Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
The Week in Ransomware - January 26th 2018 - SamSam & Hack Attacks
#1
Quote:January 15st 2018
KillDisk Fake Ransomware Hits Financial Firms in Latin America
A new version of the KillDisk disk-wiping malware has hit companies in the financial sector in Latin America, Trend Micro reported yesterday.
January 16th 2018
Hospital Pays $55K Ransomware Demand Despite Having Backups
An Indiana hospital paid a ransom of $55,000 to get rid of ransomware that had infected its systems and was hindering operations last week. The infection took root last week, on Thursday, January 11, when attackers breached the network of Hancock Health, a regional hospital in the city of Greenfield, Indiana.
In-dev Killbot Virus Ransomware discovered
MalwareHunterTeam discovered a new in-dev ransomware called Killbot Virus. Just shows the ransom screen at this point.

R3vo Ransomware discovered
Leo discovered, with further analysis by SDK, a new ransomware called R3vo was discovered that appends the .Lime extension to encrypted files.

January 17st 2018
Because Ransomware: OneDrive for Business to Get "Files Restore" Option
Microsoft will add a new feature to OneDrive for Business that will let users create backup points and restore to previous versions of their entire OneDrive account. The new feature is codenamed Files Restore and Microsoft says it will allow users to recover files "from disastrous events such as mass deletes, corruption, and other data loss scenarios."
January 19th 2018
SamSam Ransomware Hits Hospitals, City Councils, ICS Firms
The SamSam ransomware group seems to have gotten to a "great" start in 2018, hitting several high-profile targets such as hospitals, a city council, and an ICS firm.
Reported attacks include the one against the Hancock Health Hospital in of Greenfield, Indiana; Adams Memorial Hospital in Decatur, Indiana; the municipality of Farmington, New Mexico; cloud-based EHR (electronic health records) provider Allscripts; and an unnamed ICS (Industrial Control Systems) company in the US, based on intel Bleeping Computer has received.

New Mada Ransomware variant discovered
Michael discovered a new Jigsaw Ransomware variant called Mada Ransomware that appends the [b].LOCKED_BY_pablukl0cker [/b]extension to encrypted files. It uses the following desktop background.

January 21st 2018
Korean Talk Ransomware discovered
Lawrence discovered a Korean HiddenTear variant called Talk Ransomware.  It is currently in-dev as it only targets the desktop. It will append the [b].암호화됨 [/b]extension to encrypted files.
undefined
RansomUserLocker discovered
Lawrence discovered another Korean HiddenTear variant call RansomUserLocker. This is from the same devs as Talk Ransomware and is in-dev as well. This ransomware appends the [b].RansomUserLocker[/b] extension to encrypted files and drops a [b]Read_Me.txt[/b] ransom note.
undefined
Ghack Ransomware discovered
Lawrence discovered the Ghack ransomware. In-dev and broken as it currently throws errors and only shows the below screen.

SureRansom discovered
Lawrence discovered the in-dev SureRansom Ransomware. It does not currently encrypt.

RancidLocker discovered
Lawrence discovered the in-dev RancidLocker. Currently in-dev and does not do much of anything. Uses the following background.

Qwerty Ransomware discovered
Leo discovered, with further analysis by GrujaRS,  a new ransomware being called Qwerty Ransomware that appends the [b].qwerty [/b]extension to encrypted files. This is HiddenTear variant, which can be decrypted with HiddenTearDecryptor.
January 22nd 2018
desuCrypt Ransomware in the Wild with DEUSCRYPT and Decryptable Insane Variants
A modified version of the open-source ransomware project called desuCrypt is being used as the base code for a new ransomware family being actively distributed. This family currently has two variants being distributed, with one appending the .insane extension and the other appending .DEUSCRYPT. The good news is that a decryptor has been released for the Insane version and the Deuscrypt variant is currently being analyzed for weaknesses as well.

January 23rd 2018
Rapid Ransomware Continues Encrypting New Files as they Are Created
A new ransomware is being spread called Rapid Ransomware that stays active after initially encrypting a computer and encrypts any new files that are created. While this behavior is not unique to Rapid, it is not a common behavior we see too often.
undefined
New GlobeImposter 2 variant
GrujaRS discovered a new GlobeImposter 2 variant that appends the .[b]crypted! [/b]to encrypted files.
undefined
January 24th 2018
MoneroPay Ransomware Disguised as Wallet for Fake SpriteCoin CryptoCurrency
A new ransomware called MoneroPay has been discovered that tries to take advantage of the cryptocurrency craze by spreading itself as a wallet for a fake coin called SpriteCoin.  While users were installing what they thought was a new cryptocoin, MoneroPay was silently encrypting the files on the computer.

January 25th 2018
Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack
The world's largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017.
BlackMailware Found On Porn Site Threatens to Report Users are Spreading Child Porn
A new infection is being distributed by porn sites that tries to blackmail a victim into paying a ransom by stating they will tell law enforcement that the victim is spreading child porn. This is done by collecting information about the user, including screen shots of their active desktop, in order to catch them in compromising situations.
Malwarebytes: Ransomware Was Bigger Than Ever in 2017
An end-of-the-year report from US cyber-security firm Malwarebytes reveals that ransomware, adware, and cryptojacking were extremely popular with cyber-criminals in 2017. Data compiled by the company's security products reveals growth in almost all cyber-crime categories, with 2017 being a very successful year across the board for malware authors, phishers, and other cyber-criminal groups.
New RotorCrypt Ransomware variant
Michael Gillespie discovered a new RotorCrypt Ransomware variant that uses the really really long extension of [b]!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve[/b].

January 26th 2018
The Velso Ransomware Being Manually Installed by Attackers
A new ransomware is actively infecting victims called the Velso Ransomware. This ransomware appends the [b].velso [/b]extension to encrypted files and then drops a ransom note that contains an email address that a victim can use to contact the developer.

Dridex Group Created BitPaymer (FriedEx) Ransomware
The authors of the infamous Dridex banking trojan and the Necurs spam botnet appear to have also created the FriedEx (BitPaymer) ransomware, according to an ESET report released earlier today.

Source: BleepingComputer
Reply
#2
Thank you for this information.
Reply




Users browsing this thread: 2 Guest(s)