This week we saw French law enforcement releasing a decryptor for the pyLocky Ransomware. We also saw a charity in Washington and a airplane manufacturer become infected with ransomware.
Other than that, it was mostly new variants of existing ransomware released this week.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @jorntvdw, @demonslay335, @struppigel, @Seifreed, @fwosar, @malwareforme, @FourOctets, @LawrenceAbrams, @BleepinComputer, @malwrhunterteam, @PolarToffee, @KateFazzini, @CapsLo0ck, @campuscodi, @GDataPH, @Amigo_A_, @siri_urz, and @petrovic082.
June 8th 2019
New Myskle and Boston STOP Djvu Ransomware
Michael Gillespie found a new variants of the STOP Djvu Ransomware that append the .myskle or .boston extensions to encrypted files.
STOP Decryptor Updated
Michael Gillespie updated his STOP Decryptor to contain the offline key for the .heroset variant.
June 9th 2019
New Zoh Dharma Ransomware variant
Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .zoh extension to encrypted files.
JSWorm Ransomware 3.1 Released
Amigo-A discovered JSWorm Ransomware 3.1 that uses a new ransom note named JSWORM-DECRYPT.hta. Still uses the .jsworm extension.
June 10th 2019
New Muslat STOP Djvu Ransomware
Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .muslat extension to encrypted files.
June 11th 2019
Food Bank Hit By Ransomware, Needs Your Charity to Rebuild
Ransomware attacks hit indiscriminately and sometimes they may affect charitable organizations that can’t afford to surrender to the demand. Auburn Food Bank in King County, Washington, fell victim to a ransomware strain known as GlobeImposter 2.0, which encrypted all computers on their network.
How Cybercriminals Recruited Young Romanian Woman
In this excerpt from Kate Fazzini’s “Kingdom of Lies,” one former Romanian hacker tells how she got into the biz.
New Gerosan STOP Djvu Ransomware
Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .gerosan extension to encrypted files.
New Html Dharma Ransomware variant
Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .html extension to encrypted files.
Bisquilla Ransomware discovered
Jack found the Bisquilla Ransomware, which appears to be in dev as it does not encrypt.
New Cephalo Ransomware discovered
Daniel Gallagher discovered a ransomware being distributed through a LNK file that contains a PowerShell command.
June 12th 2019
Ransomware identification for the judicious analyst
Malware detection is a simple yes- or no-answer to the question: Is this file malicious?
Or in case of ransomware detection: Is this file ransomware? Identification on the other hand will provide an aswer to the question: Which malware or ransomware family is this?
Ransomware halts production for days at major airplane parts manufacturer
ASCO, one of the world's largest suppliers of airplane parts, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium.
New SD 1.1 Ransomware
A new ransomware called SD 1.1 was posted on the BleepingComputer forums and was identified by Amigo-A, The ransomware appends the .[Unlock11@protonmail.com].enc extension.
June 13th 2019
pyLocky Decryptor Released by French Authorities
A decryptor for pyLocky Ransomware versions 1 and 2 has been released by French authorities that allows victim to decrypt their files for free.
New Vesad STOP Djvu Ransomware
Michael Gillespie found a new variant of the STOP Djvu Ransomware that appends the .vesad extension to encrypted files.
STOP Decryptor Updated
Michael Gillespie updated his STOP Decryptor to contain the offline key for the .boston, .muslat, and .gerosan extension.
New Harma Dharma Ransomware variant
Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .harma extension to encrypted files.
Armageddon Ransomware Discovered
S!Ri discovered the Armageddon Ransomware. This ransomware does not encrypt all files on the PC.
New Poop Ransomware?
Petrovic found a new ransomware that appends the .poop extension to encrypted files. It is quite ugly too.
June 14th 2019
GandCrab is covering up their tracks
CapsLo0ck noticed that the Gandcrab devs have asked Exploit.in to delete their posts on the site.
Comments
shubham1994 - 5 years ago
[+] Loaded 42 offline keys
Please archive the following info in case of future decryption:
[*] MACs: 78:45:C4:24:D8:4F, 16:17:31:27:B7:1A, 26:17:31:27:B7:1A, 56:17:31:27:B7:1A, A4:17:31:27:B7:1A
This info has also been logged to STOPDecrypter-log.txt
Selected directory: C:\Users\MY DELL\Desktop\kkk
Starting decryption...
[+] File: C:\Users\MY DELL\Desktop\kkk\Deploy.docx.redmat
[-] No key for ID: JvAQfVMYRswb0EKh7gGxdyhzlu3RlF8ahI9MEpMY (.redmat )
Decrypted 0 files!
Skipped 1 files.
[!] No keys were found for the following IDs:
[*] ID: JvAQfVMYRswb0EKh7gGxdyhzlu3RlF8ahI9MEpMY (.redmat )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 78:45:C4:24:D8:4F, 16:17:31:27:B7:1A, 26:17:31:27:B7:1A, 56:17:31:27:B7:1A, A4:17:31:27:B7:1A
This info has also been logged to STOPDecrypter-log.txt
thanks in advance, heroes
hirensoni81 - 1 year ago
[!] No keys were found for the following IDs:
[*] ID: LSSbvAvfhWNEJVSoCVdt2p0MCHbaUYRNts1emkOS (.bttu )
[*] ID: LSSbvAvfhWNEJVSoCVdt2p0MCHbaUYRNts1emkOS (.iswr )
[*] ID: LSSbvAvfhWNEJVSoCVdt2p0MCHbaUYRNts1emkOS (.BAK )
[*] ID: LSSbvAvfhWNEJVSoCVdt2p0MCHbaUYRNts1emkOS (.xlsx )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 80:CE:62:EB:D1:3B, 72:C9:4E:61:3C:87, 70:C9:4E:61:3C:87, 00:17:7C:85:C2:1A, 70:C9:4E:61:3C:88, 70:C9:4E:61:3C:87
This info has also been logged to STOPDecrypter-log.txt