Ransomware and Recent Variants

guest · May 8, 2018

FBI: Number of Ransomware Complaints Went Down in 2017
May 8, 2018
https://www.bleepingcomputer.com/ne...r-of-ransomware-complaints-went-down-in-2017/

The number of people who reported ransomware infections to US authorities has gone down last year, according to a yearly FBI Internet crime report.

During 2017, the FBI says it received only 1,783 complaints regarding ransomware infections, a number far smaller than the 2,673 complaints it received in 2016, and the 2,453 complaints received in 2015.

The number is surprisingly low because ransomware was the threat of the year in 2017, with many ransomware strains active all last year, including three global ransomware outbreaks that also made victims in the US.
Ransomware was the 24th most report cybercrime in the US
The 1,783 complaints ranked ransomware the 24th most reported cyber-crime in the US. Based on reports received by the FBI's Internet Crime Complaint Center (IC3), victims said ransomware caused total damages of $2,344,365, also ranked 24th.
On the record: The FBI does not support paying a ransom
"In all cases [of ransomware infections] the FBI encourages organizations to contact a local FBI field office immediately to report a ransomware event and request assistance," the FBI says. "
Click to expand...

guest · May 11, 2018

The Week in Ransomware - May 11th 2018 - GandCrab, SynAck, and More
May 11, 2018
https://www.bleepingcomputer.com/ne...mware-may-11th-2018-gandcrab-synack-and-more/

Ransomware is definitely slowing down with most big attacks being targeted over RDP. With that said, we do see a steady stream of smaller ransomware infections that continue to be created, even if they never have much impact at all.

The biggest news over the past two weeks has been the continued releases of Gandcrab and some interesting writups about BlackHeart and SynAck. [...]
Click to expand...

guest · May 15, 2018

New Bip Dharma Ransomware Variant Released
May 15, 2018
https://www.bleepingcomputer.com/news/security/new-bip-dharma-ransomware-variant-released/

Today, Michael Gillespie noticed what appeared to be a new variant of the Crysis/Dharma Ransomware uploaded to his ID-Ransomware site. Jakub Kroustek then discovered some samples to confirm that it was indeed a new Dharma variant. This new version will append the .Bip extension to encrypted files. It is not known exactly how this variant is being distributed, but in the past Dharma is typically spread by hacking into Remote Desktop Services and manually installing the ransomware.
It should be noted that this ransomware will encrypt mapped network drives, shared virtual machine host drives, and unmapped network shares.
It is not possible to decrypt the Dharma Bip Ransomware Variant
Unfortunately, at this time there is no way to decrypt files encrypted by the Bip Ransomware variant for free.
How to protect yourself from the Dharma Ransomware
In order to protect yourself from Dharma, or from any ransomware, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.
It is also important to setup proper account lockout policies so that it makes it difficult for accounts to be brute forced over Remote Desktop Services.
Click to expand...

guest · May 19, 2018

The Week in Ransomware - May 18th 2018 - Mostly Small Variants
May 18, 2018
https://www.bleepingcomputer.com/ne...nsomware-may-18th-2018-mostly-small-variants/

It has been mostly small variants released this week, with a few Scarab variants released and various U.S. government agencies being hit with ransomware. Otherwise, it's mostly ransomware that will not make it into the actual wild.

While the news stories that we are reporting on are mostly new ransomware, ransomware such as GandCrab and Samas continue to make their presence known. All users need to stay vigilant and secure access to remote desktop so they do not become infected. [...]
Click to expand...

guest · May 23, 2018

CryptON Ransomware Installed Using Hacked Remote Desktop Services
May 23, 2018
https://www.bleepingcomputer.com/ne...stalled-using-hacked-remote-desktop-services/

A new and active campaign for the CryptON Ransomware is currently underway where attackers are hacking into computers with Internet accessible Remote Desktop Services. Once the attackers gain access to the computer they manually execute the ransomware and encrypt your files.

This new campaign was first discovered by Malwarebytes security researcher S!Ri who posted about it on Twitter.
It is not possible to decrypt the CryptON Ransomware Variant
Unfortunately, at this time there is no way to decrypt files encrypted by the CryptON Ransomware variant for free. Emsisoft does have a decryptor for older variants, but it does not work with the current version and it is unknown if a solution will be found.

