What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-01-15 19:12:01 | Djvu Ransomware Spreading New .TRO Variant Through Cracks & Adware Bundles (lien direct) | In December 2018, a new ransomware called Djvu, which could be a variant of STOP, was released that has been heavily promoted through crack downloads & adware bundles. Originally, this ransomware would append a variation of the .djvu string as an extension to encrypted files, but a recent variant has switched to the .tro extension. [...] | Ransomware | ★★★★★ | |
|
2019-01-15 03:25:03 | New Ransomware Bundles PayPal Phishing Into Its Ransom Note (lien direct) | A new in-development ransomware has been discovered that not only encrypts your files, but also tries to steal your PayPal credentials with an included phishing page. [...] | Ransomware | ||
|
2019-01-12 18:04:01 | The Week in Ransomware - January 11th 2019 - Access-as-a-Service (lien direct) | For the most part it has been a slow this week in terms of new ransomware variants being released. On the other hand, there has been quite a bit of interesting information that was released about Ryuk. [...] | Ransomware | ||
|
2019-01-12 16:39:01 | Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks (lien direct) | Ryuk has historically been considered a a targeted ransomware where the actors scope out networks in order to gain access and install their ransomware. New research now indicates that the Ryuk actors may be using other malware as an Access-as-a-Service to gain access to networks. [...] | Ransomware Malware | ||
|
2019-01-11 15:55:03 | Del Rio City Hall Forced to Use Paper After Ransomware Attack (lien direct) | The City Hall of Del Rio, Texas was hit by a ransomware attack on the morning of January 10, which led to dozens of computers on the network being turned off and disconnected from the Internet to contain and analyze the malware [...] | Ransomware Malware | ||
|
2019-01-09 10:32:04 | CryptoMix Ransomware Exploits Sick Children to Coerce Payments (lien direct) | With people becoming more aware of ransomware, criminals are coming up with some pretty low life schemes in order to coerce victims into paying ransomware. Such is the case with a CryptoMix ransomware, who pretends to represent a sick children's charity and is asking for a ransom payment as if it was a charitable donation. [...] | Ransomware | ||
|
2019-01-07 10:17:01 | GandCrab Operators Use Vidar Infostealer as a Forerunner (lien direct) | Cybercriminals behind GandCrab have mixed the infostealer Vidar in the distribution process of the ransomware piece, which helps increase their profits by pilfering sensitive information before encrypting the computer files. [...] | Ransomware | ★★★ | |
|
2019-01-04 17:52:03 | The Week in Ransomware - January 4th 2019 - IPMI, FilesLocker, and More (lien direct) | For the past two weeks, we have seen a lot of new variants, decryptors, and Ryuk ransomware outbreaks. Of particular interest is the JungleSec ransomware, which has been hacking into servers via IPMI in order to install the ransomware. [...] | Ransomware | ||
|
2019-01-04 11:35:01 | (Déjà vu) How to Decrypt the Aurora Ransomware with AuroraDecrypter (lien direct) | If you have been infected with a Aurora Ransomware variant, then you are in luck as a program called AuroraDecrypter has been created by Michael Gillespie that allows you recover your encryption key without having to pay the ransom. [...] | Ransomware | ||
|
2019-01-02 14:30:00 | Master Decryption Key Released for FilesLocker Ransomware (lien direct) | On December 29th, a Pastbin post was created that contains the master RSA decryption key for the FilesLocker Ransomware. The release of this key has allowed a decryptor to be created that can recover victim's files for free. [...] | Ransomware | ||
|
2019-01-02 09:19:01 | How to Decrypt the FilesLocker Ransomware with FilesLockerDecrypter (lien direct) | On December 29th, an unknown user released the master RSA decryption key for FilesLocker v1 and v2. This allowed Michael Gillespie to release a decryptor for files encrypted by the FilesLocker Ransomware that have the .[fileslocker@pm.me] extension appended to file names. [...] | Ransomware | ||
|
2018-12-31 09:11:03 | Ryuk Ransomware Involved in Cyberattack Stopping Newspaper Distribution (lien direct) | A cyberattack reportedly bearing the signature of Ryuk ransomware caused disruption over the weekend in printing and delivery of major newspapers in the US from Tribune Publishing and Los Angeles Times. [...] | Ransomware | ||
