The Week in Ransomware – November 2nd 2018
This week we saw another RaaS called CommonRansom, another DiskCryptor variation, and various Dharma variation discharged. Else, it has been a genuinely light news week for ransomware.
Patrons and the individuals who gave new ransomware data and stories this week include: @Seifreed, @demonslay335, @PolarToffee, @struppigel, @malwrhunterteam, @malwareforme, @hexwaxwing, @FourOctets, @DanielGallagher, @BleepinComputer, @fwosar, @jorntvdw, @LawrenceAbrams, @GrujaRS, @china591, @JakubKroustek, @John_Fokker, @Hath3way, and @McAfee_Labs.
October 28th 2018
Two New Dharma Variants
Jakub Kroustek discovered two new Dharma variations that affix the .like or .gdb expansion.
October 30th 2018
CommonRansom Ransomware Demands RDP Access to Decrypt Files
Another ransomware called CommonRansom was found that has an extremely peculiar demand. With the end goal to unscramble a PC after an installment is made, they require the injured individual to open up Remote Desktop Services on the influenced PC and send them administrator certifications with the end goal to decode the unfortunate casualty’s documents. The ransomware affixss the [[email protected]].CommonRansom expansion and drops a payoff note named DECRYPTING.txt.
CommonRansom Ransom Note
New .XXXXX Dharma Variant
Jakub Kroustek found another variation of the Dharma Ransomware that annexes the .xxxxx and drops a payment note named FILES ENCRYPTED.txt.
Dharma
New Vendetta Ransomware
Michael Gillespie found the Vendetta Ransomware which renames documents to hex and includes the .quarrel expansion. It at that point drops a payoff note named How to unscramble files.txt. A precedent document name is 6F-12-09-78-15-FF-97-A4-49-66-F5-C6-81-00-3D-42.vendetta.
Kraken Ransomware 2.0.7 Released
MalwareHunterTeam found that Kraken Cryptor 2.0.7.1 beta was discharged and is requesting 1 BTC as the payment.
Kraken 2.0.7
Aftermath Exploit Kit Releases the Kraken Ransomware on Its Victims
McAfee reports:
Ascending from the profound, Kraken Cryptor ransomware has had a prominent improvement way as of late. The principal indications of Kraken came in mid-August on a prevalent underground discussion. In mid-September it was accounted for that the malware engineer had put the ransomware, taking on the appearance of a security arrangement, on the site SuperAntiSpyware, tainting frameworks that attempted to download a real form of the antispyware programming.
November first 2018
New Desktop Ransomware found
MalwareHunterTeam found the Desktop Ransomware, which prepends Lock. to filenames. Fly shared the stick number to open, which is “00114455220033669988554477++//”.
Work area Ransomware
November second 2018
New Ransomware utilizing DiskCryptor With Custom Ransom Message
Another ransomware has been found that introduces DiskCryptor on the tainted PC and reboots your PC. On reboot, exploited people will be welcomed with a custom payoff take note of that clarifies that their circle has been scrambled and to contact [email protected].
DiskCryptor
SimmyWare Ransomware Discovered
GrujaRS found another ransomware considered SimmyWare that affixss the .SIMMYWARE expansion and drops a payment note named SIMMYWARE.txt.
SimmyWare
That is it during the current week! Expectation everybody has a decent end of the week!
