Ransomware News, Articles and Updates

Not good: Ransomware is cheap to buy and developers are well paid

This fact rarely comes out on Law & Order, but for some crime pays. And pretty well.

Magniber ransomware in the wild, only targets South Korean targets

A new variety of ransomware has recently appeared and is displaying some very unusual behavior, primarily by only targeting South Korean entities and actively ignoring any other potential victims.

Ykcol and Asasin Locky variants released within short time frame

At least two new Locky ransomware variants have been released within less than a month of each other although one of the variants is broken.

Check Point: Locky second most wanted malware for October

Locky ransomware made an unexpected jump into second place on Check Point's Most Wanted Malware of the month list, but was unable to unseat Roughted malverstising software for the top spot.

The Dark Overlord broadens cyberattacks on school districts

The Dark Overlord expanded its attacks against schools last week when it took on two districts sending texts and emails that threatened the students safety if their ransom demand was not met.

City of Englewood, Colo. hit with ransomware

The city of Englewood, Colo. was hit with a ransomware attack which brought down the cities internal network.

128,000 Arkansas Oral & Facial Surgery Center patients compromised

In late July the Arkansas Oral & Facial Surgery Center was hit with a ransomware attack that not only locked up patient records, but may have also exposed their personal information.

Kangaroo Ransomware uses unique technique to infect and cover tracks

Straightforward family of malware that doesn't make any attempt to obfuscate code and tries to lock users out of Windows uses unique infection methods wreaks havoc.

Alive and Kickin'

WannaCry and NotPetya: Who, what, when and WHY?

There isn't a cybersecurity professional in the world that is not sick and tired of hearing about WannaCry and NotPetya, and with good reason as the NSA's EternalBlue exploit and DoublePulsar backdoor tool were known to the cybersecurity community well before either attack was launched.

Want to prevent ransomware attacks? Prepare.

The threat is huge. The response? Not so much. Or at least the response isn't on par with the threat when it comes to ransomware.

Bitdefender introduces ransomware recognition tool and BTCWare decryptor

Bitdefender on Tuesday unveiled two new free tools to fight ransomware: one that helps identify which malware family has infected a particular device, and one that decrypts BTCWare ransomware.

The 'Phantom' Menace? Extortionists threaten websites with DDoS attack

A cybercriminal group identifying itself as Phantom Squad has launched an email-based extortion campaign against thousands of businesses, threatening to debilitate their websites with a DDoS attack on Sept. 30 if they do not pay a ransom of .2 bitcoins.

Hacker asks for nude photos of victim instead of money to unlock computer

In a case where the cybercriminals possibly could end up with more than they bargained for, MalwarHunterTeam tweeted out news of a screenlocker posing as ransomware where the bad guys request nude photos of the victim instead of money.

Locky is coming: Ransomware campaign uses Game of Thrones-themed scripting variables

A Lannister always pays his debts. And you, too, may have to pay up if you become infected with Locky ransomware, delivered in an email distribution campaign that uses Game of Thrones references in its scripting variables.

Aggressive campaign spreads Locky variant with single identifier

An aggressive ransomware campaign is infecting victims with a Locky variant that only uses a single identifier for all of its victims.

Remotely locked Apple devices being held for ransom

Some Apple product owners have found themselves on the receiving end of a new ransom attack that has someone locking their device most likely using stolen iCloud credentials and the initiating the Find My iPhone remote lock feature.

WannaCry and Hollywood hospital ransomware attacks crossed a line for some cybercriminals

The ransomware infection that disrupted Hollywood Presbyterian Medical Center and the worldwide WannaCry attack in 2017 caused an ethical and philosophical rift among members of the Russian and Eastern European cybercriminal community.

Paradise ransomware is a fresh hell for computer users

A newly discovered ransomware-as-a-service program called Paradise may be attempting to infect computers via hacked Remote Desktop services, according to BleepingComputer creator and security expert Lawrence Abrams.

NIST develops guidelines for dealing with ransomware recovery

NIST along with vendors and businesses within the cybersecurity community teamed up to develop a recovery guide for firms hit with ransomware attacks.

Labor Day ransomware attacks wipe 26,000 MongoDB databases

A "MongoDB ransacking" spreadsheet created by researchers Dylan Katz and Victor Gevers showed a single group that uses "cru3lty@safe-mail.net" is responsible for 22,000 of the accounts hacked.

Royal pain: Websites compromised to deliver Princess ransomware via RIG exploit kit

A newly discovered drive-by download campaign is infecting victims with Princess Locker ransomware, by way of the RIG exploit kit..

ElTest campaign switches payload from ransomware to RAT

A social engineering scam orchestrated by the ElTest hacking group just had its final payload switched from ransomware to a remote access trojan, indicating a possible change in motive, researchers at Palo Alto Networks have reported.

Major malspam campaign pushing Locky ransomware via spoofed internal email addresses

A large malspam campaign using spoofed email addresses has attempted to infect recipients with ransomware in roughly 20 million detected attacks since Tuesday, researchers from Barracuda Networks have reported.