|
2018-12-26 11:08:04 | JungleSec Ransomware Infects Victims Through IPMI Remote Consoles (lien direct) | A ransomware called JungleSec is infecting victims through insecure IPMI (Intelligent Platform Management Interface) cards since early November. [...] | Ransomware | ||
|
2018-12-21 16:01:05 | (Déjà vu) The Week in Ransomware - December 21st 2018 - No More Ransom (lien direct) | Slow week with ransomware news as we lead up into the holidays. Mostly small variants that won't get much distribution or releases of new variants of older ransomware. [...] | Ransomware Guideline | ||
|
2018-12-21 16:01:05 | (Déjà vu) The Week in Ransomware - December 21st 2018 - No More Ransomware (lien direct) | Slow week with ransomware news as we lead up into the holidays. Mostly small variants that won't get much distribution or releases of new variants of older ransomware. [...] | Ransomware Guideline | ||
|
2018-12-21 10:17:03 | How to Decrypt the Stupid Ransomware Family with StupidDecrypter (lien direct) | Stupid Ransomware is a family of ransomware infections that are typically utilized by less skilled developers and many utilize themes based on movies, pop-culture, or pretend to be law enforcement. This family of ransomware infections are created using an open source project that was posted to GitHub. [...] | Ransomware | ★★ | |
|
2018-12-17 16:02:03 | How to Decrypt the InsaneCrypt or Everbe 1 Family of Ransomware (lien direct) | If you are infected with the InsaneCrypt or Everbe 1.0 family of ransomware infections, a decryptor has been created that recover your files for free. [...] | Ransomware | ||
|
2018-12-16 18:05:01 | (Déjà vu) How to Decrypt HiddenTear Ransomware Variants (lien direct) | If you have been infected with a HiddenTear Ransomware variant, then you are in luck as a program called HiddenTearDecrypter has been created by Michael Gillespie that allows you recover your encryption key without having to pay the ransom. [...] | Ransomware | ||
|
2018-12-16 18:05:01 | (Déjà vu) How to Decrypt HiddenTear Ransomware with HT Brute Forcer (lien direct) | If you have been infected with a HiddenTear Ransomware variant, then you are in luck as a decryptor called HT Brute Forcer has been created by Michael Gillespie that allows you decrypt your files without having to pay the ransom. [...] | Ransomware | ★★★★★ | |
|
2018-12-14 18:31:01 | The Week in Ransomware - December 14th 2018 - Slow Week (lien direct) | It is a pretty slow week as we lead up to the holidays. Historically, ransomware tends to slow down during this time as people go away for vacation and businesses take more time off. [...] | Ransomware Guideline | ★★★★ | |
|
2018-12-14 11:47:00 | 123456 Is the Most Used Password for the 5th Year in a Row (lien direct) | For the 5th year in a row, "123456" is most used password, with "password" coming in at second place. Even in the wake of a constant stream of data breaches, hacks, and ransomware attack reports people continue to utilize weak passwords that not only put their information at jeopardy, but also their organization's data. [...] | Ransomware | ||
|
2018-12-08 14:05:02 | Sextortion Emails now Leading to Ransomware and Info-Stealing Trojans (lien direct) | Sextortion email scams have been a very successful way of generating money for criminals. A new Sextortion campaign is now taking it to the next level by tricking recipients into installing the Azorult information-stealing Trojan, which then downloads and installs the GandCrab ransomware. [...] | Ransomware | ★★★ | |
|
2018-12-07 17:49:01 | The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More (lien direct) | This was a pretty interesting week in ransomware. First we had a Chinese ransomware that infected 100,000 victims and then we had research showing how a ransomware decryption service was just paying the ransom and tacking on a large fee. [...] | Ransomware | ||
|
2018-12-06 13:34:03 | Chinese Police Arrest Dev Behind UNNAMED1989 WeChat Ransomware (lien direct) | Chinese law enforcement have arrested the developer of the UNNAMED1989 / WeChat Ransomware that recently took China by storm and infected over 100K users in a few days. [...] | Ransomware | ||
|
2018-12-05 12:28:05 | Company Pretends to Decrypt Ransomware But Just Pays Ransom (lien direct) | Ransomware is a serious threat but also a lucrative business for crooks and scammers posing as IT professionals promising successful decryption services for the right price. [...] | Ransomware Threat | ★★★★ | |
