dnwls0719 found a new Dharma Ransomware variant that appends .credo extension and drops a ransom note named FILES ENCRYPTED.txt.

dnwls0719 found a new Dharma Ransomware variant that appends .credo extension and drops a ransom note named FILES ENCRYPTED.txt.

Michael Gillespie is looking for a new ransomware that appends extensions in the format ._HE and ._HE._LP and drops a ransom note named READ_ME_.txt.

Michael Gillespie is looking for a new ransomware that appends extensions in the format ..id=.[]..jwjs and drops a ransom note named ReadMe.txt.

The US Federal Bureau of Investigation sent out on Tuesday a security alert to K12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.

Maze ransomware operators have claimed on their website that they breached and locked the network of the South Korean multinational LG Electronics.

Organizations across various regions, industries, and sectors have identified ransomware as a significant risk and wonder if they are positioned to successfully detect and prevent a ransomware attack. At FireEye Mandiant, we use a methodology that determines our client’s susceptibility to ransomware and evaluates their ability to detect and respond to a ransomware attack.

Maze Ransomware had a shout out to Advanced Intel's Vitali Kremez by naming their a malware executable found by Arkbird as kremez._dl_.

Michael Gillespie found a new Dharma Ransomware variant that appends the .team extension to encrypted files.

ESET researchers dissect an Android app that masquerades as an official COVID-19 contact-tracing app and encrypts files on the victim's device

Re-ind found a fake COVID-19 tracer app for Canada that was later identified by NtRaiseException() as the CryDroid ransomware. More info about CryDroid in the next article from ESET.

Michael Gillespie found two new variants of the STOP Ransomware that append either the .moba or .pykw extensions to encrypted files.

Activity logs on a server used by the TrickBot trojan in post-compromise stages of an attack show that the actor takes an average of two weeks pivoting to valuable hosts on the network before deploying Ryuk ransomware.

REvil ransomware operators have been observed while scanning one of their victim's network for Point of Sale (PoS) servers by researchers with Symantec's Threat Intelligence team.

WastedLocker is a new ransomware locker we’ve detected being used since May 2020. We believe it has been in development for a number of months prior to this and was started in conjunction with a number of other changes we have seen originate from the Evil Corp group in 2020. Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017.

The Russian cybercrime group known as Evil Corp has added a new ransomware to its arsenal called WastedLocker. This ransomware is used in targeted attacks against the enterprise.

A Thanos ransomware campaign targeting mid-level employees of multiple organizations from Austria, Switzerland, and Germany was met by the victims' refusal to pay the ransoms demanded to have their data decrypted.

dnwls0719 found the Gomer Ransomware that appends the .gomer and drops a ransom note named GOMER-README.txt.

When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won't get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control.

Watch out if you get affected by Avaddon Ransomware as the decryptors they provide are not working and they don't offer a way to contact them.

Australian beverage giant Lion on Friday added further detail to the cyber incident it disclosed earlier this week, confirming it fell victim to a ransomware attack.

dnwls0719 found a new Makop Ransomware variant that appends the .origami extension to encrypted files.

Jakub Kroustek found new Dharma ransomware variants that append the .php or .hack extensions to encrypted files.

Ravi found a new SFile ransomware variant that appends the .ESCAL-p9yqoly extension to encrypted files.

Michael Gillespie found a new variant of the DCRTR Ransomware that appends the .coka extension.

12.6.20

Michael Gillespie found a new STOP ransomware variant that appends the .nypd extension to encrypted files.

European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network.

The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices.

GrujaRS found a new Such_Crypt Ransomware variant that appends the .mwahahah extension.

The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on.

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.

12.6.20

Emsisoft released a decryptor for the Zorab Ransomware that appends the .ZRB extension.

Michael Gillespie found a new Matrix Ransomware variant that appends the .AG88G extension and drops a ransom note named Readme_AG88G.rtf.

Michael Gillespie found a new STOP ransomware variant that appends the .zwer extension to encrypted files.

A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.

With a wink and a smile, the new Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide.

Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.

12.6.20

A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse.

Michael Gillespie found a fake STOP ransomware decryptor that is actually ransomware.

The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace, as well as stole and leaked unencrypted files from the company's compromised devices in April 2020.

After remaining relatively quiet over the past few months, the threat actors behind the eCh0raix Ransomware have launched a brand new campaign targeting QNAP storage devices.

The latest ransomware that everyone needs to watch out for is called Kupidon, and it targets not only corporate networks but also home user's personal data.

Emsisoft has released a decryptor for the RedRum/Tycoon ransomware.

Michael Gillespie found a new STOP Ransomware variant that appends the .kkll extension to encrypted files.

Jakub Kroustek found new variants of the Dharma ransomware that append the .FRM, .WCH, or .CLUB extensions to encrypted files.

COVID-19 set the scene for an explosion of ransomware incidents. As companies pivoted to remote working with little time to prepare, certain compromises had to be made in the interest of business continuity; for many businesses, this meant loosening security protocols to help employees remain productive.

A new human-operated ransomware strain is being deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019.

5.6.20

The Maze Ransomware operators are claiming to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.

GrujaRS found a new ransomware that drops a ransom note named [extension]-HOW-TO-FIX.TXT and asks you contact them on licky.org.

Michael Gillespie found a new Scarab Ransomware variant that appends the .coronavirus extension to encrypted files and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.

The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA's IT contractors.

The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stolen unencrypted data, and encrypted their computers.

5.6.20

Ransomware gangs are teaming up to extort victims through a shared data leak platform, and the exchange of tactics and intelligence.

Shadow Intelligence found a new ransomware being marketed on hacker forums called Avaddon.

MalwareHunterTeam found a new Android ransomware that appends the .xdrop extension to encrypted files.

​The operators of the REvil ransomware have launched a new auction site used to sell victim's stolen data to the highest bidder.

Michael Gillespie is looking for a new ransomware called Fonix that appends the .FONIX extension and drops a ransom note named # How To Decrypt Files #.hta.

Michael Gillespie found a new STOP Ransomware variant that appends the .nlah extension to encrypted files.

Michael Gillespie found new Xorist Ransomware variants that append the .hex911 or .bot extensions to encrypted files.

Emsisoft has updated their Jigsaw Ransomware decryptor to support the .ElvisPresley variant.

The Nipissing First Nation administration stopped a ransomware attack in its tracks but not soon enough to prevent disruption of communications.

Jakub Kroustek found new variants of the Dharma ransomware that append the .BOMBO or .ONE extension to encrypted files.

5.6.20

dnwls0719 found a new French ransomware called Sapphire that appends the .VIVELAG extension to encrypted files.