06-02-2018 , 12:23 AM
![[Image: dharma.jpg]](https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/1/dharma.jpg)
Quote:This was a busy week with lot's of new variants of active ransomware being released. We also have Sigrun offering free decryption to Russian victims and a awesome facepalm waiting for you at the end of the article.
Contributors and those who provided new ransomware information and stories this week include: @demonslay335, @fwosar, @DanielGallagher, @hexwaxwing, @BleepinComputer, @struppigel, @jorntvdw, @FourOctets, @malwareforme, @campuscodi, @PolarToffee, @malwrhunterteam, @Seifreed, @LawrenceAbrams, @thyrex2002, @GrujaRS, @Amigo_A_, @siri_urz.
May 26th 2018
New Jigsaw Ransomware variant
Michael Gillespie found a Jigsaw Ransomware variant where someone added a C2 server to it. Normally, Jigsaw runs without needed to talk to another server.
May 27th 2018
New Dharma variant
GrujaRS discovered a new Dharma Ransomware variant that uses the extension .id-%id%[java2018@tuta io].arrow.
New Scarab Ransomware variant
@Amigo_A_ discovered a new Scarab ransomware variant that appends the .osk extension and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES.TXT.
May 29th 2018
New CryptConsole2 Variant
Alex Svirid found a new version of CryptoConsole2 that uses the email zeman@tutanota.de and drops a ransom note named HOW DECRIPT FILES.hta.
Aurora Ransomware now using a C2 Server
MalwareHunterTeam found a new Aurora/OneKeyLocker Ransomware variant that uses a C2 server.
READ THE FULL ARTICLE HERE