|
2018-12-05 03:05:00 | Ransomware Infects 100K PCs in China, Demands WeChat Payment (lien direct) | Over 100,000 thousand computers in China have been infected in just a few days with poorly-written ransomware that encrypts local files and steals credentials for multiple Chinese online services. [...] | Ransomware | ||
|
2018-11-30 22:00:04 | The Week in Ransomware - November 30th 2018 - Indictments, Sanctions, & More (lien direct) | Been a pretty interesting week when it comes to ransomware. We had two Iranians who were indicted by the U.S. government for their involvement in the SamSam operation. We also had two bitcoin addresses used by ransomware added to the U.S. sanctions list, so they cannot be used to send payments to or you will violate U.S. sanctions. [...] | Ransomware | ★★★★★ | |
|
2018-11-30 21:07:00 | Moscow\'s New Cable Car System Infected with Ransomware the Day After it Opens (lien direct) | Moscow recently opened its first cable-car service and promised free rides for the first month. Unfortunately, only two days after after the service was made available, attackers reportedly hacked into the cable car systems and infected them with ransomware. [...] | Ransomware | ★★★★ | |
|
2018-11-30 12:02:04 | Making a Ransomware Payment? It May Now Violate U.S. Sanctions (lien direct) | Thinking about making a ransomware payment? If so, you may want to think twice before doing so as it could land you in trouble for violating U.S. government sanctions. [...] | Ransomware | ||
|
2018-11-28 11:39:00 | DOJ Indicts Two Iranian Hackers for SamSam Ransomware Operation (lien direct) | The Department of Justice announced today that a grand jury has unsealed an indictment against two Iranian hackers for conducting the hacking and ransomware operation called SamSam. [...] | Ransomware | ||
|
2018-11-23 19:42:01 | The Week in Ransomware - November 23rd 2018 - STOP, Dharma, and More (lien direct) | This week has mostly been releases of new variants of existing ransomware. Not much of interest other than the developer of the DelphiMorix ransomware trolling ransomware researchers by utilizing their aliases as the extensions for encrypted files. [...] | Ransomware | ||
|
2018-11-22 14:41:01 | Rotexy Mobile Trojan Launches 70k+ Attacks in Three Months (lien direct) | A mobile spyware that turned into a banking trojan with ransomware capabilities managed to launch over 70,000 attacks in the course of just three months. [...] | Ransomware | ||
|
2018-11-22 12:35:03 | Aurora / Zorro Ransomware Actively Being Distributed (lien direct) | A ransomware that has been distributed since the summer of 2018 has started to pick up steam in the latest variant. This new variant is currently being called Zorro Ransomware, but has also been called Aurora Ransomware in the past. [...] | Ransomware | ||
|
2018-11-09 17:38:01 | The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants (lien direct) | It was a very slow week for ransomware news. For the most part, it was mostly new Dharma ransomware variants and a few smaller variants being released. Stay vigilant, though, as a slow week does not mean ransomware is not a threat. [...] | Ransomware | ||
|
2018-11-02 20:02:02 | The Week in Ransomware - November 2nd 2018 - RaaS, DiskCryptor, & More (lien direct) | This week we saw a new RaaS called CommonRansom, a new DiskCryptor variant, and numerous Dharma variant released. Otherwise, it has been a fairly light news week for ransomware. [...] | Ransomware | ||
|
2018-11-02 16:23:00 | New Ransomware using DiskCryptor With Custom Ransom Message (lien direct) | A new ransomware has been discovered that installs DiskCryptor on the infected computer and reboots your computer. On reboot, victims will be greeted with a custom ransom note that explains that their disk has been encrypted and how to pay the ransom. [...] | Ransomware | ★★ | |
|
2018-10-30 12:09:03 | CommonRansom Ransomware Demands RDP Access to Decrypt Files (lien direct) | A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim's files. [...] | Ransomware | ★★ | |
|
2018-10-26 16:18:04 | The Week in Ransomware - October 26th 2018 - Decryptors, RaaS, and More (lien direct) | We have had quite a bit of interesting news this week regarding ransomware. First we had the Kraken Cryptor deciding to connect to BleepingComputer.com during different stages of the encryption process, then we had a decryptor released by Bitdefender for GandCrab v1, v4, and v5, and finally a new FilesLocker rasnomware as a service. [...] | Ransomware | ||
