It has been a very slow week for ransomware, which we are always happy about. While ransomware will never go away completely, as time goes on, more people become educated, and better backup strategies are created, we continue to see ransomware slowly diminishing.
Unfortunately, there is something always ready to fill a vacuum. According to a new report by Kaspersky Labs, miners have been increasing steadily and have become a favorite for malware developers.
Contributors and those who provided new ransomware information and stories this week include: @jorntvdw, @malwrhunterteam, @LawrenceAbrams, @fwosar, @struppigel, @campuscodi, @demonslay335, @malwareforme, @BleepinComputer, @FourOctets, @Seifreed, @PolarToffee, @hexwaxwing, @DanielGallagher, @Amigo_A_, @TalosSecurity, @SmugYeti.
June 25th 2018
New Help RotorCrypt variant
Michael Gillespie found a new RotorCrypt variant that does not use an extension, but drops a ransom note named HELP.
June 26th 2018
Thanatos Ransomware Decryptor Released by the Cisco Talos Group
Back in February we wrote about a new ransomware called Thanatos that was encrypting victim's data, but contained flaws that would not allow the authors to decrypt a victims files even if they paid. Thankfully, the Cisco Talos Group was able to find a method to break the encryption routine in order to create a decryptor that allows victims to recover their files for free.
June 27th 2018
One year anniversary of NotPetya attack
Today was the one year anniversary of the NotPetya ransomware attack.
New Aurora Ransomware variant
Michael Gillespie noticed that ID Ransomware has been getting new submissions for a Aurora Ransomware variant with a ransom note of !-GET_MY_FILES-!.txt,
Ransomware and malicious crypto miners in 2016-2018
In a report by Kaspersky Lab:
"This year, however, we came across a huge obstacle in continuing this tradition. We have found that ransomware is rapidly vanishing, and that cryptocurrency mining is starting to take its place."
June 28th 2018
New Scarab Amensia variant
Amigo-A found a new variant of the Scarab Ransomware Amensia strain that uses the extension .ssimpotashka@gmail.com.
June 29th 2018
Blood Jaws ransomware discovered
MalwareHunterTeam found a new ransomware called Blood Jaws.
AnimusLocker Discovered
Karsten Hahn found a new ransomware named AnimusLocker that uses a ransom note of ANIMUS_RESTORE.txt.
ID Ransomware can detect 600 ransom families
Congrats to Michael Gillespie for reaching a milestone for his ID Ransomware site being able to detect 600 ransomware families!
That's it for this week! Hope everyone has a nice weekend!
Comments
Amigo-A - 5 years ago
Additionally:
June 24, 2018:
a new variant of RotorCrypt Ransomware
Extension: !@#$_____INKASATOR1@TUTAMAIL.COM_____$#@!.RAR
Email: INKASATOR1@TUTAMAIL.COM
June 25, 2018:
a new variant of RSAUtil #Ransomware
Email: filesreturn247@gmx.de, filesreturn247@india.com, filesreturn247@protonmail.com
Amigo-A - 5 years ago
My congratulations to Michael Gillespie with 600-st identification of Ransomware!
Amigo-A - 5 years ago
Since June 18, 2018 and throughout the past week, a community of extortionists, who distribute different versions of the Scarab family have been updating the Scarab encryptor. As a result, now does not work decrypting files encrypted by the updated versions. Can only restore the encrypted file name and partially restore some types of documents.
The overall list of results is as follows (changes are made daily):
Scarab (ScarabLocker) Ransomware - old decryptable / new no data
Scarab-Amnesia Ransomware - old decryptable / new not decryptable
Scarab-Bitcoin Ransomware - not decryptable
Scarab-Bomber Ransomware - not decryptable (only in Russian)
Scarab-Crypt000 Ransomware - not decryptable
Scarab-Crypto Ransomware - old possible decryptable / new yet was not
Scarab-Danger Ransomware - not decryptable
Scarab-Decrypts Ransomware - old decryptable / new not decryptable
Scarab-DiskDoctor Ransomware - old decryptable / new not decryptable
Scarab-Horsia Ransomware - old decryptable / new no data
Scarab-Jackie Ransomware - old possible decryptable / new yet was not
Scarab-Oblivion Ransomware - old decryptable / new no data
Scarab-Osk Ransomware - old decryptable / new is as Scarab-Bomber
Scarab-Please Ransomware - old decryptable / new not decryptable
Scarab-Rebus Ransomware - old possible decryptable / new no data
Scarab-Russian (Scarabey) Ransomware - old decryptable / new not decryptable (only in Russian)
Scarab-Scorpio (Scorpio) Ransomware - old possible decryptable / new yet was not
Scarab-Walker Ransomware - old decryptable / new yet was not
Scarab-XTBL Ransomware - old decryptable / new yet was not
You can track the change in a common list or on each page in a separate article:
https://id-ransomware.blogspot.com/2016/07/ransomware-list.html