Mostly new variants of the same ransomware this week, with little new ransomware campaigns being conducted. Of particular interest was Kaspersky temporarily withdrawing their participation in the NoMoreRansom project and the rebranding of Satan Ransomware as DBGer Ransomware.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @fwosar, @struppigel, @jorntvdw, @LawrenceAbrams, @hexwaxwing, @BleepinComputer, @campuscodi, @PolarToffee, @FourOctets, @malwareforme, @Seifreed, @demonslay335, @malwrhunterteam, @th3m4ks, @siri_urz, @Damian1338B, @alienvault, @kaspersky, and @bartblaze.
June 9th 2018
New Donut Ransomware
S!Ri found a new ransomware called Donut that appends the .donut extension and uses the email donutmmm@tutanota.com.
NemeS1S RaaS is back
Damian1338 found a new TOR site promoting the NemeS1S Ransomware RaaS, which is PadCrypt's affiliate system.
New Paradise Ransomware variant
MalwareHunterTeam discovered a new Paradise Ransomware variant that uses the extension _V.0.0.0.1{paradise@all-ransomware.info}.prt and drops a ransom note named PARADISE_README_paradise@all-ransomware.info.txt.
June 11th 2018
New RotorCrypt Ransomware variant
Michael Gillespie found a new RotorCrypt Ransomware variant that uses the extension !@#$%___________%$#@.mail
New B2DR Ransomware bariant
Michael Gillespie found a new variant of the B2DR Ransomware that uses the .reycarnasi1983@protonmail.com.gw3w amd a ransom note named ScrewYou.txt.
New Scarab Ransomware variant
Michael Gillespie spotted a new Scarab Ransomware variant that uses the .fastrecovery@airmail.cc and drops a ransom note named HOW TO RECOVER ENCRYPTED FILES-fastrecovery@airmail.cc.TXT.
New YYTO Ransomware variant
Michael Gillespie found a new variant of the YYTO Ransomware that uses the extension .codyprince92@mail.com.ovgm and drops a ransom note named Readme.txt.
June 13th 2018
Kaspersky Halts Europol and NoMoreRansom Project Coop After EU Parliament Vote
Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament today.
Xorist variant discovered with a crazy long extension
S!Ri discovered a new variant of the Xorist ransomware that utilizes a crazy extension of ....PAY_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_PERMANENTLY_DELETED_PLEASE_BE_REZONABLE_you_have_only_1_single_chance_YOU_NEED_TO_PURCHASE_THE_DECRYPTOR_FROM_US_FAST_AND_URGENT.
Another Scarab Ransomware variant
Michael Gillespie found another Scarab Ransomware variant that uses a ransom note named Recover files-xmail@cock.li.TXT.
Another B2DR Ransomware variant
Michael Gillespie spotted another variant of the B2DR Ransomware that uses the extension .ssananunak1987@protonmail.com.b2fr and drops a ransom note named Readme.txt.
June 14th 2018
DBGer Ransomware Uses EternalBlue and Mimikats to Spread Across Networks
The authors of the Satan ransomware have rebranded their "product" and they now go by the name of DBGer ransomware, according to security researcher MalwareHunter, who spotted this new version earlier today.
New RotorCrypt variants
Michael Gillespie found new variants of the RotorCrypt Ransomware that appends the !@!@!@_contact mail___boroznsalyuda@gmail.com___!@!@.psd and !@#$_____ISKANDER@TUTAMAIL.COM_____$#@!.RAR extensions to encrypted files
New Ransomware uses the .qnbqw extension
Michael Gillespie spotted a new ransomware that utilizes the .qnbqw extension and drops a ransom note named Notice.txt.
Decryptor Released for the Everbe Ransomware
A decryptor for the Everbe Ransomware was released by Michael Gillespie and Maxime Meignan that allows victims to get their files back for free. It is not known how this ransomware is currently being distributed, but as long as victims have an unencrypted version of an encrypted file, they can use them to brute force the decryption key.
June 15th 2018
New Scarab Ransomware variant discovered
Michael Gillespie spotted a new Scarab variant that uses the .leen extension for encrypted files and drops a ransom note INSTRUCTIONS FOR RESTORING FILES.TXT.
That's it for this week! Hope everyone has a nice weekend!
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now