The Week in Ransomware – July 17th 2020

With Twitter hackers, 10/10 vulnerabilities, and Cloudflare outages this week, thankfully ransomware has been pretty slow this week.

The biggest news is Orange confirming they were hit with a Nefilim ransomware attack and business customer’s data being stolen. We also saw an interesting ransomware that utilizes the Age encryption tool.

Other than that, it has mostly been smaller attackers and new ransomware variants released.

Contributors and those who provided new ransomware information and stories this week include: @demonslay335, @VK_Intel, @struppigel, @malwrhunterteam, @fwosar, @BleepinComputer, @LawrenceAbrams, @Seifreed, @serghei, @DanielGallagher, @PolarToffee, @FourOctets, @jorntvdw, @Ionut_Ilascu, @malwareforme, @JakubKroustek, @xiaopao80087499, @fbgwls245, @Amigo_A_, @campuscodi, and @360TotalSec.

July 12th 2020

New Matrix Ransomware variant

xiaopao found a new Matrix Ransomware variant that appends the .AL8P extension and drops a ransom note named Readme_AL8P.rtf.

New FonixCrypter variant

dnwls0719 found a new FonixCrypter variant that appends the .XINOF extension.

FonixCrypter

July 13th 2020

New AgeLocker Ransomware uses Googler’s utility to encrypt files

A new and targeted ransomware named AgeLocker utilizes the ‘Age’ encryption tool created by a Google employee to encrypt victim’s files.

Age encryption

New REPL STOP Ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .repl extension to encrypted files.

New DATA and SMPL Dharma Ransomware variants

Jakub Kroustek found two new variants of the Dharma Ransomware that append either the .data or .smpl extension to encrypted files.

The chance of data being stolen in a ransomware attack is greater than one in ten

The data theft and name-and-shame tactics initiated by Maze in November 2019 and subsequently adopted by multiple other groups have blurred the line between ransomware attack and data breach.

July 14th 2020

New ZBW Makop Ransomware variant

Michael Gillespie found a new Makop Ransomware variant that appends the .zbw extension and drops a ransom note named readme-warning.txt.

July 15th 2020

New FastWind Ransomware hunt

Michael Gillespie is looking for a new ransomware that appends the .FastWind extension and drops a ransom note named ransomware.txt.

FlowEncryption file encryption

Recently, 360 Security Center has detected that a file encryption virus in the form of a hoax has appeared on the network. In view of the encrypted file suffix of the virus is named “.flowEncryption”, we named it “flowEncryption file encryption virus”.

July 16th 2020

Orange confirms ransomware attack exposing business customers’ data

Orange has confirmed to BleepingComputer that they suffered a ransomware attack exposing the data of twenty of their enterprise customers.

New Matrix Ransomware variant

Michael Gillespie found a new Makop Ransomware variant that appends the .BNFD extension to encrypted files.

July 17th 2020

Cloud provider stopped ransomware attack but had to pay ransom demand anyway

Blackbaud, a provider of software and cloud hosting solutions, said it stopped a ransomware attack from encrypting files earlier this year but still had to pay a ransom demand anyway after hackers stole data from the company’s network and threatened to publish it online.

New SPARE Dharma Ransomware variant

Michael Gillespie found a new Dharma Ransomware variant that appends the .spare extension to encrypted files.

New Maoloa Ransomware variant

Michael Gillespie found a new Maoloa Ransomware variant that appends the .Globeimposter-Alpha865qqz extension to encrypted files.

New REPL STOP Ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .kuus extension to encrypted files.

That’s it for this week! Hope everyone has a nice weekend!

Kent

Next Post

Dogs may use Earth’s magnetic field to take shortcuts | Science

Sat Jul 18 , 2020
Video cameras and GPS allowed researchers to track the navigation of hunting dogs, such as this wire-haired miniature dachshund named Hurvinek Valentinka. Kateřina Benediktová and Hynek Burda By Erik StokstadJul. 17, 2020 , 8:00 AM Dogs are renowned for their world-class noses, but a new study suggests they may have […]