The only way to recover encrypted files is via a backup, or if you are incredibly lucky, through Shadow Volume Copies. Though CryptON does attempt to remove Shadow Volume Copies, in rare cases ransomware infections fail to do so for whatever reason. Due to this, if you do not have a viable backup, I always suggest people try as a last resort to restore encrypted files from Shadow Volume Copies as well.
Click to expand...

guest · May 25, 2018

The Week in Ransomware - May 25th 2018 - Crypton and Small Variants
May 25, 2018
https://www.bleepingcomputer.com/ne...are-may-25th-2018-crypton-and-small-variants/

This was a very quiet week with very few ransomware variants released and not much news at all, which we are always happy about. The biggest news has been the CryptON campaign that really picked up speed this month. As this ransomware is installed over hacked remote desktop services, everyone needs to make sure RDP is not accessible directly from the Internet and to use a VPN instead.
Click to expand...

itman · May 29, 2018

Ten Best Practices for Outsmarting Ransomware

Inventory all devices

Automate patching

Segment the network

Track threats

Watch for indicators of compromise (IOCs)

Harden endpoints and access points

Implement security controls

Use security automation

Back up critical systems

Create an integrated security environment

Click to expand...

https://www.scmagazine.com/ten-best-practices-for-outsmarting-ransomware/article/767628/

itman · May 30, 2018

New Backup Cryptomix Ransomware Variant Actively Infecting Users

Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .BACKUP extension to encrypted files, changes the contact email, and slightly changes the ransom note's name.
Click to expand...

https://www.bleepingcomputer.com/ne...-ransomware-variant-actively-infecting-users/

guest · Jun 1, 2018

Sigrun Ransomware Author Decrypting Russian Victims for Free
June 1, 2018
https://www.bleepingcomputer.com/ne...e-author-decrypting-russian-victims-for-free/

The author of the Sigrun Ransomware is providing decryption for Russian victims for free, while asking for a ransom payment of $2,500 in Bitcoin or Dash for everyone else. While it is not uncommon for Russian ransomware developers to purposely avoid targeting Russian citizens, it is less common to see the developers outwardly helping them for free.

Russian malware developers try to avoid infecting Russian victims as they are concerned the authorities won't continue to turn a blind eye as they do when attacking victims from other countries.
Click to expand...

guest · Jun 2, 2018

The Week in Ransomware - June 1st 2018 - From Russia with Love and a Facepalm
June 1, 2018
https://www.bleepingcomputer.com/ne...st-2018-from-russia-with-love-and-a-facepalm/

This was a busy week with lot's of new variants of active ransomware being released. We also have Sigrun offering free decryption to Russian victims and a awesome facepalm waiting for you at the end of the article. [...]
Click to expand...

Minimalist · Jun 6, 2018

How Ransomware-as-a-Service Offerings are Changing in 2018

At Infosecurity Europe 2018 security researcher James Lyne explored some of the latest tactics and techniques currently being deployed by cyber-criminals, with particular focus on how 2018 has seen the continued evolution of ransomware to become even more commoditized and business-like.

“I almost feel boring standing here talking about ransomware, as we must all be sick of the topic by now,” he said, “but there’s some quite interesting commercial and business model stuff happening.”
Click to expand...

https://www.infosecurity-magazine.com/news/infosec18-ransomwareasaservice-2018/

guest · Jun 7, 2018

'RedEye' Ransomware Destroys Files, Rewrites MBR
A newly discovered piece of ransomware appears mainly created to destroy the victim’s files instead of encrypting and holding them for ransom.
June 7, 2018
https://www.securityweek.com/redeye-ransomware-destroys-files-rewrites-mbr

Dubbed RedEye, the malware appears to be the creation of the developer behind the Annabelle ransomware, who also claims to have made the JigSaw ransomware that first emerged a couple of years back (Cisco says the individual might be responsible for several other families as well).

The same as Anabelle and JigSaw, RedEye’s destructive nature makes it stand out in the crowd. While the vast majority of ransomware families out there have been created with the purpose of generating revenue for their authors and operators, RedEye would gladly destroy users’ files even if there’s no financial gain in it.

