The Week in Ransomware – July 10th 2020

It has been a pretty quiet week with few alleged attacks against corporate victims and mostly new variants of existing ransomware released.

The most interesting news is the Conti ransomware that appears to share the same code as Ryuk and could possibly be its successor. Ryuk has significantly decreased in activity over the past couple of months, while Conti has seen an increase.

Only time will tell, but Conti is definitely one that we need to keep an eye on.

Contributors and those who provided new ransomware information and stories this week include: @VK_Intel, @fwosar, @struppigel, @BleepinComputer, @Seifreed, @jorntvdw, @malwareforme, @Ionut_Ilascu, @demonslay335, @serghei, @DanielGallagher, @FourOctets, @LawrenceAbrams, @PolarToffee, @malwrhunterteam, @JakubKroustek, @emsisoft, @malwarebytes, @fbgwls245, @xiaopao80087499, SentinelLabs, and @JAMESWT_MHT.

July 4th 2020

Companies start reporting ransomware attacks as data breaches

Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data.

July 5th 2020

IT Ransomware discovered

dnwls0719 found the IT Ransomware that appends the .IT extension to encrypted files.

IT Ransomware

July 6th 2020

Ransomware attack on insurance MSP Xchanging affects clients

Global IT services and solutions provider DXC Technology announced over the weekend a ransomware attack on systems from its Xchanging subsidiary.

EDP energy giant confirms Ragnar Locker ransomware attack

EDP Renewables North America (EDPR NA) confirmed a Ragnar Locker ransomware attack that affected its parent corporation’s systems, the Portuguese multinational energy giant Energias de Portugal (EDP).

New Dharma Ransomware variants

Jakub Kroustek found new variants of the Dharma Ransomware that append the .bmtf or the .prnds extension.

New MAAS STOP Ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .maas extension.

July 7th 2020

ThiefQuest info-stealing Mac wiper gets free decryptor

Poor coding of the ThiefQuest ransomware in disguise that targets macOS users allows the recovery of encrypted files, which would remain lost in lack of a backup.

New SpartCrypt decryptor

Emsisoft released a decryptor for the SpartCrypt ransomware.

Mac ThiefQuest malware may not be ransomware after all

The ThiefQuest malware, which was discovered last week, may not actually be ransomware according to new findings. The behaviors that have been documented thus far are still all accurate, but we no longer believe that the ransom is the actual goal of this malware.

New FonixCrypter Ransomware variant

Michael Gillespie found a new FonixCrypter variant that appends the .repter extension.

New CoronaCrypt variant

xiaopao found a CoronaCrypt Ransomware variant that appends the .Encrypted extension.

New Panther Ransomware targets users in China

Michael Gillespie found the new Panther Ransomware that targets users in China. This ransomware appends the .panther extension and drops a ransom note named LOCKED_README.txt.

July 8th 2020

New TEAMV Dharma Ransomware variant

Michael Gillespie found a new Dharma variant that appends .teamV extension to encrypted files.

July 9th 2020

Conti ransomware shows signs of being Ryuk’s successor

The Conti Ransomware is an upcoming threat targeting corporate networks with new features that allow it to perform quicker and more targeted attacks. There are also indications that this ransomware shares the same malware code as Ryuk, who has slowly been fading away, while Conti’s distribution is increasing.

Conti

July 10th 2020

New Dharma Ransomware variants

Jakub Kroustek found new variants of the Dharma Ransomware that append the .null, .felix, or the .gns extensions.

New SMPL Dharma Ransomware variant

Michael Gillespie found a new Dharma variant that appends .smpl extension to encrypted files.

Thanos Ransomware attack asking for $20k

JAMESWT found a new variant of the Thanos Ransomware that is asking for 20k ransom.

That’s it for this week! Hope everyone has a nice weekend!

Kent

Next Post

‘Huge hole’ in COVID-19 testing data makes it harder to study racial disparities | Science

Sat Jul 11 , 2020
Complete data from COVID-19 testing sites in low-income areas, such as this one at Interbay Village in Seattle, are crucial to fighting the pandemic.  DAVID RYDER/REUTERS By Kelly ServickJul. 10, 2020 , 6:25 PM Science‘s COVID-19 reporting is supported by the Pulitzer Center and the Heising-Simons Foundation. At a virtual […]