Ransomware is definitely slowing down with most big attacks being targeted over RDP. With that said, we do see a steady stream of smaller ransomware infections that continue to be created, even if they never have much impact at all.
The biggest news over the past two weeks has been the continued releases of Gandcrab and some interesting writups about BlackHeart and SynAck.
Contributors and those who provided new ransomware information and stories this week include: @fwosar, @FourOctets, @jorntvdw, @malwareforme, @demonslay335, @PolarToffee, @hexwaxwing, @struppigel, @BleepinComputer, @LawrenceAbrams, @campuscodi, @Seifreed, @DanielGallagher, @malwrhunterteam, @FBI, @MarceloRivero, @jeromesegura, @zsawei, @kaspersky, @antonivanovm, @TrendLabs, @SophosLabs, @leotpsc, @bartblaze, and @Amigo_A_.
April 30th 2018
The UK Department of Health and Social Care has announced that it will transition all National Health Service (NHS) computer systems to Windows 10.
Officials cited the operating system’s more advanced security features as the primary reason for upgrading current systems, such as the SmartScreen technology included with Microsoft Edge (a Google Safe Browsing-like system) and Windows Defender, Microsoft’s sneakily good antivirus product.
According to a message sent to Leo, Kraken 2.0 was not meant for malicious purposes and has been hijacked by someone who has been spreading it.
Not 100% sure when this was released, but its a good whitepaper by Sophos on the BTCWare ransomware.
We recently discovered a new ransomware (Detected as RANSOM_BLACKHEART.THDBCAH), which drops and executes the legitimate tool known as AnyDesk alongside its malicious payload. This isn’t the first time that a malware abused a similar tool. TeamViewer, a tool with more than 200 million users, was abused as by a previous ransomware that used the victim’s connections as a distribution method.
In this instance, however, RANSOM_BLACKHEART bundles both the legitimate program and the malware together instead of using AnyDesk for propagation.
MalwareHunterTeam discovered the UselessFiles ransomware that appends the .UselessFiles extension to encrypted files.
May 2nd 2018
May 4th 2018
GandCrab version 3 was released earlier this week with a few noticeable changes. The most noticeable change is the addition of a desktop background.
May 5th 2018
Bart takes a look at BKRansomware, which is a Vietnamese ransomware that wants you to send money to their phone.
May 6th 2018
May 7th 2018
A new and improved version of the SynAck ransomware has been spotted online these past days, and security researchers are reporting that the ransomware now uses the Process Doppelgänging technique.
MalwareHunterTeam discovered a new Matrix ransomware variant that uses a ransom note of #What_Wrong_With_Files#.rtf. Does not append any extension.
In this article, Bart talks about how the PSCrypt ransomware is back in business.
May 8th 2018
The number of people who reported ransomware infections to US authorities has gone down last year, according to a yearly FBI Internet crime report.
May 9th 2018
MalwareHunterTeam discovered a new ransomware called RansomAES that appends the .RansomAES extension to encrypted files and a ransom note named READ ME.txt.
May 10th 2018
Jawe discovered that GandCrab v3.0.1 was release and no longer includes an autorun and wallpaper.
May 11th 2018
Leo spotted a tr011 ransomware called Facebook Ransomware that appends the .Facebook extension to encrypted files.