New Crysis variant - Arena - no decryption yet. Attacks network, makes copies in System 32, registers to execute on reboot. We have run a live attack test here. Virustotal details... VT results removed as per Wilders policy https://www.wilderssecurity.com/thr...otti-virus-total-results.180057/#post-1040840
Bit Paymer Ransomware Hits Scottish Hospitals https://www.bleepingcomputer.com/news/security/bit-paymer-ransomware-hits-scottish-hospitals/ Another article: https://www.infosecurity-magazine.com/news/nhs-lanarkshire-cancels-ops/
New Nuclear BTCWare Ransomware Released https://www.bleepingcomputer.com/news/security/new-nuclear-btcware-ransomware-released/
Note: This is a different attack from the above noted Locky ransomware one. https://www.infosecurity-magazine.com/news/crypto-ransomware-targets-20/
Massive Wave of MongoDB Ransom Attacks Makes 26,000 New Victims https://www.bleepingcomputer.com/ne...godb-ransom-attacks-makes-26-000-new-victims/
"Ransomware hack targeting 2 million an hour A ransomware attack sweeping the globe right now is launching about 8,000 different versions of the virus script at Barracuda's customers, Eugene Weiss, lead platform architect at Barracuda, told Axios, and it's hitting at a steady rate of about 2 million attacks per hour... ...'What's remarkable about this one is just the sheer volume of it.' Automated hacking: "Nobody actually sat there and made 8,000 digital modifications," Weiss said. The way they do it is by using a kit that essentially automates code variations... The targets: Email addresses at businesses or institutional groups in the U.S. or Canada..." https://www.axios.com/ransomware-hack-targeting-2-million-an-hour-2487583502.html
It's called "polymorphic" malware. A security product with good generic signature capability is capable of handling this.
"New malicious malware demands nude photographs instead of Bitcoin Security researchers have discovered a new ransomware dubbed nRansomware that encrypts a victim's files and demands nude photographs instead of Bitcoin in exchange for a decryption key. Ransomware is a particularly nasty type of malicious software used to extort money from victims..." http://www.ibtimes.co.uk/what-nrans...ands-nude-photographs-instead-bitcoin-1640394 00
This most likely is the attack Barracuda detected and referenced previously w/o any detail. Multiple Spam Waves Detected Pushing New Locky Ransomware Version https://www.bleepingcomputer.com/ne...etected-pushing-new-locky-ransomware-version/
Locky Ransomware Authors Are Big Game of Thrones Fans https://www.bleepingcomputer.com/ne...somware-authors-are-big-game-of-thrones-fans/
"Ransomware or Wiper? RedBoot Encrypts Files but also Modifies Partition Table A new bootlocker ransomware was discovered by Malware Blocker called RedBoot that when executed will encrypt files on the computer, replace the MBR, or Master Boot Record, of the system drive and then then modifies the partition table in some manner. As the ransomware does not provide a way to input a key to restore the MBR and partition table, unless the ransomware developer has a bootable decryptor this malware may be wiper... ...in addition to the files being encrypted and the MBR being overwritten, preliminary analysis shows that this ransomware may also be modifying the partition table without providing a method to restore it. Is it a buggy ransomware or a wiper? While this ransomware does perform standard user mode encryption, the modifying of the partition table and no way of inputting a key to recover it, may indicate that this is a wiper disguised as a ransomware. Then again, since the developer used a scripting language like AutoIT to develop this ransomware, it could very well be just a buggy and poorly coded ransomware..." https://www.bleepingcomputer.com/ne...ypts-files-but-also-modifies-partition-table/
"nRansom Joke Locker Demands Nude Pics as Payment... This malware is clearly a joke with its use of a Thomas & Friends picture, a demand that states that they are going to sell your nudes on underground sites after you send them, and the looping of the Curb Your Enthusiasm TV show music. My guess, is that this malware was created by someone to troll their friends with a silly little infection that is easily removed... This locker is very buggy, clearly not meant for distribution, and does not work correctly... The only way to terminate it is to manually minimize the screen and just end the nRansom.exe process..." https://www.bleepingcomputer.com/news/security/nransom-joke-locker-demands-nude-pics-as-payment-/
Kangaroo Ransomware uses unique technique to infect and cover tracks https://www.scmagazine.com/kangaroo...bfuscation-and-unique-tactics/article/697709/
FYI I am seeing a "rash" of DDoS attacks against corp servers directed at remote connections, primarily RDP ports, to deliver ransomware. Conventional routers and AV solutions cannot handle this type of attack. So even SMB's might want to look into: https://en.wikipedia.org/wiki/DDoS_mitigation