It has been a pretty quiet week with few alleged attacks against corporate victims and mostly new variants of existing ransomware released.
The most interesting news is the Conti ransomware that appears to share the same code as Ryuk and could possibly be its successor. Ryuk has significantly decreased in activity over the past couple of months, while Conti has seen an increase.
Only time will tell, but Conti is definitely one that we need to keep an eye on.
Contributors and those who provided new ransomware information and stories this week include: @VK_Intel, @fwosar, @struppigel, @BleepinComputer, @Seifreed, @jorntvdw, @malwareforme, @Ionut_Ilascu, @demonslay335, @serghei, @DanielGallagher, @FourOctets, @LawrenceAbrams, @PolarToffee, @malwrhunterteam, @JakubKroustek, @emsisoft, @malwarebytes, @fbgwls245, @xiaopao80087499, SentinelLabs, and @JAMESWT_MHT.
July 4th 2020
Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data.
July 5th 2020
dnwls0719 found the IT Ransomware that appends the .IT extension to encrypted files.
July 6th 2020
Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary.
EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation’s systems, the Portuguese multinational energy giant Energias de Portugal (EDP).
Jakub Kroustek found new variants of the Dharma Ransomware that append the .bmtf or the .prnds extension.
Michael Gillespie found a new STOP Ransomware variant that appends the .maas extension.
July 7th 2020
Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows the recovery of encrypted files, which would remain lost in lack of a backup.
Emsisoft released a decryptor for the SpartCrypt ransomware.
The ThiefQuest malware, which was discovered last week, may not actually be ransomware according to new findings. The behaviors that have been documented thus far are still all accurate, but we no longer believe that the ransom is the actual goal of this malware.
Michael Gillespie found a new FonixCrypter variant that appends the .repter extension.
xiaopao found a CoronaCrypt Ransomware variant that appends the .Encrypted extension.
Michael Gillespie found the new Panther Ransomware that targets users in China. This ransomware appends the .panther extension and drops a ransom note named LOCKED_README.txt.
July 8th 2020
Michael Gillespie found a new Dharma variant that appends .teamV extension to encrypted files.
July 9th 2020
The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Conti’s distribution is increasing.
July 10th 2020
Jakub Kroustek found new variants of the Dharma Ransomware that append the .null, .felix, or the .gns extensions.
Michael Gillespie found a new Dharma variant that appends .smpl extension to encrypted files.
JAMESWT found a new variant of the Thanos Ransomware that is asking for 20k ransom.