26.1.20
The City of Potsdam severed the administration servers' Internet connection following a cyberattack that took place earlier this week. Emergency services including the city's fire department fully operational and payments are not affected.
26.1.20
Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.
26.1.20
New Ryuk Info Stealer Targets Government and Military Secrets
A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.
26.1.20
MalwareDev found a new variant of the Phobos Ransomware that appends the .devil extension.
26.1.20
S!Ri found a new variant of the OnyxLocker Ransomware that appends the .кристина extension.
26.1.20
Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .topi extension to encrypted files.
26.1.20
Ransomware Costs Double in Q4 as Ryuk, Sodinokibi Proliferate
The total cost of a ransomware attack is a function of the severity and duration of the attack. Financial costs include the the ransom payment if one is made, and the costs to remediation of a network and its hardware. Costs also include lost revenue and potential brand damage if business interruption is severe enough. In Q4, ransomware actors also began exfiltrating data from victims and threatening its release if the ransom was not paid. In addition to remediation and containment costs, this new complication brings forth the potential costs of 3rd party claims as a result of the data breach.
26.1.20
Emsisoft updated their ChernoLocker Decryptor to support more variants including . chernolocker & (.filelocker@protonmail.ch).
26.1.20
Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .reha extension to encrypted files.
26.1.20
Sodinokibi Ransomware Threatens to Publish Data of Automotive Group
The attackers behind the Sodinokibi Ransomware are now threatening to publish data stolen from another victim after they failed to get in touch and pay the ransom to have the data decrypted.
26.1.20
Maze ransomware operators have infected computers from Medical Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of data stolen from infected machines.
26.1.20
GrujaRS found a new variant of the Mespinoza Ransomware that appends the .pysa extension.
26.1.20
Raby found a new variant of the Dharma Ransomware that appends the .NEWS extension to encrypted files.
26.1.20
600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9.
26.1.20
A new ransomware called BitPyLock has quickly gone from targeting individual workstations to trying to compromise networks and stealing files before encrypting devices.
26.1.20
Security researchers have created concept ransomware that takes advantage of a feature in Windows that encrypts files and folders to protect them from unauthorized physical access to the computer.
26.1.20
FTCode ransomware victims now have one more thing to worry about with the malware having been upgraded to also steal saved user credentials from email clients and web browsers.
26.1.20
mol69 noticed that the RIG exploit kit was pushing a Paradise Ransomware variant that appends the .777 extension.
26.1.20
Michael Gillespie found a new STOP Djvu Ransomware variant that appends the .nosu extension to encrypted files.
26.1.20
Temple Har Shalom in Warren, New Jersey had their network breached by the actors behind the Sodinokibi Ransomware who encrypted numerous computers on the network.
26.1.20
dnwls0719 discovered that Nemty has updated their RaaS payment site to a new layout.
19.1.20
Sodinokibi Ransomware Publishes Stolen Data for the First Time
For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time.
19.1.20
Amigo-A found a new variant of the Creeper Ransomware that appends the .rag2hdst extension and drops a ransom note named DECRIPT_FILES.txt.
19.1.20
onion found a new variant of the Satan Ransomware that appends the .5ss5c extension and continues to utilize Mimikatz and EternalBlue.
19.1.20
The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom.
19.1.20
Michael Gillespie found a new ransomware named RedRum that appends the .grinch extension and uses a filemarker of "happyny3.1".
19.1.20
The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.
19.1.20
The cybercrime group that brought us Satan, DBGer and Lucky ransomware and perhaps Iron ransomware, has now come up with a new version or rebranding named "5ss5c".
19.1.20
S!Ri found a new ransomware called Sivo that appends the .sivo extension and drops a ransom note named Sivo-README.txt.
19.1.20
Bitdefender Labs has a released a decryptor for the Paradise Ransomware.
19.1.20
Emsisoft updated their Paradise Ransomware decryptor to support the .stub, .corp and .vacv2 extensions.
19.1.20
S!Ri found a new ransomware that appears to be in-development and appends the .rams1 extension to encrypted files.
19.1.20
Albert Zsigovits noticed that Crakl released a new version (1.8.0.0) of the ransomware.
19.1.20
Michael Gillespie found a new variant of the STOP Djvu rasomware that appends the .kodc extension to encrypted files.
12.1.20
GrujaRS found the Lion Ransomware which is based off of BlackHeart.
12.1.20
Amigo-A found a new variant of the Scarab Ransomware that appends the .inchin extension to encrypted files and drops a ransom note named RECOVER.TXT.
12.1.20
The Maze Ransomware operators have released an additional 14GB of files that they claim were stolen from one of their victims for not paying a ransomware demand.
12.1.20
Albany International Airport's staff announced that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas.
12.1.20
Ako Ransomware: Another Day, Another Infection Attacking Businesses
Like moths to a flame, new ransomware targeting businesses keep appearing every day as they are enticed by the prospects of million-dollar ransom payments. An example of this is a new ransomware called Ako that is targeting the entire network rather than just individual workstations.
12.1.20
MalwareHunterTeam found a new ransomware called BitPyLock that appends the .bitpy extension and drops a ransom note named # HELP_TO_DECRYPT_YOUR_FILES #.html. Korben Dallas found the Afrodita ransomware that appends the
12.1.20
S!Ri found a new Kangaroo Ransomware variant that appends the .missing extension to encrypted files.
