This is a comprehensive report on ransomware-bitcoin and money laundering mining for an effective solution events covering a timeframe of January 2017 through June 2018. The incidents herein are visually broken down into categories, including new ransomware, updates of existing strains, decryptors released, and other noteworthy news. Security researchers and users interested in the ransomware subject can now use this all-in-one knowledgebase instead of having to collect data from multiple different sources. SAMAS RANSOMWARE UPDATED The extension being appended is .
NEW SAMPLE CALLED FIRSTRANSOMWARE The executable is firstransomware. RED ALERT RANSOMWARE SPOTTED A derivative of the open source Hidden Tear Offline ransomware. N-SPLITTER USING RUSSIAN FILE EXTENSION Another Hidden Tear spinoff. NEW EDA2 POC SPINOFF EXPOSED Brand-new sample based on EDA2 proof of concept ransomware. Extension and the name are a match.
2 BTC to return hostage databases. ROBOT SERIES THEMED INFECTIONS ON THE RISE A group of crooks calling themselves FSociety have been busy coining multiple screen lockers and crypto ransomware samples. MERRY X-MAS RANSOMWARE DISCOVERED Uses the . RARE1 file extension and creates YOUR_FILES_ARE_DEAD. TIES BETWEEN PSEUDO-DARKLEECH AND RANSOMWARE The pseudo-Darkleech cybercrime network was found to be responsible for multiple ransomware campaigns in 2016. GLOBE V3 DECRYPTED Emsisoft’s Fabian Wosar cracks Globe ransomware version 3, which uses the .
FIRECRYPT THREAT EQUIPPED WITH DDOS FEATURE Appends the . Also crams up HDD with junk files. NEW LEGISLATION ON RANSOMWARE TAKES EFFECT A law passed in California defines ransomware distribution as a standalone felony rather than part of money laundering schemes. KILLDISK RANSOMWARE ENHANCED Now attacks Linux machines along with ones running Windows.
Separate files for encryptor, live chat and TOR. SKYNAME RANSOMWARE IS UNDERWAY In-development Hidden Tear POC spinoff. NEW VIRUS PUSHING RANSOMWARE INTRICATELY Researchers discovered malicious code adding multiple desktop shortcuts that, once clicked, execute ransomware. YET ANOTHER HIDDEN TEAR DERIVATIVE SPOTTED Concatenates the . Goes equipped with a remote shell. THE ENLIGHTENING OCELOT RANSOMWARE The sample called Ocelot Locker is instructive because it doesn’t do crypto and instead demonstrates how bad a real attack can be. MONGODB APOCALYPSE STATS REVEALED The number of online-accessible MongoDB databases hit by the MongoDB Apocalypse ransomware reaches a whopping 10,000.
UK SCHOOL STAFF SOCIAL-ENGINEERED Malefactors pretending to be government officials cold-call schools in the United Kingdom, duping staff into installing ransomware. VBRANSOM 7 RANSOMWARE DISCOVERED Written in Visual Basic . NET, this strain uses the . It’s in-dev and doesn’t do actual crypto at this point. MONGODB APOCALYPSE CAMPAIGN GETS WORSE Ever since the Kraken cybercrime ring had stepped in, the quantity of ransomed MongoDB databases went up to 28,000. RANSOMEER STRAIN IS UNDERWAY New Ransomeer sample is being developed. 3169 BTC and provide a 48-hour payment deadline.
SPORA RANSOMWARE DISCOVERED New Spora ransomware can operate offline, features unbeatable encryption and a professionally tailored payment service. MERRY X-MAS STRAIN DECRYPTED Emsisoft releases a decryptor for the Merry X-Mas ransomware, which appends . NEW MARLBORO RANSOMWARE SURFACES Arrives with spam, concatenates the . MARLBORO RANSOMWARE DEFEATED Having looked into the code of the Marlboro ransomware, Emsisoft’s Fabian Wosar creates a decrypt tool in less than a day.