ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Looks like even ransomware developers take time off for the holidays as there was not much activity over the past couple of weeks. We have seen mostly new variants being release, with the biggest being CryptoMix.
Otherwise, just a few small in development ransomwares being released. Hopefully, this downward trend will continue, but if I could hazard a guess, we will see increased released towards the end of the month.
Contributors and those who provided new ransomware information and stories this week include: @demonslay335, @fwosar, @malwareforme, @campuscodi, @FourOctets, @struppigel, @LawrenceAbrams, @malwrhunterteam, @BleepinComputer, @Seifreed, @PolarToffee, @hexwaxwing, @DanielGallagher, @jorntvdw, and @siri_urz.
December 25th 2017
Michael Gillespie saw a new ransomware called Dangerous or Damage Ransomware uploaded to ID Ransomware. This ransomware appends the .wtf extension to encrypted files and drops a ransom note named HOWTODECRYPTFILES.html.
December 28th 2017
December 29th 2017
Siri discovered a new ransomware being dubbed Pulpy Ransomware.
Siri discovered a new ransomware called MadBit that appends the .enc extension to encrypted files.
January 2nd 2018
This is a quick analysis of the in development infection called Heropoint Ransomware that was discovered by Lawrence Abrams. This article will contain technical information related to how it infects a computer, how it is distributed, and whether it can be decrypted.
Lawrence Abrams discovered a new variant of the Korean File-Locker ransomware that now uses the .razy extension.
Michael Gillespie discovered the MMM Ransomware, which appends the .triple_m extension to encrypted files and saves the encrypted key in a corresponding *.info file. Another variant uses the .0x009d8a extension. It also drops a ransom note named RESTORE_triple_m__FILES.html. It may be decryptable.
January 3rd 2018
January 4th 2018
The devs behind the Cryptomix ransomware just keep pushing them out. A new Cryptomix variant was released last week that appends the .SERVER extension to encrypted files and changes the contact emails used by the ransomware.
That’s it for this week! Hope everyone has a nice weekend!
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.