Michael Gillespie found a new Matrix variant that appends the .DEUS extension and drops a ransom note named DEUS_INFO.rtf.

Michael Gillespie found a new Stop variant that appends the .copa extension to encrypted files.

We turned a coffee maker into a dangerous machine asking for ransom by modifying the maker’s firmware. While we could, could someone else do it too? As you might expect, the answer is: Yes. Follow us on a journey where we show you that firmware is the new software.

JAMESWT found a sample of the new Exorcist 2.0 ransomware.

S!ri found the new Dusk v1.0 Ransomware that drops a ransom note named !#!READ-ME!#!.txt ransom note.

Polish authorities have shut down today a hacker super-group that has had its fingers in a multitude of cybercrime operations, such as ransomware attacks, malware distribution, SIM swapping, banking fraud, running fake online stores, and even making bomb threats at the behest of paying customers.

​A new ransomware operation named Mount Locker is underway stealing victims' files before encrypting and then demanding multi-million dollar ransoms.

Joakim Kennedy found a new ransomware written in Golang that is pretending to be REvil. Strange one, as there would be no way for a victim to recover a files as there is no contact info that would work for them. May be a wiper?

METHUEN — An attempt over the summer by Eastern European hackers to gain entry into the city's computer system — with its information about taxpayers, employees and much more — was nearly successful, according to city officials, but quick action helped keep the information secure.

A new ransomware group has been targeting large corporate networks using self-made backdoors and file-encrypting malware for the initial and final stages of the attack.

QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the device's data, and in some cases, steal files from the victim.

Leading government technology services provider Tyler Technologies has suffered a ransomware attack that has disrupted its operations.

3xp0rt found a ransomware actor selling a complete ransomware kit for $2,000.

GrujaRS found a new ransomware that appends the .CRPTD extension to encrypted files.

Xiaopao found new Matrix ransomware variant that appends the .AW46 extension and drops a ransom note named !AW46_INFO!.rtf.

Michael Gillespie found a new Matrix variant that appends the .FG69 extension and drops a ransom note named FG69_README.rtf.

A cyber insurer's security scans during the underwriting phase and post-issuance have led to a 65% reduction in ransomware claims.

Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a cyberattack that has led to the shutdown of operations in Italy and China.

Xiaopao found new Nefilim variant that appends the .TRAPGET extension and drops a ransom note named TRAPGET-INSTRUCTION.txt.

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .JB88 extension and drops a ransom note JB88_README.rtf.

Michael Gillespie found a new ransomware that appends the .encrypted extension and drops a ransom note named SOLVE ENCRYPTED FILES.txt.

Years after he threatened to publicly release information from hacking victims unless they agreed to his digital extortion demands, Nathan Wyatt is headed to a U.S. prison.

In this blog post we describe our findings on the new ransomware family ThunderX that was recently discovered. We also announce a free decryptor that we are making available to help victims at no charge.

Michael Gillespie found a new variant of the STOP ransomware that appends the .kolz extension to encrypted files.

GrujaRS found a new ransomware that appends the .zhen extension to encrypted files.

Michael Gillespie found a new variant of the LeakThemAll ransomware that appends .montana and drops a ransom note of !HELP!.txt.

Michael Gillespie and PolarToffee found a new ransomware called Egregor that appears to be a Sekhmet spinoff. It uses a random extension and drops a ransom note named RECOVER-FILES.txt.

IPG Photonics, a leading U.S. developer of fiber lasers for cutting, welding, medical use, and laser weaponry has suffered a ransomware attack that is disrupting their operations.

The U.K. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware incidents targeting educational institutions, urging them to follow the recently updated recommendations for mitigating malware attacks.

MalwareHunterTeam found a new ransomware that targets Vietnam.

Xiaopao found a new Dharma ransomware variant that appends the .lina extension to encrypted files.

Xiaopao found new BlackHeart variant that .Alix1011RVA extension and drops a ransom note named ReadME-Alix1011RVA.

Xiaopao found new Xorist variant that append the .TAKA extension.

A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.

The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine.

dnwls0719 found a new DesuCrypt variant that calls itself DogeCrypt and appends the .DogeCrypt extension.

