Ransomware and Recent Variants

ronjor · Mar 31, 2016

Original release date: March 31, 2016

US-CERT recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
Click to expand...

https://www.us-cert.gov/ncas/alerts/TA16-091A

stapp · Apr 1, 2016

Here is a list of recent variants

http://www.bleepingcomputer.com/for...omware-support-topics-faqs-and-news-articles/

Minimalist · Apr 2, 2016

US and Canada issue joint alert after rash of cyber attacks against hospitals

The United States and Canada on Thursday issued a rare joint cyber alert, warning against a recent surge in extortion attacks that infect computers with viruses known as “ransomware,” which encrypt data and demand payments for it to be unlocked.

The warning follows reports from several private security firms that they expect the crisis to worsen, because hackers are getting more sophisticated and few businesses have adopted proper security measures to thwart such attacks.
Click to expand...

http://www.rawstory.com/2016/03/us-...fter-rash-of-cyber-attacks-against-hospitals/

itman · Apr 3, 2016

Of course these attacks are going to get much worse. The hospitals have always paid the ransom.

So Mr. Hospital Administrator, you better start allocating in the hundreds of thousands of dollars for like payments since that where these ransom requests are headed.

Minimalist · Apr 5, 2016

Ransomware Epidemy Makes Two New Victims, Hospitals in California and Indiana

Ever since ransomware hit the Hollywood Presbyterian Medical Center in Hollywood last February, this type of infections have been out of control, affecting numerous hospitals across the globe, slowing down or shutting down their activities.
Click to expand...

http://news.softpedia.com/news/rans...pitals-in-california-and-indiana-502594.shtml

Peter2150 · Apr 5, 2016

Ironically, the IT guy's know what to do to mitigate the damage, but are getting fought tooth and nail, by the doctors who don't want to be inconvenienced. As long as the doctors persist, hospitals are going to be a good feeding ground

itman · Apr 5, 2016

Whose behind all these U.S. targeted ransomware attacks?

http://wibqam.com/news/articles/201...-behind-us-ransomware-attacks-security-firms/

itman · Apr 5, 2016

Satellite based ransomware attacks: http://www.spambotsecurity.com/forum/viewtopic.php?f=7&t=3797

Minimalist · Apr 10, 2016

Ransomware Hits 20 Schools in Texas District

Representatives of the North East Independent School District, in Texas, USA, have admitted that many of their school campuses have fallen victim to the recent wave of ransomware infections that's been plaguing the US and most parts of the globe.
Click to expand...

http://news.softpedia.com/news/ransomware-hits-20-schools-in-texas-district-502761.shtml

Minimalist · Apr 11, 2016

"ID Ransomware" Website Helps Identify Ransomware Infections

A new website that launched in the past weeks is now making the life of ransomware victims a lot easier by allowing them to identify which ransomware variant infected their computers and if there's a way to recover the files without paying.
Click to expand...

http://news.softpedia.com/news/id-r...s-identify-ransomware-infections-502814.shtml

Minimalist · Apr 12, 2016

Meet the Cryptoworm, the Future of Ransomware

Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and costly ransomware to come.
Click to expand...

https://threatpost.com/meet-the-cryptoworm-the-future-of-ransomware

Peter2150 · Apr 12, 2016

And a big thanks to the likes of Sandboxie and ShadowDefender

Minimalist · Apr 12, 2016

Jigsaw Ransomware Threatens to Delete Your Files, Free Decrypter Available

The ransomware asks for 0.4 Bitcoin (~$160) as payment, but there's a catch. To force the user's hand into paying the ransom as quickly as possible, the Jigsaw ransomware threatens to delete some of their files every hour.

The bad part is that the ransomware lives up to its word and actually starts deleting more and more files as the user waits. Even worse, @MalwareHunterTeam discovered that with every PC reboot, the ransomware also deletes an additional 1,000 files.
Click to expand...

http://news.softpedia.com/news/jigs...r-files-free-decrypter-available-502824.shtml

Minimalist · Apr 12, 2016

Peter2150 said: ↑

And a big thanks to the likes of Sandboxie and ShadowDefender
Click to expand...

Yes I agree. Unfortunately not many people and companies use such defenses. In most cases backup inaccessible to regular users is only way to restore data. Or to pay up.

Peter2150 · Apr 12, 2016

Minimalist said: ↑

Yes I agree. Unfortunately not many people and companies use such defenses. In most cases backup inaccessible to regular users is only way to restore data. Or to pay up.
Click to expand...

True, and you either use and learn the proper defenses, or you pay. Hmm, sounds like life itself

ronjor · Apr 14, 2016

Mac OS X ransomware: How KeRanger is a shadow of malware to come

The design of KeRanger demonstrates how attackers plan to make it even harder for victims of ransomware not to pay up.