|
2018-10-25 16:37:03 | New FilesLocker Ransomware Offered as a Ransomware as a Service (lien direct) | A new ransomware called FilesLocker is being distributed as a Ransomware as a Service, or RaaS, that targets Chinese and English speaking victims. [...] | Ransomware | ||
|
2018-10-25 09:04:00 | Free Decrypter Available for the Latest GandCrab Ransomware Versions (lien direct) | A newly released decryption tool allows free recovery of files encrypted by certain versions of GandCrab, a ransomware family that affected hundreds of thousands of people since the beginning of the year. [...] | Ransomware Tool | ||
|
2018-10-21 12:32:03 | Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption (lien direct) | Over the weekend, the Kraken Cryptor Ransomware released version 2.0.6, which now connects to BleepingComputer during different stages of their encryption process. It is not known what they are trying to achieve by doing this, but it does provide BleepingComputer with insight into the amount of its victims. [...] | Ransomware | ||
|
2018-10-19 14:13:04 | The Week in Ransomware - October 19th 2018 - GandCrab, Birbware, and More (lien direct) | It has been another slow week, with mostly new variants of existing ransomware being released. The biggest news is that the GandCrab Ransomware developers have decided to release the decryption keys for Syrian victims. [...] | Ransomware | ||
|
2018-10-12 18:24:00 | The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More (lien direct) | Lots of Scarab, Matrix, and Dharma variants this week as well as some good writeups on the GandCrab ransomware. Also of interest is ESET publishing of their report that ties NotPetya and Industroyer to the TeleBots Group. [...] | Ransomware | NotPetya | |
|
2018-10-05 19:02:01 | The Week in Ransomware - October 5th 2018 - Restaurant Shutdowns & Exploit Kits (lien direct) | Very very quiet week this. Not much new ransomware to report and only released of well known variants like Matrix, Unlock92, and Dharma ransomware infections. The biggest news was the shut down of numerous restaurants that are part of the Recipe Unlimited group and the Kraken Cryptor ransomware being distributed by the Fallout EK. [...] | Ransomware | ★★★★★ | |
|
2018-10-04 12:59:00 | Fallout Exploit Kit Now Installing the Kraken Cryptor Ransomware (lien direct) | The Fallout Exploit has been distributing the GandCrab Ransomware for the past few weeks, but has now switched its payload to the Kraken Cryptor Ransomware. [...] | Ransomware | ||
|
2018-09-28 17:36:02 | The Week in Ransomware - September 28th 2018 - RDP and gandCrab (lien direct) | During this week, we did not see a large amount of smaller variants released compared to what we have historically seen. This is because ransomware has moved towards large network-wide breaches by variants such SamSam, BitPaymer, and Dharma over publicly exposed remote desktop services. [...] | Ransomware | ||
|
2018-09-26 03:05:00 | GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit (lien direct) | The GandCrab v5 ransomware has started to use the recently disclosed Task Scheduler ALPC vulnerability to gain System privileges on an infected computer. This vulnerability was recently patched by Microsoft in the September 2018 Patch Tuesday, but many companies may not have installed the patch. [...] | Ransomware Vulnerability | ||
|
2018-09-25 00:05:00 | GandCrab V5 Released With Random Extensions and New HTML Ransom Note (lien direct) | GandCrab v5 has been released with a few noticeable changes. The first change is that the ransomware now uses a random 5 character extension for encrypted files and a new HTML ransom note. [...] | Ransomware | ||
|
2018-09-21 18:50:04 | The Week in Ransomware - September 21st 2018 - Beer, Airports, & Dharma (lien direct) | This has been a busy week. We had a brewery hit, an airport's flight and arrival time displays taken out, and Dharma deciding to release three different variants in one week. The NSA CodeBreaker Challenge was also kicked off today and it has a ransomware theme this year. [...] | Ransomware | ||
|
2018-09-21 17:30:02 | Gamma, Bkp, & Monro Dharma Ransomware Variants Released in One Week (lien direct) | This week we have seen three new Dharma Ransomware variants released that append either the .Gamma, .Bkp, & .Monro extensions to encrypted files. [...] | Ransomware |
To see everything:
Our RSS (filtrered)