Michael Gillespie found a new Xorist Ransomware variant that appends the .YOURPCISHACK16024752552658 extension to encrypted files.

Jakub Kroustek found a new variant of the Dharma ransomware that appends the .TEREN extension.

The LockBit ransomware gang has launched a new data leak site to be used as part of their double extortion strategy to scare victims into paying a ransom.

University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data.

GrujaRS found a new PewPew Ransomware that appends the .abkir extension and wipes files.

JAMESWT found the new Demonware python ransomware.

Michael Gillespie found a new ransomware called Zeoticus 2.0 that appends the extension "..immunityyoung@aol.com.young" and drops a ransom note named README.html.

Michael Gillespie found a new STOP variant that appends the .npph extension to encrypted files.

Michael Gillespie found a new Nefilim variant that appends the .MEFILIN extension and drops a ransom note named MEFILIN-README.txt.

Emsisoft has released a decryptor for the Cyborg ransomware that supports the .petra, .EncryptedFilePayToGetBack, .Cyborg1, and .LockIt extensions.

Marcelo Rivero found a new Dharma Ransomware variant that appends the .AHP extension to encrypted files.

Emsisoft has released a decryptor for the Crypt32 ransomware.

Xiaopao found new Dharma Ransomware variant that append the .chuk extension.

Xiaopao found new Xorist Ransomware variant that append the .BD extension.

In September 2019, we started a dataset of Critical Infrastructures Ransomware Attacks (CIRWAs). These are based on publicly disclosed incidents in the media or security reports. This dataset (version 10.2) now has 687 records assembled from publicly disclosed incidents between November 2013 and August 2020, and has been mapped to the MITRE ATT&CK Framework (39% mapping on software/strain). This is a FREE resource that you can request.

Fairfax County Public Schools (FCPS), the 10th largest school division in the US, was recently hit by ransomware according to an official statement published on Friday evening.

Onyx Mods found a new Dharma Ransomware variant that appends the .blm extension.

MalwareHunterTeam found the new Consciousness Ransomware that appends the .Consciousness extension and drops a ransom note named Consciousness Ransomware Text Message.txt. Michael Gillespie said this is basically a wiper as it does not save the keys properly for encrypted files.

Hackers hacked the computer system data of Karachi Police Office (KPO) Media Cell and demanded a ransom of 9 980. The data of Med or Cell is 700.GB Cybercrime officers arrived at the scene, seized the data system and launched an investigation.

The Development Bank of Seychelles (DBS) was hit by ransomware according to a press statement published earlier today by the Central Bank of Seychelles (CBS).

Ransomware incidents have accounted for 41% of cyber insurance claims filed in the first half of 2020, according to a report published today by Coalition, one of the largest providers of cyber insurance services in North America.

Ukrainian software developer and IT services provider SoftServe suffered a ransomware attack on September 1st that may have led to the theft of customers' source code.

Data center and colocation giant Equinix has been hit with a Netwalker ransomware attack where threat actors are demanding $4.5 million for a decryptor and to prevent the release of stolen data.

Using standard tactics, the operators of ProLock ransomware were able to deploy a large number of attacks over the past six months, averaging close to one target every day.

Xiaopao found new Dharma Ransomware variants that append the .blm and .eur extensions.

Michael Gillespie found a new ransomware that appends the .FLAMINGO extension and drops a ransom note named #READ ME.TXT.

SeaChange International, a US-based leading supplier of video delivery software solutions, has confirmed a ransomware attack that disrupted its operations during the first quarter of 2020.

Saraburi Hospital was attacked by ransomware, unable to access data on the system. Affect the service of patients Anyone who has advice and can provide assistance, please tell the doctor in this link.

Michael Gillespie found a new STOP Ransomware variant that appends the .ogdo extension.

Michael Gillespie found a new MedusaLocker Ransmomware variant that appends the .networkmaze.

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .S996 extension and drops a ransom note named S996_INFO.rtf.

Michael Gillespie found a new Xorist Ransmomware variant that appends the .hnx911.

Michael Gillespie found a new variant of the Matrix Ransomware that appends the .J91D extension and drops a ransom note named J91D_README.rtf.

