of business continuity; for many businesses, this meant loosening security protocols to help employees remain productive.

5.6.20

New Tycoon ransomware targets both Windows and Linux systems

Výsledek obrázku pro ransomware

A new human-operated ransomware strain is being deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019.

5.6.20

Business services giant Conduent hit by Maze Ransomware

Výsledek obrázku pro ransomware

The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.

5.6.20

New unknown ransomware

Licky

GrujaRS found a new ransomware that drops a ransom note named [extension]-HOW-TO-FIX.TXT and asks you contact them on licky.org.

5.6.20

New Scarab Ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new Scarab Ransomware variant that appends the .coronavirus extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

5.6.20

Ransomware gang says it breached one of NASA's IT contractors

Výsledek obrázku pro ransomware

The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA's IT contractors.

5.6.20

Netwalker ransomware continues assault on US colleges, hits UCSF

Výsledek obrázku pro ransomware

The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stolen unencrypted data, and encrypted their computers.

5.6.20

Ransomware gangs team up to form extortion cartel

Výsledek obrázku pro ransomware

Ransomware gangs are teaming up to extort victims through a shared data leak platform, and the exchange of tactics and intelligence.

5.6.20

New Avaddon Ransomware

Výsledek obrázku pro ransomware

Shadow Intelligence found a new ransomware being marketed on hacker forums called Avaddon.

5.6.20

New Android Ransomware

Výsledek obrázku pro ransomware

MalwareHunterTeam found a new Android ransomware that appends the .xdrop extension to encrypted files.

5.6.20

REvil ransomware creates eBay-like auction site for stolen data

Výsledek obrázku pro ransomware

​The operators of the REvil ransomware have launched a new auction site used to sell victim's stolen data to the highest bidder.

5.6.20

New Fonix Ransomware

Výsledek obrázku pro ransomware

Michael Gillespie is looking for a new ransomware called Fonix that appends the .FONIX extension and drops a ransom note named # How To Decrypt Files #.hta.

5.6.20

New NLAH STOP ransomware variant

Výsledek obrázku pro ransomware

Michael Gillespie found a new STOP Ransomware variant that appends the .nlah extension to encrypted files.

5.6.20

New Hex911 Xorist variant

Výsledek obrázku pro ransomware

Michael Gillespie found new Xorist Ransomware variants that append the .hex911 or .bot extensions to encrypted files.

5.6.20

Jigsaw Ransomware decryptor updated

Výsledek obrázku pro ransomware

Emsisoft has updated their Jigsaw Ransomware decryptor to support the .ElvisPresley variant.

5.6.20

Ransomware locks down the Nipissing First Nation

Výsledek obrázku pro ransomware

The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications.

5.6.20

New BOMBO and ONE Dharma Ransomware variants

Výsledek obrázku pro ransomware

Jakub Kroustek found new variants of the Dharma ransomware that append the .BOMBO or .ONE extension to encrypted files.

5.6.20

New Sapphire Ransomware

Sapphire Ransomware

dnwls0719 found a new French ransomware called Sapphire that appends the .VIVELAG extension to encrypted files.