The Week in Ransomware – August ninth 2019 – Summer time Doldrums

The Week in Ransomware – August ninth 2019 – Summer time Doldrums

Lock

As we creep in the direction of the tip of the summer time, issues have began to fortunately decelerate a bit.

Whereas there are nonetheless loads of ransomware assaults going round, the quantity we had seen final month towards colleges, firms, and authorities businesses has undoubtedly decreased.

The most important information was a wiper known as GermanWiper focusing on Germany and pretending to be a ransomware. In any other case, for this week we principally noticed new variants of present ransomware being launched.

Contributors and people who supplied new ransomware info and tales this week embody: @DanielGallagher, @malwareforme, @struppigel, @BleepinComputer, @demonslay335, @Seifreed, @FourOctets, @LawrenceAbrams, @malwrhunterteam, @fwosar, @PolarToffee, @thyrex2002, @cybereason, @leotpsc, @Accenture, @JakubKroustek, @adrian__luca, @tkanalyst, @jeromesegura, @Malwarebytes, @Jan0fficial, @emsisoft, @virusbay_io, @VK_Intel, @James_inthe_box, and @raby_mr.

August third 2019

New Q1G Dharma variant

Jakub Kroustek discovered a brand new variant of the Dharma ransomware that appends the .Q1G extension to encrypted file names.

August 4th 2019

GermanWiper Ransomware Erases Knowledge, Nonetheless Asks for Ransom

A number of German firms had been off to a tough begin final week when a phishing marketing campaign pushing a data-wiping malware focused them and requested for a ransom. This wiper is being named GermanWiper as a result of its focusing on of German victims and it being a damaging wiper slightly than a ransomware.

August fifth 2019

ECh0raix Ransomware Decryptor Restores QNAP Information For Free

A decryptor for the eCh0raix Ransomware, or QNAPCrypt, has been launched that enables victims to get well encrypted information on their QNAP NAS units.

Decryptor

New Paradise Workforce Ransomware

Alex Svirid discovered the brand new Cryakl variant calling itself Paradise Workforce and appending the .junior extension to encrypted information.

New model of MegaCortex targets enterprise disruption

iDefense engineers have recognized and analyzed a not too long ago up to date model of the damaging ransomware MegaCortex, which is thought to have beforehand induced expensive incidents throughout numerous industries in Europe and North America.

SODINOKIBI: THE CROWN PRINCE OF RANSOMWARE

In April of 2019, the Cybereason Nocturnus group encountered and analyzed a brand new sort of ransomware dubbed Sodinokibi. Sobinokibi is extremely evasive, and takes many measures to forestall its detection by antivirus and different means.

New OPdailyallowance Ransomware

Leo discovered a brand new ransomware known as OPdailyallowance that tries to mix Cryptowall and FSociety into one ransomware. Does not encrypt something.

Mashup

New STOP DJvu variants

Michael Gillespie discovered two new STOP DJvu variants that append the .zatrov or .prandel extensions to encrypted file names.

August sixth 2019

New Lord Exploit Equipment Pushes njRAT and ERIS Ransomware

A brand new package for web-based assaults calling itself Lord EK has been noticed at the start of the month as a part of a malvertising chain that makes use of the PopCash advert community.

New Brusaf STOP DJvu variant

Michael Gillespie discovered a brand new STOP DJvu variant that appends the .brusaf extension to encrypted file names.

STOP Djvu Decryptor up to date

Michael Gillespie up to date his STOP Djvu decryptor to assist the offline keys for the .nelasod, .mogranos, .lotej, .prandel, .zatrov, .masok extensions.

Arsium Ransomware Builder launched

Jan found the brand new Arsium Ransomware Builder being prompted on malware boards.

Arsium Ransomware Builder

August seventh 2019

New MegaCortex variant

Vitali Kremez discovered a brand new variant of the MegaCortex Ransomware that customers the MEGA-G6= marker.

New Assist Phobos Ransomware variant

Raby discovered a brand new variant of the Phobos Ransomware that appends the .assist extension to encrypted file names.

August eighth 2019

US Accounts for Greater than Half of World’s Ransomware Assaults

The specter of ransomware is extra prevalent within the U.S., with greater than half of the worldwide detections originating from this nation, a brand new report informs

Stats

Emsisoft Decryptor for JSWorm four.zero

JSWorm four.zero is a ransomware written in C++ that makes use of a modified model of AES-256 to encrypt information, and provides the extension “.[ID-][].JSWRM to information.

How Reverse Engineering (and Cyber-Criminals’ Errors) Can Assist You When You’ve Been a Ransomware Sufferer Fortunately for us, ransomware builders are usually not at all times as skilled as they want and typically, they make errors that enable us to get well the kidnapped information with out having to pay the ransom. That’s precisely what occurred with a ransomware known as Whiterose. New Londec STOP DJvu variant

Michael Gillespie discovered a brand new STOP DJvu variant that appends the .londec extension to encrypted file names.

New SkidPatrol Ransomware

MalwareHunterTeam discovered a brand new ransomware known as SkidPatrol.

That is it for this week! Hope everybody has a pleasant weekend! Associated Articles:

The Week in Ransomware – July 26th 2019 – State of Emergency

The Week in Ransomware – June 14th 2019 – pyLocky and GandCrab Cleans Up

The Week in Ransomware – August 2nd 2019 – Extra of the Identical

The Week in Ransomware – July 19th 2019 – Focused Assaults

The Week in Ransomware – July 12th 2019 – Below Siege

Leave a Reply

avatar
  Subscribe  
Notify of