The new threat, Bart Blaze discovered, has a large file size, at 35.0 MB. This is the result of several media files (images and audio files) being embedded in the binary. Among these, there are three .wav files (child.wav, redeye.wav, and suicide.wav) meant to play a creepy sound, intended to scare the victim.
Blaze also notes that, despite claiming to have securely encrypted files with AES256, RedEye appears to actually “overwrite or fill files with 0 bytes,” thus rendering them useless. The malware also appends the .RedEye extension to the affected files.
Click to expand...

guest · Jun 8, 2018

The Week in Ransomware - June 8th 2018 - CryBrazil, CryptConsole, and Magniber
June 8, 2018
https://www.bleepingcomputer.com/ne...8th-2018-crybrazil-cryptconsole-and-magniber/

This week we have seen a lot of CryptConsole variants, Magniber activity, and smaller variants released. Ransomware continues to decline as malware developers move toward more profitable miners and information stealing Trojans. Ransomware is not going away, but is instead moving away from mass malspam campaigns to targeted network attacks where a ransom payment may be more likely. [...]
Click to expand...

Minimalist · Jun 14, 2018

Has paying the ransom become business as usual?

Radware released its 2018 Executive Application and Network Security Report. For the first time in the survey’s five-year history, a majority of executives (53%) reported paying a hacker’s ransom following a cyber attack.
Click to expand...

https://www.helpnetsecurity.com/2018/06/13/2018-executive-application-and-network-security-report/

guest · Jun 14, 2018

DBGer Ransomware Uses EternalBlue and Mimikats to Spread Across Networks
June 14, 2018
https://www.bleepingcomputer.com/ne...lblue-and-mimikats-to-spread-across-networks/

The authors of the Satan ransomware have rebranded their "product" and they now go by the name of DBGer ransomware, according to security researcher MalwareHunter, who spotted this new version earlier today.

The change was not only in name but also in the ransomware's modus operandi. According to the researcher, whose discovery was later confirmed by an Intezer code similarity analysis, the new (Satan) DBGer ransomware now also incorporates Mimikatz, an open-source password-dumping utility.
DBGer adds Mimikatz
The new (Satan) DBGer ransomware strain continues this focus on lateral movement. The new version spotted today works by dropping Mimikatz, dumping passwords for networked computers, and using these credentials to access and infect those devices as well.
Click to expand...

guest · Jun 14, 2018

Decryptor Released for the Everbe Ransomware
June 14, 2018
https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-everbe-ransomware/

A decryptor for the Everbe Ransomware was released by Michael Gillespie that allows victims to get their files back for free. It is not known how this ransomware is currently being distributed, but as long as victims have an unencrypted version of an encrypted file, they can use them to brute force the decryption key.
Click to expand...

guest · Jun 16, 2018

The Week in Ransomware - June 15th 2018 - DBGer, Scarab, and More
June 15, 2018
https://www.bleepingcomputer.com/ne...somware-june-15th-2018-dbger-scarab-and-more/

Mostly new variants of the same ransomware this week, with little new ransomware campaigns being conducted. Of particular interest was Kaspersky temporarily withdrawing their participation in the NoMoreRansom project and the rebranding of Satan Ransomware as DBGer Ransomware. [...]
Click to expand...

guest · Jun 20, 2018

New SamSam variant requires attacker's input before infection
June 19, 2018
https://www.scmagazine.com/new-sams...ackers-input-before-infection/article/774710/

Malwarebytes researchers spotted a newer version of the malware which uses modules and interacts differently than the older version. The campaign was difficult for researchers to analyze because a password had to be entered manually by the attacker in order for researchers to in order to access the malware's code.

If a victim accidentally downloads and executes the malware they won't be harmed since a password is required to run the payload. [...] Researchers were able to identify five main components that allow the compromise to take place, four of which are actual files while the fifth is the manual input from the attacker.
Click to expand...

Minimalist · Jun 22, 2018

Watch Out for Fileless Ransomware

At a recent industry conference I heard some commentary about the “disappearance” of ransomware, but I’m here to assure you that that isn’t the case. It’s true that some criminal gangs have switched to distributing cryptocurrency miners instead of ransomware (for now, I emphasize), as such mining is currently more difficult for many security systems to detect, and it’s proving extremely profitable to the criminals, which is all that matters.

A May survey showed phishing has surpassed ransomware as a concern for IT security managers, and for understandable reasons—the number of phishing emails reaching users keeps rising, and phishing is the top source of breaches at companies.

