Attacks picked up at a rapid pace this week as well-known companies and cities were targeted with ransomware that impacted their networks.
This week we learned that the Snake Ransomware conducted targeted attacks again both Honda and the Enel Group. The amount of devices encrypted is unknown, but both attacks impacted their network and caused systems to be shut down while being investigated.
Contributors and those who provided new ransomware information and stories this week include: @demonslay335, @fwosar, @malwrhunterteam, @LawrenceAbrams, @malwareforme, @DanielGallagher, @struppigel, @BleepinComputer, @jorntvdw, @Seifreed, @FourOctets, @VK_Intel, @PolarToffee, @Ionut_Ilascu, @serghei, @AppRiver, @RecordedFuture, @milkr3am, @emsisoft, @briankrebs, @raby_mr, @GrujaRS, @ashabeeeee, and @fbgwls245.
June 6th 2020
A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse.
June 8th 2020
Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.
With a wink and a smile, the new Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide.
A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.
Michael Gillespie found a new STOP ransomware variant that appends the .zwer extension to encrypted files.
Michael Gillespie found a new Matrix Ransomware variant that appends the .AG88G extension and drops a ransom note named Readme_AG88G.rtf.
Emsisoft released a decryptor for the Zorab Ransomware that appends the .ZRB extension.
June 9th 2020
In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.
June 10th 2020
The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on.
GrujaRS found a new Such_Crypt Ransomware variant that appends the .mwahahah extension.
June 11th 2020
The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city’s offices.
European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network.
Michael Gillespie found a new STOP ransomware variant that appends the .nypd extension to encrypted files.
Michael Gillespie found a new variant of the DCRTR Ransomware that appends the .coka extension.
June 12th 2020
Ravi found a new SFile ransomware variant that appends the .ESCAL-p9yqoly extension to encrypted files.
Jakub Kroustek found new Dharma ransomware variants that append the .php or .hack extensions to encrypted files.
dnwls0719 found a new Makop Ransomware variant that appends the .origami extension to encrypted files.
Australian beverage giant Lion on Friday added further detail to the cyber incident it disclosed earlier this week, confirming it fell victim to a ransomware attack.