The Week in Ransomware – July 31st 2020

With No More Ransom turning 4, Garmin suddenly recovering from their ransomware attack, and a GandCrab affiliate being arrested in Belarus, it has been quite a week when it comes to ransomware news.

The biggest story of the week is Garmin enabling services again and the rumors that it paid a $5 million ransom for the decryptor. Fast forward to the end of the week, and the next big news is the arrest of a GandCrab ransomware affilaite in Belarus.

We also had No More Ransom turning 4, an interesting report from Kaspersky tying the Lazarus hacking group to the VHD ransomware, and a warning from the FBI about the NetWalker ransomware.

The rest of the news is the release of new variants and some attacks that occurred this week.

Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @BleepinComputer, @serghei, @FourOctets, @DanielGallagher, @malwrhunterteam, @Seifreed, @demonslay335, @fwosar, @VK_Intel, @struppigel, @LawrenceAbrams, @PolarToffee, @Ionut_Ilascu, @jorntvdw, @MarceloRivero, @kaspersky, @TrendMicroRSRCH, and @xiaopao80087499.

July 27th 2020

No More Ransom turns 4: Saves $632 million in ransomware payments

The No More Ransom Project celebrates its fourth anniversary today after helping over 4.2 million visitors recover from a ransomware infection and saving an estimated $632 million in ransom payments.

Garmin confirms ransomware attack, services coming back online

Garmin has officially confirmed that they were victims of a ransomware attack as they slowly bring their Garmin Connect, Strava, and navigation services back online.

New KOOK STOP Ransomware variant

Michael Gillespie found a new variant of STOP Ransomware that is appending the .kook extension to encrypted files.

July 28th 2020

Business giant Dussmann Group’s data leaked after ransomware attack

The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack.

North Korean hackers created VHD ransomware for enterprise attacks

North Korean-backed hackers tracked as the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets according to a report published by Kaspersky researchers today.

Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux

Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers.

New Everbe ransomware variant

Toffee found a new Everbe ransomware variant that appends the .COCKROACH extension to encrypted files.

New Matrix Ransomware variant

Michael Gillespie found a new variant of Matrix Ransomware that appends the .DECC extension to encrypted files.

New Dharma Ransomware variant

Marcelo Rivero found a new variant of the Dharma Ransomware that appends the .tcprx extension to encrypted files.

July 29th 2020

FBI warns of Netwalker ransomware targeting US government and orgs

The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices.

New CryLock Ransomware variant

xiaopao discovered a new variant of the CryLock Ransomware that appends a random extension to encrypted files.

New ElmerGlue_3 Ransomware

xiaopao discovered a new ransomware called ElmersGlue_3 (not kidding).

ElmersGlue_3

New MedusaLocker Ransomware variant

Toffee found a new MedusaLocker Ransomware variant that appends the .deadfiles extension to encrypted files.

New Dharma Ransomware variant

Marcelo Rivero found a new variant of the Dharma Ransomware that appends the .mnbzr extension to encrypted files.

July 30th 2020

New Matrix Ransomware variant

Michael Gillespie found a new variant of Matrix Ransomware that appends the .MH24 extension and drops a ransom note named MH24_README.rtf.

New ransomware discovered

xiaopao discovered a new ransomware that does not append an extension but drops a ransom note named RANSOM_NOTE.txt.

July 31st 2020

Canadian MSP discloses data breach, failed ransomware attack

Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted in sensitive information being accessed by the hackers.

New Xorist Ransomware variant

Michael Gillespie found a new variant of Xorist Ransomware that appends the .GlUtEzOn.VaNoLe extension to encrypted files.

GandCrab ransomware operator arrested in Belarus

An affiliate of the GandCrab ransomware-as-a-business (RaaS) has been arrested, according to some Russian news sources. Authorities in Russia were able to identify the individual in cooperation with law enforcement in Romania and the U.K.

Emsisoft released an updated decryptor for RedRum

Emsisoft released an updated decryptor the RedRum Ransomware that now decrypts the .thanos variant.

That’s it for this week! Hope everyone has a nice weekend!

Kent

Next Post

Antiabortion ethicists and scientists dominate Trump’s fetal tissue review board | Science

Sat Aug 1 , 2020
Health and Human Services Secretary Alex Azar (right) is carrying out President Donald Trump’s fetal tissue policy. REUTERS/Jonathan Ernst By Meredith Wadman, Jocelyn KaiserJul. 31, 2020 , 6:10 PM Last summer, the Trump administration clamped down on federally funded fetal tissue research by requiring that such projects go through an ethics review […]