The Week in Ransomware – June 12th 2020

Attacks picked up at a rapid pace this week as well-known companies and cities were targeted with ransomware that impacted their networks.

This week we learned that the Snake Ransomware conducted targeted attacks again both Honda and the Enel Group. The amount of devices encrypted is unknown, but both attacks impacted their network and caused systems to be shut down while being investigated.

We also saw attacks against the cities of Knoville, Tennessee and Florence, Alabama.

New information was also released about the new Avaddon Ransomware being distributed via spam and the Thanos RaaS that has some interesting features.

Contributors and those who provided new ransomware information and stories this week include: @demonslay335, @fwosar, @malwrhunterteam, @LawrenceAbrams, @malwareforme, @DanielGallagher, @struppigel, @BleepinComputer, @jorntvdw, @Seifreed, @FourOctets, @VK_Intel, @PolarToffee, @Ionut_Ilascu, @serghei, @AppRiver, @RecordedFuture, @milkr3am, @emsisoft, @briankrebs, @raby_mr, @GrujaRS, @ashabeeeee, and @fbgwls245.

June 6th 2020

Fake ransomware decryptor double-encrypts desperate victims’ files

A fake decryptor for the STOP Djvu Ransomware is being distributed that lures already desperate people with the promise of free decryption. Instead of getting their files back for free, they are infected with another ransomware that makes their situation even worse.

Fake decryptor

June 8th 2020

Honda investigates possible ransomware attack, networks impacted

Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.

New Avaddon Ransomware launches in massive smiley spam campaign

With a wink and a smile, the new Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide.

Avaddon ransom note

Maze Ransomware adds Ragnar Locker to its extortion cartel

A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.

Maze cartel

New ZWER STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .zwer extension to encrypted files.

New Matrix Ransomware variant discovered

Michael Gillespie found a new Matrix Ransomware variant that appends the .AG88G extension and drops a ransom note named Readme_AG88G.rtf.

Zorab Ransomware decryptor released

Emsisoft released a decryptor for the Zorab Ransomware that appends the .ZRB extension.

June 9th 2020

Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity

In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.

June 10th 2020

Thanos ransomware auto-spreads to Windows devices, evades security

The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on.

Thanos

New Such_Crypt variant

GrujaRS found a new Such_Crypt Ransomware variant that appends the .mwahahah extension.

June 11th 2020

City of Knoxville shuts down network after ransomware attack

The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city’s offices.

Power company Enel Group suffers Snake Ransomware attack

European energy company giant Enel Group suffered a ransomware attack a few days ago that impacted its internal network.

New NYPD STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .nypd extension to encrypted files.

New DCRTR Ransomware variant

Michael Gillespie found a new variant of the DCRTR Ransomware that appends the .coka extension.

June 12th 2020

New SFile ransomware variant

Ravi found a new SFile ransomware variant that appends the .ESCAL-p9yqoly extension to encrypted files.

New Dharma Ransomware variant

Jakub Kroustek found new Dharma ransomware variants that append the .php or .hack extensions to encrypted files.

New Makop Ransomware variant

dnwls0719 found a new Makop Ransomware variant that appends the .origami extension to encrypted files.

Lion warns of beer shortages following ransomware attack

Australian beverage giant Lion on Friday added further detail to the cyber incident it disclosed earlier this week, confirming it fell victim to a ransomware attack.

That’s it for this week! Hope everyone has a nice weekend!

Kent

Next Post

Deep-sea currents are behind the ocean’s thickest piles of microplastics | Science

Sat Jun 13 , 2020
By Meagan CantwellJun. 12, 2020 , 12:55 PM Plastic is everywhere: high atop mountains, scattered through national parks, and floating in the Great Pacific garbage patch. Now, researchers have tracked our plastic waste in another place—the deep sea. To find out whether certain features on the sea floor had greater […]