This has been a slow week in terms of new variants, but we continue to see enterprise-targeting ransomware operators threatening to release data for non-paying victims.

With Coronavirus on everyone’s minds, malware developers have turned to campaigns utilizing COVID-19 themed phishing scams or malware to take advantage of the panic and anxiety induced by the outbreak.

Of particular interest, are two ransomware infections called CoronaVirus Ransomware and CovidLock that use the outbreak as a theme for their infections.

Stay safe out there!

Contributors and those who provided new ransomware information and stories this week include: @fwosar, @malwareforme, @BleepinComputer, @serghei, @FourOctets, @struppigel, @jorntvdw, @demonslay335, @DanielGallagher, @LawrenceAbrams, @Ionut_Ilascu, @malwrhunterteam, @Seifreed, @PolarToffee, @VK_Intel, @DomainTools, and @LastlineLabs.

March 7th 2020

New LOKD STOP Ransomware variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .lokd extension to encrypted files.

Ransomware Threatens to Reveal Company’s ‘Dirty’ Secrets

The operators of the Sodinokibi Ransomware are threatening to publicly share a company’s “dirty” financial secrets because they refused to pay the demanded ransom.

March 8th 2020

Ryuk Ransomware Behind Durham, North Carolina Cyberattack

The City of Durham, North Carolina has shut down its network after suffering a cyberattack by the Ryuk Ransomware this weekend.

New FOOP STOP Ransomware variant

Michael Gillespie found a new variant of the STOP Ransomware that appends the .foop extension to encrypted files.

March 10th 2020

Paradise Ransomware Distributed via Uncommon Spam Attachment

Attackers have started to send Excel Web Query attachments in phishing campaigns to download and install the Paradise Ransomware on unsuspecting victims.

Paradise Ransomware

March 12th 2020

New CoronaVirus Ransomware Acts as Cover for Kpot Infostealer

A new ransomware called CoronaVirus has been distributed through a fake web site pretending to promote the system optimization software and utilities from WiseCleaner.

CoronaVirus Ransomware

March 13th 2020

Nemty rebrands as Nefilim

MalwareHunterTeam found that the Nemty Ransomware has rebranded as NEFILIM. Drops a ransom note named NEFILIM-DECRYPT.txt and appends the extension .NEFILIM.

CovidLock: Mobile Coronavirus Tracking App Coughs Up Ransomware

In reality, the app is poisoned with ransomware. This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.

That’s it for this week! Hope everyone has a nice weekend!





Source link

You must be logged in to post a comment.