The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura.

MalwareHunterTeam found a ransomware being spread as 'Covid-19 cure update.exe'. Asks the victim to contact them via WhatsApp.

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .2020 extension to encrypted files.

Malware belonging to Russian-speaking threat actors was used in attacks in late January against at least two European companies in the pharmaceutical and manufacturing industries.

Karsten Hahn found a new MBR Locker called 'Rubly Trojan' that utilizes the same code as Coronavirus ransomware to lock the MBR and shows an Annabelle picture in the locker.

The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic.

Cyber insurer giant Chubb is allegedly the latest ransomware victim according to the operators of the Maze Ransomware who claim to have encrypted the company in March 2020.

Michael Gillespie found a new variant of the STOP Ransomware that appends the .opqz extension.

Since Saturday March 21, the optical specialist Essilor has suffered a major computer attack. The attackers demand a ransom to unblock the situation.

MalwareHunterTeam has seen a new n2019cov Ransomware that appends the .P4WN3D and drops a ransom note named Checks if ThreeLetterISOLanguageName is "spa" before writing note. But it will be hidden... The names used...

Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches.

Michael Gillespie found a new variant of the Makop Ransomware that appends the .shootlock extension to encrypted files.

Michael Gillespie found a two new variants of the same unknown ransomware that utilize the extensions .yakuza or .teslarvng and drop a ransom note named How To Recover.txt.

dnwls0719 found a new ransomware calling itself 'Waldo Ransomware' that does not utilize an extension for encrypted files.

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .C-VIR extension to encrypted files.

Jirehlov Solace found a new ransomware that appends the .vhd extension to encrypted files and drops a ransom note named HowToDecrypt.txt.

As if people did not have enough to worry about, attackers are now targeting them with Coronavirus (COVID-19) phishing emails that install ransomware.

Michael Gillespie found a new variant of the STOP Ransomware that appends the .npsk extension.

Finastra, a leading financial technology provider from the UK, announced that it had to take several servers offline following a ransomware attack detected earlier today.

PwndLocker has rebranded as the ProLock Ransomware after fixing a crypto bug that allowed a free decryptor to be created.

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .LX extension to encrypted files.

S!Ri found a new variant of the Gibberish Ransomware variant called Velar.

France's cyber-security agency issued an alert this week warning about a new ransomware gang that's been recently seen targeting the networks of local government authorities.

Ransomware victims who do not pay a ransom and have their stolen files leaked are now facing a bigger nightmare as other hackers and criminals sell and distribute the released files on hacker forums.

Today we'll take a look at a windows ransomware built with Java. As you might have guessed this will get ugly and is therefore not for the faint of heart.

Ransomware gets deployed three days after an organization's network gets infiltrated in the vast majority of attacks, with post-compromise deployment taking as long as 299 days in some of the dozens of attacks researchers at cybersecurity firm FireEye examined between 2017 and 2019.

Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

Emsisoft and Coveware have announced that they will be offering their ransomware decryption and negotiation services for free to healthcare providers during the Coronavirus outbreak.

A new ransomware called Nefilim that shares much of the same code as Nemty has started to become active in the wild and threatens to release stolen data.

S!Ri found a new ransomware called Clinix that appears to a modified version of GoldenEye.

The DomainTools Security Research Team, in the course of monitoring newly registered Coronavirus and COVID labeled domain names, discovered a website luring users into downloading an Android application under the guise of a COVID-19 heat map. Analysis on the application showed that the APK contained ransomware. SSL certificates of the malicious domain (coronavirusapp[.]site) link the site to another domain (dating4sex[.]us) which is also serving the malicious application. The linked site has registration information pointing to an individual in Morocco.

Michael Gillespie found a JungleSec ransom note where they have begun to threaten to release stolen data.

Michael Gillespie found a new variant of the STOP Ransomware that appends the .remk extension.

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .IPM extension to encrypted files.

CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware

In reality, the app is poisoned with ransomware. This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.