But don’t think ransomware is going to go quietly or go away at all. The narrative of the decline of ransomware is being driven in part by the decrease in mass, botnet-driven mailings sent in the tens of millions, which are spectacular and generate headlines. But it’s important to balance that narrative, focused on the decline in the sheer volume of ransomware distributions, with the understanding that during this past year there has also been an increase in the overall number of ransomware variants in circulation and more varied distribution methods in use, with each campaign typically targeting smaller audiences in the tens of thousands.
Click to expand...

https://www.securityweek.com/watch-out-fileless-ransomware

guest · Jun 22, 2018

The Week in Ransomware - June 22nd 2018 - Scarab Everywhere!
June 22, 2018
https://www.bleepingcomputer.com/ne...-ransomware-june-22nd-2018-scarab-everywhere/

This has been the week of the Scarab with a continuous stream of Scarab Ransomware variants being released. We also had a few decryptors and some smaller variants, but by far Scarab dominated the ransomware distribution. Thankfully, under certain conditions Scarab can be decrypted by Dr. Web, so be sure to check with them if you become infected.
Click to expand...

ronjor · Jun 26, 2018

Ransom Demands and Frozen Computers: Hackers Hit Towns Across the U.S.

By Jon Kamp and Scott Calvert June 24, 2018
Online extortionists search for vulnerabilities, offer instructions on how to pay in bitcoin
Click to expand...

Minimalist · Jun 26, 2018

Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor

Cisco Talos has analyzed Thanatos, a ransomware variant that is being distributed via multiple malware campaigns that have been conducted over the past few months. As a result of our research, we have released a new, free decryption tool to help victims recover from this malware.
Click to expand...

https://blog.talosintelligence.com/2018/06/ThanatosDecryptor.html

guest · Jun 29, 2018

The Week in Ransomware - June 29th 2018 - Slow week!
June 29, 2018
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-29th-2018-slow-week/

It has been a very slow week for ransomware, which we are always happy about. While ransomware will never go away completely, as time goes on, more people become educated, and better backup strategies are created, we continue to see ransomware slowly diminishing.

Unfortunately, there is something always ready to fill a vacuum. According to a new report by Kaspersky Labs, miners have been increasing steadily and have become a favorite for malware developers. [...]
Click to expand...

guest · Jul 2, 2018

Nozelesn Ransomware Reportedly Using Spam to Target Poland
July 2, 2018
https://www.bleepingcomputer.com/ne...mware-reportedly-using-spam-to-target-poland/

A distribution campaign for a new ransomware called Nozelesn is currently underway that is targeting Poland. This campaign started July 1st and we already have reports from victims in our forums and numerous cases have been spotted on ID Ransomware.

MalwareHunterTeam noticed numerous submissions to ID Ransomware this morning from Poland and a new topic created by victims in the BleepingComputer forums..

A researcher at CERT Polska, the Computer Emergency Response Team for Poland, has also stated that they believe the ransomware is being distributed through a spam campaign pretending to be a DHL invoice.
Click to expand...

guest · Jul 6, 2018

The Week in Ransomware - July 6th 2018 - Nozelesn & GandCrab V4
July 6, 2018
https://www.bleepingcomputer.com/ne...mware-july-6th-2018-nozelesn-and-gandcrab-v4/

This week we had a new version 4 of the GandCrab ransomware released with a new KRAB extension as well as a new ransomware called Nozelesn that has been heavily distributed. The Nozelesn campaign started out targeting Poland, but since then has hit numerous other countries, including the USA. [...]
Click to expand...

Log in or Sign up

Ransomware and Recent Variants

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

itman Registered Member

itman Registered Member

guest Guest

guest Guest

Minimalist Registered Member

guest Guest

guest Guest

Minimalist Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

Minimalist Registered Member

guest Guest

ronjor Global Moderator

Minimalist Registered Member

guest Guest

guest Guest

guest Guest

Log in or Sign up

Ransomware and Recent Variants

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

itman Registered Member

itman Registered Member

guest Guest

guest Guest

Minimalist Registered Member

guest Guest

guest Guest

Minimalist Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

Minimalist Registered Member

guest Guest

ronjor Global Moderator

Minimalist Registered Member

guest Guest

guest Guest

guest Guest

Useful Searches