From history: The computer virus that haunted early AIDS researchers http://www.nextgov.com/cybersecurity/2016/05/computer-virus-haunted-early-aids-researchers/128174/
Recently Discovered Mischa Ransomware It encrypts all Files on the connected Networkshares with endings .3P7m, .aRpt, .eQTz, 3RNu. And it creates two Files with the Content: Quote You became victim of the MISCHA RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/".If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://mischapuk6hyrn72.onion/3P7mas http://mischa5xyix2mrhd.onion/3P7mas 3. Enter your personal decryption code there: The Ransomware was delivered by an E-Mail with a german domain (@maills.de) masked as an job application with a link to a file in the Cloud (magentacloud.de/share/...) Ref.: https://forum.eset.com/topic/8410-new-ransomware-mischa/?p=44659 -EDIT- Latest on the ransomware here: http://www.bleepingcomputer.com/new...ck-and-with-a-friend-named-mischa-ransomware/ It is Petya based.
Also mentioned here http://www.bleepingcomputer.com/forums/t/613770/mischa-ransomware-does-anybody-know-it/
Chinese-language Ransomware Makes An Appearance http://blog.trendmicro.com/trendlab...chinese-language-ransomware-makes-appearance/
In the link you provided,i clicked on "Their updated tool is called RannohDecryptor".it states "If your computer is infected with a malicious program of the Trojan-Ransom.Win32.Rannoh family". How does one know what they are infected with?
You can also use this to detect which Ransomware you have if you are unsure https://id-ransomware.malwarehunterteam.com/
I click on the link "RannohDecryptor can be downloded" in "post #57 which directs me to this use the utility RannohDecryptor,as an average user this tells me nothing. I'm used to the AV/AM scanning & doing it's thing.Now i seem to be in a position that i not only have to research what the infection is but must find the proper tool to combat the infection. If i use a virtual program like Returnil will this prevent the ransomware since nothing will be on theHD?
Tech Support Scam Blurs the Line with Ransomware, Locks Users' Computers http://news.softpedia.com/news/tech...ransomware-locks-users-computers-504208.shtml
ESET releases new decryptor for TeslaCrypt ransomware http://www.welivesecurity.com/2016/...ryptor-recent-variants-teslacrypt-ransomware/
Ransomware Activity Spikes in March, Steadily increasing throughout 2016 « Threat Research Blog | FireEye Inc
If not already mentioned, may be useful and/or interesting: http://ransomwaretracker.abuse.ch/blocklist/
Master decryption key released for Teslacrypt ransomware https://threatpost.com/master-decryption-key-released-for-teslacrypt-ransomware
I also use their regular and Dyre IP SSL blacklists and import same into Emsisoft anti-malware: https://sslbl.abuse.ch/blacklist/
Ransomware Adds DDoS Capabilities to Annoy Other People, Not Just You http://news.softpedia.com/news/rans...noying-other-people-not-just-you-504323.shtml
Additionally, if the user doesn't wipe their system clean, even if they pay the ransom, there's a large chance the DDoS bot will remain on the infected computer
An Effective Way To Eliminate Ransomware In Business E-mail I came across an interesting posting over at Beepingcomputer.com that at least is worth consideration: Pay close attention to the file sizes of traditional ransomware and set blacklisting for attachment sizes that will pull out most of the malware attachments while leaving most of the document size parameters the company needs. Many email protection suites neglect minimum file size setting capabilities focusing exclusively on maximum file size. We've eliminated a majority of ransomware attacks at one of our firms by setting minimum attachment size to 350k as we found in their case, most of the ransomware attachments came in under 340k while most(99%) of their inbound legitimate business attachments were between 450k-15Mb. Just some advice. We service 32,000 servers/workstations for thousands of clients and deal with this on a pretty big scale. Ref.: http://www.bleepingcomputer.com/forums/t/609210/two-solution-strategy-trend-cylance/?p=4003444
There’s finally reason to hope in the war against ransomware http://www.networkworld.com/article...on-to-hope-in-the-war-against-ransomware.html
DMA Locker 4.0 – Known Ransomware Preparing For A Massive Distribution https://blog.malwarebytes.org/threa...somware-preparing-for-a-massive-distribution/