15.3.20

Nemty rebrands as Nefilim

MalwareHunterTeam found that the Nemty Ransomware has rebranded as NEFILIM. Drops a ransom note named NEFILIM-DECRYPT.txt and appends the extension .NEFILIM.

15.3.20

New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer

A new ransomware called CoronaVirus has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.

15.3.20

Paradise Ransomware Distributed via Uncommon Spam Attachment

Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims.

15.3.20

New FOOP STOP Ransomware variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .foop extension to encrypted files.

Ryuk Ransomware Behind Durham, North Carolina Cyberattack

The City of Durham, North Carolina has shut down its network after suffering a cyberattack by the Ryuk Ransomware this weekend.

15.3.20

Ransomware Threatens to Reveal Company's 'Dirty' Secrets

The operators of the Sodinokibi Ransomware are threatening to publicly share a company's "dirty" financial secrets because they refused to pay the demanded ransom.

15.3.20

New LOKD STOP Ransomware variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .lokd extension to encrypted files.

New Mzr Ransomware

GrujaRS found the new Mazr Ransomware that appends the .MZR extension and drops a ransom note named MZReverengeReadME.txt.

Defense contractor CPI knocked offline by ransomware attack

A major electronics manufacturer for defense and communications markets was knocked offline after a ransomware attack, TechCrunch has learned.

Ryuk ransomware hits Fortune 500 company EMCOR

EMCOR Group (NYSE: EME), a US-based Fortune 500 company specialized in engineering and industrial construction services, disclosed last month a ransomware incident that took down some of its IT systems.

Microsoft Shares Tactics Used in Human-Operated Ransomware Attacks

Microsoft today shared tips on how to defend against human-operated ransomware attacks known to be behind hundreds of millions of dollars in losses following campaigns targeting enterprises and government entities.

PwndLocker Ransomware Gets Pwned: Decryption Now Available

Emsisoft has discovered a way to decrypt files encrypted by the new PwndLocker Ransomware so that victims can recover their files without paying a ransom.

New Onix Ransomware

Michael Gillespie found a new Onix Ransomware that is part of the Major Ransomware family that appends the .ONIX extension to encrypted files.

New Ouroboros Ransomware variant

Michael Gillespie found a new Ouroboros Ransomware variant that appends the .vash extension to encrypted files.

Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection

Legal services and e-discovery giant Epiq Global took their systems offline on Saturday after the Ryuk Ransomware was deployed and began encrypting devices on their network.

Windows Explorer Used by Mailto Ransomware to Evade Detection

A newly discovered Mailto (NetWalker) ransomware strain can inject malicious code into the Windows Explorer process so that the malware can evade detection.

New FDFK Matrix Ransomware variant

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .FDFK extension to encrypted files and drops a ransom note named !FDFK_INFO!.rtf.

German BSI Tells Local Govt Authorities Not to Pay Ransoms

BSI, Germany's federal cybersecurity agency, recommends local governments and municipal institutions not to pay the ransoms asked by attackers after they get affected by ransomware attacks.

Ransomware Attackers Use Your Cloud Backups Against You

Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you.

New Everbe 3.0 Ransomware calls itself Culex Locker

Marcelo Rivero found a new variant of the Everbe 3.0 Ransomware that calls itself Culex Locker. This ransomware will append the .[culex@cock.li].CULEX and drop a ransom note named !_HOW_RECOVERY_FILES_!.txt.

New RXX Dharma Ransomware variant

Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .rxx extension to encrypted files.

Legal services giant Epiq Global offline after ransomware attack

Legal services giant Epiq Global has been hit by a ransomware attack.

New PwndLocker Ransomware Targeting U.S. Cities, Enterprises

Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000.

Nemty Ransomware Punishes Victims by Posting Their Stolen Data

The Nemty Ransomware is the latest cybercrime operation to create a data leak site to punish victims who refuse to pay ransoms.

New Rezm STOP Ransomware variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .rezm extension to encrypted files.

