The Week in Ransomware – May 29th 2020

For the most part, this week has been fairly quiet with not a lot of new ransomware released and only a few large-scale ransomware attacks.

The biggest news is the Netwalker attack on Michigan State University and a [F]Unicorn spam campaign targeting italy.

Other than that, it has been thankfully pretty quiet.

Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @jorntvdw, @Seifreed, @Ionut_Ilascu, @VK_Intel, @malwareforme, @PolarToffee, @BleepinComputer, @serghei, @demonslay335, @malwrhunterteam, @struppigel, @FourOctets, @fwosar, @DanielGallagher, @siri_urz@JAMESWT_MHT, and @fbgwls245.

May 23rd 2020

New PayB Dharma Ransomware variant

dnwls0719 found a new variant of the Dharma Ransomware that appends the .payb extension to encrypted files.

May 25th 2020

New BlackClaw Ransomware

Michael Gillespie found a new ransomware called Black Claw that appends the .bclaw extension to encrypted files and drops a ransom note named RECOVER YOUR FILES.hta.

Black Claw

May 26th 2020

List of ransomware that leaks victims’ stolen files if not paid

Starting last year, ransomware operators have escalated their extortion strategies by stealing files from victims before encrypting their data. These stolen files are then used as further leverage to force victims to pay.

New [F]Unicorn ransomware hits Italy via fake COVID-19 infection map

A new ransomware threat called [F]Unicorn has been encrypting computers in Italy by tricking victims into downloading a fake contact tracing app that promises to bring real-time updates for COVID-19 infections.

Fake COVID-19 Dashboard

May 27th 2020

Ransomware’s big jump: ransoms grew 14 times in one year

Ransomware has become one of the most insidious threats in the past couple of years, with actors scaling up their operations to the point that the average ransom demand increased more than 10 times in one year.

New Pezi STOP Ransomware variant

Michael Gillespie discovered a new STOP Ransomware variant that appends the .pezi extension to encrypted files.

May 28th 2020

Michigan State University network breached in ransomware attack

Michigan State University received a deadline to pay ransomware attackers under the threat that files stolen from the institution’s network will be leaked to the public.

New Banks1 Ransomware

Michael Gillespie found a new ransomware that appends the .banks1 extension and drops a ransom note named ReadMe.txt.

Real Ransomwar discovered

Jack found a new ransomware that I will, uh, let the image for speak for itself:

Real Ransomwar

May 29th 2020

New Zorab Ransomware

S!Ri found the new Zorab Ransomware that appends the .ZRB extension to encrypted files and drops a ransom note named –DECRYPT–ZORAB.txt.


New Elvis Presley Jigsaw variant

Jack found a new Jigsaw Ransomware variant appending the .ElvisPresley extension to encrypted files.

That’s it for this week! Hope everyone has a nice weekend!


Next Post

U.S. move imperils effort to reduce weapons risk from Iranian reactor | Science

Sat May 30 , 2020
Reporters visit Iran’s Arak Heavy Water Complex in late 2019. SIPA via AP By Richard StoneMay. 29, 2020 , 6:15 PM Ratcheting up its maximum pressure campaign on Iran, the U.S. State Department will no longer waive sanctions against parties redesigning an Iranian heavy water reactor to sharply curtail its […]