K-Electric, the sole electricity provider for Karachi, Pakistan, has suffered a Netwalker ransomware attack that led to the disruption of billing and online services.

The Hartford School District in Connecticut has postponed their first day of school as they struggle with getting classroom and transportation systems restored and running after a Labor Day holiday weekend ransomware attack.

Joakim Kennedy found a new in-development ransomware called BlackRose.

S!Ri found a new ransomware called ThunderX that appends the .tx_locked extension.

UK research university Newcastle University says that it will take several weeks to get IT services back online after DoppelPaymer ransomware operators breached its network and took systems offline on the morning of August 30th.

Argentina's official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country.

A school district in North Carolina has suffered a data breach after having unencrypted files stolen during an attack by the SunCrypt Ransomware operators, BleepingComputer has discovered.

The FBI issued a second warning this week to alert US companies of ProLock ransomware operators stealing data from compromised networks before encrypting their victims' systems.

A new Thanos ransomware strain is trying and failing to deliver the ransom note onto compromised systems by overwriting the computers' Windows master boot record (MBR).

GrujaRS found a new ransomware named AIDS_NT that drops a ransom note named AIDS_NT_Instructions.txt.

Xiaopao found a new Dharma Ransomware variant that appends the .gold extension.

S!Ri found a new HiddenTear ransomware variant that appends the .Fappy extension to encrypted files.

S!Ri found a new ransomware that appends the .z3enc extension to encrypted files.

Amigo-A found a new ransomware dubbed AESMewLocker that appends the .locked extension and drops a ransom note named READ_IT.txt.

Onyx Mods LLC found a new HiddenTear variant that appends the .klavins extension to encrypted files.

Xiaopao found a new HiddenTear variant that appends the .UGMH extension.

The malware disguises as DLL fixer 2.5 (see image below). Upon execution it will display a randomly created number of corrupted DLLs it pretends to have found on the system. After the system has been encrypted, a success message for fixing the DLLs is shown.

Xiaopao found a new ransomware that appends the .locked extension.

Xiaopao found a new Matrix Ransomware variant that appends the .FDFK22 extension and drops a ransom note named FDFK22_INFO.rtf.

xiaopao found the BlackKnight screenlocker that requires you to enter a password to get access to the Windows desktop.

Amigo-A found a new ransomware named Geneve that appends a random extension and drops a ransom note named DECRYPT.html.

dnwls0719 found a new variant of the VashSorena v4 Ransomware that appends the .Id-xxxxxxxx.secure extension and drops ransom notes named HELP_DECRYPT_YOUR_FILES.html and HELP_DECRYPT_YOUR_FILES.txt.

dnwls0719 found the new Hexadecimal Ransomware that prepends Lock. to the encrypted file names.

MalwareHunterTeam found the Zorab Ransomware impersonating a STOP Djvu decryptor.

MalwareHunterTeam found a new variant of the BlackHeart Ransomware.

The FBI thwarted the plans of 27-year-old Russian national Egor Igorevich Kriuchkov to recruit an insider within Tesla's Nevada Gigafactory, persuade him to plant malware on the company's network, and then ransom Tesla under threat that he would leak data stolen from their systems.

MalwareHunterTeam found the CoronaCrypt0r ransomware that appends the .locked extension.

A ransomware named SunCrypt has joined the 'Maze cartel,' and with their membership, we get insight into how these groups are working together.

Michael Gillespie found a new ransomware dubbed 'Gladius' that appends the string 'gladius' to encrypted file names and drops a ransom note named Your files are encrypted.txt.

North American land developer and home builder Brookfield Residential is one of the first victims of the new DarkSide Ransomware.

Conti ransomware, the successor of the notorious Ryuk, has released a data leak site as part of their extortion strategy to force victims into paying a ransom.

JAMESWT found a new ransomware called ViluciWare that appends the .locked extension.

Michael Gillespie found a new STOP Ransomware variant that appends the .boop extension.

While ransomware groups each operate based on their own skillset, most of the ransomware incidents in H1 2020 can be attributed to a handful of intrusion vectors that gangs appear to have prioritized this year.

Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity.

Amigo-A found the new XMRLocker Ransomware that appends the .[XMRLocker] and drops a ransom note named ReadMe(HowToDecrypt).txt.