Sodinokibi Ransomware Posts Alleged Data of Kenneth Cole Fashion Giant

The operators behind Sodinokibi Ransomware published download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from giant U.S. fashion house Kenneth Cole Productions.

Nemty Ransomware Actively Distributed via 'Love Letter' Spam

Security researchers have spotted an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.

New Black Kingdom Ransomware

GrujaRS found the new Black Kingdom Ransomware that appends the .DEMON extension and drops a ransom note named README.txt.

New YKUP STOP DJvu Ransomware variant

Michael Gillespie found a new Dharma ransomware variant that appends the .YKUP extension.

DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw

Cloud services provider Bretagne Télécom was hacked by the threat actors behind the DoppelPaymer Ransomware using an exploit that targeted servers unpatched against the CVE-2019-19781 vulnerability.

Sodinokibi Ransomware May Tip NASDAQ on Attacks to Hurt Stock Prices

The operators of the Sodinokibi Ransomware (REvil) have started urging affiliates to copy their victim's data before encrypting computers so it can be used as leverage on a new data leak site that is being launched soon.

New BlackHeart Ransomware variant

dnwls0719 found a new BlackHeart Ransomware variant that appends the .Tsar extension and drops a ransom note named ReadME-Tsar.txt.

LockBit threatens users with GDPR violations

MalwareHunterTeam noticed that LockBit changed their ransom note to threaten data leaks and GDPR fines.

DoppelPaymer Ransomware Launches Site to Post Victim's Data

The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted.

New Nomikon Ransomware

MalwareHunterTeam found the note for a new Nomikon Ransomware. No sample as of yet.

Cyberattack on NRC Health sparks privacy concerns about private patient records stored by US hospitals

NRC Health, a publicly-traded company that says it works with 75 percent of the 200 largest U.S. hospital chains, was hit with a cyberattack on Feb. 11, a spokesperson confirmed to CNBC. The attack sparked concerns about the security of patient health information stored on NRC Health’s server

New EncodeCSL Ransomware

Siri found a new ransomware named EncoderCSL that appends the .locked extension.

New EDA2 Ransomware variant

Siri found a new ransomware that appends the .coom extension.

New DeathHiddenTear Ransomware

Michael Gillespie found the DeathHiddenTear Ransomware that uses the .encryptedS extension for small files and the .encryptedL extension for files larger than 500MB.

New nppp STOP DJvu Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .nppp extension.

Swiss Govt Says Ransomware Victims Ignored Warnings, Had Poor Security

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today warned of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies.

Ransomware Hunt:

Michael Gillespie is looking for a sample of the ransomware that uses __________WHY FILES NOT WORK__________.txt ransom note.

New AfroditaTeam Ransomware variant

MalwareHunterTeam found a new AfroditaTeam Ransomware variant that uses the READM3_AFR0DITA_REC0VERY.txt ransom note.

Chinese Jigsaw Ransomware variant uses .exe extension

Jirehlov found a Chinese Jigsaw Ransomware variant that appends the .exe extension to encrypted files.

New mool STOP DJvu Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .mool extension.

US Govt Warns of Ransomware Attacks on Pipeline Operations
 

The Cybersecurity and Infrastructure Security Agency (CISA) today alerted organizations across all critical U.S. infrastructure sectors about a recent ransomware attack that affected a natural gas compression facility.

Dharma Ransomware Attacks Italy in New Spam Campaign

Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy.

Chinese ransomware disguised as VPN

Jirehlov found a Chinese Ransomware that is disguised as a VPN Tool.

New mmnn and ooss STOP DJvu Ransomware variants

Michael Gillespie found new STOP ransomware variants that append the .mmnn or .ooss extensions.

First Go Ransomware with a GUI?

MalwareHunterTeam found what could be the first Go Ransomware with a GUI called Mew767.

New NCOV and SELF Dharma Ransomware variants

Jakub Kroustek found new Dharma Ransomware variants that appends the .ncov or .self extension to encrypted files.