With No More Ransom turning 4, Garmin suddenly recovering from their ransomware attack, and a GandCrab affiliate being arrested in Belarus, it has been quite a week when it comes to ransomware news.
The biggest story of the week is Garmin enabling services again and the rumors that it paid a $5 million ransom for the decryptor. Fast forward to the end of the week, and the next big news is the arrest of a GandCrab ransomware affilaite in Belarus.
The rest of the news is the release of new variants and some attacks that occurred this week.
Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @BleepinComputer, @serghei, @FourOctets, @DanielGallagher, @malwrhunterteam, @Seifreed, @demonslay335, @fwosar, @VK_Intel, @struppigel, @LawrenceAbrams, @PolarToffee, @Ionut_Ilascu, @jorntvdw, @MarceloRivero, @kaspersky, @TrendMicroRSRCH, and @xiaopao80087499.
July 27th 2020
The No More Ransom Project celebrates its fourth anniversary today after helping over 4.2 million visitors recover from a ransomware infection and saving an estimated $632 million in ransom payments.
Garmin has officially confirmed that they were victims of a ransomware attack as they slowly bring their Garmin Connect, Strava, and navigation services back online.
Michael Gillespie found a new variant of STOP Ransomware that is appending the .kook extension to encrypted files.
July 28th 2020
The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack.
North Korean-backed hackers tracked as the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets according to a report published by Kaspersky researchers today.
Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers.
Toffee found a new Everbe ransomware variant that appends the .COCKROACH extension to encrypted files.
Michael Gillespie found a new variant of Matrix Ransomware that appends the .DECC extension to encrypted files.
Marcelo Rivero found a new variant of the Dharma Ransomware that appends the .tcprx extension to encrypted files.
July 29th 2020
The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices.
xiaopao discovered a new variant of the CryLock Ransomware that appends a random extension to encrypted files.
xiaopao discovered a new ransomware called ElmersGlue_3 (not kidding).
Toffee found a new MedusaLocker Ransomware variant that appends the .deadfiles extension to encrypted files.
Marcelo Rivero found a new variant of the Dharma Ransomware that appends the .mnbzr extension to encrypted files.
July 30th 2020
Michael Gillespie found a new variant of Matrix Ransomware that appends the .MH24 extension and drops a ransom note named MH24_README.rtf.
xiaopao discovered a new ransomware that does not append an extension but drops a ransom note named RANSOM_NOTE.txt.
July 31st 2020
Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted in sensitive information being accessed by the hackers.
Michael Gillespie found a new variant of Xorist Ransomware that appends the .GlUtEzOn.VaNoLe extension to encrypted files.
An affiliate of the GandCrab ransomware-as-a-business (RaaS) has been arrested, according to some Russian news sources. Authorities in Russia were able to identify the individual in cooperation with law enforcement in Romania and the U.K.
Emsisoft released an updated decryptor the RedRum Ransomware that now decrypts the .thanos variant.