This week has mostly been small variants released, with a bunch of new Scarab Ransomware variants. The most interesting ransomware news this week are the CoinVault authors being in a Netherlands court in front of a three-judge panel.
Contributors and those who provided new ransomware information and stories this week include: @malwrhunterteam, @DanielGallagher, @PolarToffee, @fwosar, @BleepinComputer, @campuscodi, @FourOctets, @LawrenceAbrams, @jorntvdw, @struppigel, @hexwaxwing, @malwareforme, @demonslay335, @Seifreed, @kaspersky, @Amigo_A_, and @r0ny_123.
July 7th 2018
Michael Gillespie found a new RaRansomware variant that uses the extension .XVNAW.
July 8th 2018
A hotel in India was hit with ransomware that demanded $400 to decrypt the files.
July 9th 2018
Amigo-A found a new Xorist sample that appends the .DATA_IS_SAFE_YOU_NEED_TO_MAKE_THE_PAYMENT_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_LOST_FOREVER_PLEASE_BE_REZONABLE_IS_NOT_A_JOKE_TIME_IS_LIMITED extension.
New zzz12 Ransomware discovered
Michael Gillespie noticed a new ransomware uploaded to ID Ransomware that appends the .zzz12 extension to encrypted files and drops a ransom note named Notice.txt.
Michael Gillespie discovered a new ransomware named BlackRansomwareFireeye that appends the .jes extension to encrypted files and saved the encrypted file in Base64 format.
July 10th 2018
Cass Regional Medical Center, a Missouri health care center, announced on their Facebook page that they have been affected by an undisclosed ransomware. This incident affected their internal communications system and their electronic health record (EHR) system.
MalwareHunterTeam found a Rapid Ransomware variant that appends the .RPD extension to encrypted files.
Michael Gillespie found a new Polish Jigsaw Ransomware variant that appends the .#
#___POLICJA!!!___TEN_PLIK_ZOSTA extension to encrypted files. Uses the below background.
July 11th 2018
MalwareHunterTeam found a new Bitpaymer variant that appends the .LOCK extension and drops a ransom note named HOW_TO_DECRYPT.txt.
Michael Gillespie found a new variant of the Everbe 2.0 Ransomware that calls itself Hyena Locker. This variant appends the .[[email protected]].HYENA extension and drops a ransom note named !_HOW_RECOVERY_FILES_!.txt.
July 12th 2018
The authors of the CoinVault ransomware have had their day in court today in the Netherlands, where their case was presented in front of a three-judge panel.
Rony discovered a new variant of the Bitpaymer variant that drops a ransom note that appears to be named after encrypted files.
MalwareHunterTeam discovered a new HiddenTear ransomware variant named XeroWare Ransom 1.2 that appends the .XERO extension to encrypted files.
MalwareHunterTeam found a ransomware named CryptoLite that appends the .encrypted extension to encrypted files.
July 13th 2018
Michael Gillespie found a new ransomware uploaded to ID Ransomware called “Predator the Cipher”. This ransomware appends the .predator extension to encrypted files and drops a ransom note named README.txt.
Karsten Hahn found a new in-development ransomware that fakes a Java update message. This ransomware appends the .locked extension to encrypted files.