By Nick Heath | April 14, 2016, 5:11 AM PST
Click to expand...

ronjor · Apr 14, 2016

Ransomware authors use the bitcoin blockchain to deliver encryption keys

The CTB-Locker ransomware uses a metadata field in bitcoin transactions to store decryption keys

By Lucian Constantin IDG News Service | Apr 14, 2016 11:12 AM PT
Click to expand...

http://www.networkworld.com/article...in-blockchain-to-deliver-encryption-keys.html

itman · Apr 15, 2016

Interesting posting over at bleepingcomputer.com on a ransomware using legit encryption software, AxCrypt, to encrypt all files on a server. Unfortunately, AxCrypt is designed to be unbreakable and without a key is impossible to break:

The basic rule is: If you lose or forget your passphrase or key-file, your documents are lost. There is no back-door into AxCrypt.

The only way to recover a lost passphrase is to try all likely combinations. If you have used a key-file, and lost that, there is nothing to do at all - the number of combinations is simply too large. That is why you must print a paper backup copy if you use key-files.

Ref.: http://www.bleepingcomputer.com/forums/t/609003/axcrypt-encrpyt-axx-ransomware/

ronjor · Apr 16, 2016

Schools put on high alert for JBoss ransomware exploit

More than 2,000 machines are ready to be infected, Cisco says

By Katherine Noyes IDG News Service | Apr 15, 2016 2:44 PM PT
Click to expand...

itman · Apr 16, 2016

Web shell based. These guys are getting more creative with each passing day.

Minimalist · Apr 17, 2016

Decrypter Available for AutoLocky, Locky Ransomware Copycat

Fabian Wosar, Emsisoft's top malware analyst, has put together a decrypter for a new ransomware variant named AutoLocky, a copycat of the more famous and dangerous Locky ransomware that appeared at the start of 2016.
Click to expand...

http://news.softpedia.com/news/decr...tolocky-locky-ransomware-copycat-503053.shtml

Minimalist · Apr 19, 2016

New CryptXXX Ransomware Locks Your Files, Steals Bitcoin and Local Passwords

CryptXXX is a new ransomware variant discovered during the past weeks, which, besides encrypting the user's data, is also capable of stealing Bitcoin from infected targets, along with passwords and other personal details, security researchers from Proofpoint have found.
Click to expand...

http://news.softpedia.com/news/new-...eals-bitcoin-and-local-passwords-503149.shtml

ronjor · Apr 20, 2016

The many faces and tactics of Jigsaw crypto-ransomware

Zeljka Zorz - Managing EditorApril 20, 2016
The Jigsaw crypto-ransomware got its name from the main bad guy from the popular horror movie franchise Saw, as its initial ransom note (either in English or Portuguese) shows the image of a very distinctive puppet used in the films.
Click to expand...

Minimalist · Apr 20, 2016

Latest Teslacrypt targets new file extensions, invests heavily in evasion

TeslaCrypt, like many of its ransomware cousins, doesn’t sleep on past success. Researchers at Endgame Inc., have found two updates for the cryptoransomware in the past two weeks that invest heavily in obfuscation and evasion techniques, and also target a host of new file extensions.
Click to expand...

https://threatpost.com/latest-teslacrypt-targets-new-file-extensions-invests-heavily-in-evasion

Minimalist · Apr 21, 2016

New CryptoBit Ransomware Could Be Decryptable

PandaLabs, Panda Security’s anti-malware lab, detected a new type of ransomware that they think could be reverse engineered to allow users to recover their files.
Click to expand...

http://news.softpedia.com/news/new-cryptobit-ransomware-could-be-decryptable-503239.shtml

Log in or Sign up

Ransomware and Recent Variants

ronjor Global Moderator

stapp Global Moderator

Minimalist Registered Member

itman Registered Member

Minimalist Registered Member

Peter2150 Global Moderator

itman Registered Member

itman Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

Peter2150 Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Peter2150 Global Moderator

ronjor Global Moderator

ronjor Global Moderator

itman Registered Member

ronjor Global Moderator

itman Registered Member

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Log in or Sign up

Ransomware and Recent Variants

ronjor Global Moderator

stapp Global Moderator

Minimalist Registered Member

itman Registered Member

Minimalist Registered Member

Peter2150 Global Moderator

itman Registered Member

itman Registered Member

Minimalist Registered Member

Minimalist Registered Member

Minimalist Registered Member

Peter2150 Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Peter2150 Global Moderator

ronjor Global Moderator

ronjor Global Moderator

itman Registered Member

ronjor Global Moderator

itman Registered Member

Minimalist Registered Member

Minimalist Registered Member

ronjor Global Moderator

Minimalist Registered Member

Minimalist Registered Member

Useful Searches