We have had quite a bit of interesting news this week regarding ransomware. First we had the Kraken Cryptor deciding to connect to BleepingComputer.com during different stages of the encryption process, then we had a decryptor released by Bitdefender for GandCrab v1, v4, and v5, and finally a new FilesLocker rasnomware as a service.
Unfortunately, today the GandCrab developers released a new variant that breaks the current Bitdefender decryptor.
Other than that, its mostly been releases of new variants of existing ransomware such as Dharma and Matrix.
Contributors and those who provided new ransomware information and stories this week include: @jorntvdw, @malwareforme, @Seifreed, @struppigel, @LawrenceAbrams, @demonslay335, @DanielGallagher, @PolarToffee, @malwrhunterteam, @fwosar, @BleepinComputer, @FourOctets, @hexwaxwing, @nao_sec, @kafeine, @0x009AD6_810, @Bitdefender, @ESET, @GrujaRS, @JakubKroustek. @tamas_boczan. and @siri_urz.
October 20th 2018
Jakub Kroustek found a new variant of the Dharma Ransomware that appends the .betta extension to encrypted files.
October 21st 2018
Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption
Over the weekend, the Kraken Cryptor Ransomware released version 2.0.6, which now connects to BleepingComputer during different stages of their encryption process. It is not known what they are trying to achieve by doing this, but it does provide BleepingComputer with insight into the amount of victims being infected by this ransomware.
October 22nd 2018
Michael Gillespie found a new variant of the Matrix Ransomware that appends the .GMPF extension to encrypted files.
Michael found a new ransomware that appends the .SOLO extension and drops a ransom note named IHRE_DATEIEN_SIND_VERSCHLUESSELT.html. Not the most sophisticated ransomware as it encrypts its own note.
October 23rd 2018
Michael Gillespie found another Xorist Ransomware variant that uses a crazy long extension.
GrujaRS discovered a new HiddenTear variant called HiddenBeer that appends the .beer extension to encrypted files.
October 24th 2018
Jakub Kroustek found a new Dharma Ransomware variant that appends the .vanss extension and drops a ransom note named Info.html and FILES ENCRYPTED.txt.
October 25th 2018
Free Decrypter Available for the Latest GandCrab Ransomware Versions
A newly released decryptor allows for the free recovery of files encrypted by GandCrab versions 1, 4, and 5.
New FilesLocker Ransomware Offered as a Ransomware as a Service
A new ransomware called FilesLocker is being distributed as a Ransomware as a Service, or RaaS, that targets Chinese and English speaking victims.
ESET releases new decryptor for Syrian victims of GandCrab ransomware
ESET experts have created a new decryption tool that can be used by Syrian victims of the GandCrab ransomware. It is based on a set of keys recently released by the malware operators
Michael Gillespie found a new Dharma Ransomware variant that appends the .FUNNY extension to encrypted files.
Michael Gillespie added detections for extortion scam emails.
October 26th 2018
Tamas Boczan discovered that GandCrab v5.0.5 was released, which breaks the free decryption through Bitdefender’s recently released decryptor.
S!Ri discovered a new ransomware that appends the .docx extension to encrypted files.