12.1.20
S!Ri found a new ransomware called Quimera.
12.1.20
Sodinokibi Ransomware Says Travelex Will Pay, One Way or Another
The attackers behind the Sodinokibi Ransomware are applying pressure on Travelex to pay a multi-million dollar ransom by stating they will release or sell stolen data that allegedly contains customer's personal information.
12.1.20
MalwareHunterTeam found a new ransomware dubbed M461c14n R4n50m3w473.
12.1.20
S!Ri found a new ransomware that appends the .encrypted extension.
12.1.20
S!ri found a new variant of the WannaCryFake Ransomware that calls itself DarkCrypt that drops a ransom note named README.txt.
12.1.20
SNAKE Ransomware Is the Next Threat Targeting Business Networks
Since network administrators didn't already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it.
12.1.20
Parthi found a new ransomware that appends .Deniz_kizi to encrypted files and drops a ransom note named Please Read Me!!!.hta.
12.1.20
S!Ri found a new ransomware called Somik1 that appears to be in development.
12.1.20
S!Ri found a new ransomware called SatanCryptor that drops a ransom note named # SATAN CRYPTOR #.hta and appends the .Satan extension to encrypted files.
12.1.20
Emsisoft updated their Aurora Decryptor to support the .crypton extension.
12.1.20
It's been more than six days since a cyber attack took down the services of the international foreign currency exchange company Travelex and BleepingComputer was able to confirm that the company systems were infected with Sodinokibi ransomware.
12.1.20
dnwls0719 found a new Aurora Ransomware variant that appends the .crypton extension and drops ransom notes named @_FILES_WERE_ENCRYPTED_@.TXT, @_HOW_TO_PAY_THE_RANSOM_@.TXT, and @_HOW_TO_DECRYPT_FILES_@.TXT.
12.1.20
dnwls0719 found a new ransomware named Erica Encoder that uses a random extension and drops a ransom note named HOW TO RESTORE ENCRYPTED FILES.TXT.
5.1.20
MalwareHunterTeam found a new in-development ransomware called "SlankCryptor Profit Only" that appends .slank extension to encrypted files.
5.1.20
Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools
The Clop Ransomware continues to evolve with a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications.
5.1.20
Organizations in the private sector received an alert from the F.B.I. about operators of the Maze ransomware focusing on companies in the U.S. to encrypt information on their systems after stealing it first.
5.1.20
S!Ri found a new ransomware called Zeoticus that appends the .zeoticus extension to encrypted files.
5.1.20
Michael Gillespie found a new WannCryFake variant called AWT Ransomware that appends the .AWT extension to encrypted files and drops a ransom note named ReadMe.txt.
5.1.20
Michael Gillespie found a new Dharma Ransomware variant that appends the .RIDIK extension to encrypted files.
5.1.20
Nemty 2.2 and 2.3: analysis of their cryptography, and a decryptor for some file types
Tesorion has previously released decryptors for the Nemty ransomware up to version 1.6. Recently, new versions of Nemty have appeared in the wild. In this blog post we describe how a weird variant of AES-128 counter mode (CTR) encryption is used in Nemty 2.2 and 2.3 for its file encryption. We also announce the availability of a free decryptor for common office documents encrypted by Nemty 2.2 and 2.3.
5.1.20
The breadth and magnitude of ransomware attacks occurring today suggest that the cyber extortion industry has evolved exponentially over the past 12 months. It is as difficult to keep up with the headlines as the security advice that follows. In the face of this media firehose, it is important to step back and understand how we got to the state. We feel there are three primary elements that have lead to the current state of cyber extortion, and ransomware in particular.
5.1.20
To celebrate the holidays, ransomware operators are providing discounts or season's greetings to entice victims into paying a ransom demand.
5.1.20
The anonymous operators behind the Maze Ransomware are being sued by a victim for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid.
5.1.20
Jack found a new ransomware called c0hen Locker that appends the .c0hen extension to encrypted files. The unlock key is 12309482354ab2308597u235fnq30045f.
5.1.20
M. Shahpasandi found a new Phobos Ransomware variant that appends the .Dever extension to encrypted files.
5.1.20
Ransomware Hits Maastricht University, All Systems Taken Down
Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23.
5.1.20
U.S. Coast Guard Says Ryuk Ransomware Took Down Maritime Facility
The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility.
5.1.20
Alex Svirid found a new variant of the WannaCash ransomware that appends the ".happy new year" extension to encrypted file names.
5.1.20
A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems.
5.1.20
Maze Ransomware Releases Files Stolen from City of Pensacola
The actors behind the Maze Ransomware have released 2GB of files that were allegedly stolen from the City of Pensacola during their ransomware attack.
5.1.20
Michael Gillespie found a new variant of the Matrix Ransomware that appends the .BDDY and drops a ransom note named #BDDY_README#.rtf.
5.1.20
Sherwood telemarketing company temporarily shuts down, blames cyber attack ransom
A Sherwood telemarketing agency has unexpectedly closed its doors, leaving over 300 employees without jobs a few days before Christmas.
5.1.20
Wary of alarming investors, companies victimized by ransomware attacks often tell the SEC that “malware” or a “security incident” disrupted their operations.
5.1.20
The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.
5.1.20
Michael Gillespie found new variants of the Stop Djvu Ransomware that append the .piny or .redl extensions to encrypted files.