The Week in Ransomware – November 2nd 2018

This week we saw another RaaS called CommonRansom, another DiskCryptor variation, and various Dharma variation discharged. Else, it has been a genuinely light news week for ransomware.

Patrons and the individuals who gave new ransomware data and stories this week include: @Seifreed, @demonslay335, @PolarToffee, @struppigel, @malwrhunterteam, @malwareforme, @hexwaxwing, @FourOctets, @DanielGallagher, @BleepinComputer, @fwosar, @jorntvdw, @LawrenceAbrams, @GrujaRS, @china591, @JakubKroustek, @John_Fokker, @Hath3way, and @McAfee_Labs.

October 28th 2018

Two New Dharma Variants

Jakub Kroustek discovered two new Dharma variations that affix the .like or .gdb expansion.

October 30th 2018

CommonRansom Ransomware Demands RDP Access to Decrypt Files

Another ransomware called CommonRansom was found that has an extremely peculiar demand. With the end goal to unscramble a PC after an installment is made, they require the injured individual to open up Remote Desktop Services on the influenced PC and send them administrator certifications with the end goal to decode the unfortunate casualty’s documents. The ransomware affixss the [[email protected]].CommonRansom expansion and drops a payoff note named DECRYPTING.txt.

CommonRansom Ransom Note

New .XXXXX Dharma Variant

Jakub Kroustek found another variation of the Dharma Ransomware that annexes the .xxxxx and drops a payment note named FILES ENCRYPTED.txt.


New Vendetta Ransomware

Michael Gillespie found the Vendetta Ransomware which renames documents to hex and includes the .quarrel expansion. It at that point drops a payoff note named How to unscramble files.txt. A precedent document name is 6F-12-09-78-15-FF-97-A4-49-66-F5-C6-81-00-3D-42.vendetta.

Kraken Ransomware 2.0.7 Released

MalwareHunterTeam found that Kraken Cryptor beta was discharged and is requesting 1 BTC as the payment.

Kraken 2.0.7

Aftermath Exploit Kit Releases the Kraken Ransomware on Its Victims

McAfee reports:

Ascending from the profound, Kraken Cryptor ransomware has had a prominent improvement way as of late. The principal indications of Kraken came in mid-August on a prevalent underground discussion. In mid-September it was accounted for that the malware engineer had put the ransomware, taking on the appearance of a security arrangement, on the site SuperAntiSpyware, tainting frameworks that attempted to download a real form of the antispyware programming.

November first 2018

New Desktop Ransomware found

MalwareHunterTeam found the Desktop Ransomware, which prepends Lock. to filenames. Fly shared the stick number to open, which is “00114455220033669988554477++//”.

Work area Ransomware

November second 2018

New Ransomware utilizing DiskCryptor With Custom Ransom Message

Another ransomware has been found that introduces DiskCryptor on the tainted PC and reboots your PC. On reboot, exploited people will be welcomed with a custom payoff take note of that clarifies that their circle has been scrambled and to contact [email protected].


SimmyWare Ransomware Discovered

GrujaRS found another ransomware considered SimmyWare that affixss the .SIMMYWARE expansion and drops a payment note named SIMMYWARE.txt.


That is it during the current week! Expectation everybody has a decent end of the week!

Leave a Reply

Your email address will not be published. Required fields are marked *