Start Ransomware

Posted: October 31, 2019 | Category: Ransomware
The .Start Ransomware is a crypto-virus belonging to the ever-growing Dharma/CrySiS Ransomware family. However, the new dog in the regiment comes with a new email contact namely starter@cumallover.me and appends the new ‘.start’ extension to the encrypted data. The latter may (or may not) be preceded by the victim’s unique ID number. Dozens of AV solutions are already capable of detecting the Start Ransomware. The ‘.start’ appendix is new to the Dharma Ransomware family, and that’s what differentiates its most recent offshoot from those, which came before. Albeit new, the .Start...

Asus Ransomware

Posted: October 31, 2019 | Category: Ransomware
A new strain of file-encrypting ransomware started making the rounds in late October 2019. Researchers are calling it the Asus Ransomware, after the file extension it appends to any encrypted file. It appears this new version is an offshoot of the Dharma Ransomware family. You can find more information about the Dharma Ransomware in our article on it here. The distribution method for the Asus Ransomware is the one most commonly used by ransomware actors in general - corrupted e-mail messages that contain either an attachment or a link to a site that hosts the payload. The Asus...

Encryptd Ransomware

Posted: October 30, 2019 | Category: Ransomware
The Encryptd Ransomware is a crypto-virus named after the extension it adds to every file it affects - .encryptd. However, there were scarce details about its overall behavior. Nevertheless, some of its features give researchers a clue in what the .Encryptd Ransomware may be all about. After bringing the encryption process to a successful end, this ransomware appends the ‘.encryptd’ suffix to damaged data and generates a ransom note. The latter is a text file dubbed 'README_FOR_DECRYPT.txt,' and its content is as follows: 'All your data has been locked(crypted). How to...

Nakw Ransomware

Posted: October 30, 2019 | Category: Ransomware
The Nakw Ransomware is a brand-new crypto-virus which, according to researchers, stems from the popular Djvu Ransomware breed. The malware applies a strong encryption algorithm, which renders the user’s files inaccessible unless a ransom is paid out in exchange for a decryption tool. The encrypted files are recognizable easily thanks to the ‘.nakw’ appendix, which is added next to the encrypted file real extension. Unlike other popular ransomware threats out there, the Nakw Ransomware does not demand Bitcoin or other cryptocurrency. Rather, it demands real money, as set out in the ransom...

Mespinoza Ransomware

Posted: October 30, 2019 | Category: Ransomware
In late October 2019, a new variety of ransomware was spotted in the wild. There are few details concerning any relationships to larger families of existing ransomware, so researchers are calling the new strain by the handle used in the ransom demand email - Mespinoza Ransomware. The Mespinoza Ransomware affects a wide variety of file types, comprising all common extensions, including images, audio and music files, databases, office documents and PDF files. The encrypted files receive the .locker extension, which means that a file named "cat_and_dog.jpg" originally will become...

JayTHL Ransomware

Posted: October 30, 2019 | Category: Ransomware
A new ransomware sample is attacking users on a global scale this month. Known as the JayTHL virus, this new malware string seems to belong to the infamous SamSam Ransomware family. Recent research still does not reveal which hacking group stays behind it. However, the typical operational chain and the built-in encryption module suggest that JayTHL is being developed and operated by experienced hackers. The JayTHL Ransomware main distribution methods also are still undefined; yet crypto viruses usually infect their victims over phishing email campaigns, corrupted links on website...

Coot Ransomware

Posted: October 29, 2019 | Category: Ransomware
The Coot Ransomware is a file-locking Trojan that's part of the STOP Ransomware or Djvu Ransomware's family. The Coot Ransomware appends its extension onto files' names after locking them using encryption and asks for money through ransom notes. Paying the ransom doesn't unlock anything automatically, however, and users should depend on backup solutions combined with anti-malware services that can remove the Coot Ransomware safely. As propagation-heavy as the STOP Ransomware 's family business is, there remains room for more versions of it in the wild, as the Coot Ransomware's campaign...

FuxSocy Ransomware

Posted: October 29, 2019 | Category: Ransomware
A new ransomware strain that borrows large chunks of code from the now infamous Cerber Ransomware has been detected in the wild. First discovered by cybersecurity expert, the malware goes by the name FuxSocy Encryptor, which, apparently, is inspired by the FSociety hacking group from the hit TV series Mr. Robot. The FuxSocy Ransomware follows the typical ransomware model of behavior - it infiltrates the user computer, uses strong encryption algorithms to lock the targeted files, and then demands a ransom from the victim in exchange for a decryptor tool that can restore the data. While it...

Xda Ransomware

Posted: October 29, 2019 | Category: Ransomware
The Xda Ransomware is a new strain that appeared in late-October 2019. However, it is believed to be an offshoot of the Dharma/Crysis Ransomware clan. In accordance with older Dharma attacks, this new variant assigns a unique nine-character ID number to each victimized PC. The ID number is a random mixture of numbers and letters and forms the first part of the extension appended to each encrypted file. It is then followed by the email contact provided by the crooks behind the attack. A .xda appendix rounds out the whole thing so that it looks like this: [File name].[File...

Bot Ransomware

Posted: October 29, 2019 | Category: Ransomware
The Bot Ransomware is a new variant of the infamous Dharma Ransomware that comes with a new extension added to the encrypted data, as well as a new email contact for getting in touch with the crooks behind it. Everything else in terms of features and modus operandi is practically identical to the Dharma Ransomware . While a typical Dharma Ransomware attack may feature one appendix or another, never before has it appended the ‘.id-XXXXXXX.[admin@sectex.net].bot!’ extension to each file it encrypts. Nor has it featured the contact email admin@sectex.net, either. However, if victims do...

CCryptor Ransomware

Posted: October 29, 2019 | Category: Ransomware
A new ransomware is on the loose. Security researchers spotted the new threat in late October 2019 and are calling it the CCryptor Ransomware. The CCryptor Ransomware is distributed primarily through phishing emails that contain malicious links and exploit vulnerability CVE-2017-11882 on Windows machines. The CCryptor Ransomware uses the RSA and AES256 encryption, and in addition to being ransomware, it's also a delayed wiper. The CCryptor Ransomware gives its victims four days to pay the ransom, and if payment is not made within that time frame, all data in the encrypted files will be...

DavesSmith Ransomware

Posted: October 28, 2019 | Category: Ransomware
The DavesSmith Ransomware is a new crypto-virus strain. First detected in October 2019, the DavesSmith Ransomware applies a strong AES encryption algorithm to lock targeted users out of their data unless they agree to pay an unspecified Bitcoin (BTC) ransom amount. The DavesSmith Ransomware seems to have no connection whatsoever to any existing ransomware threats yet. While DavesSmith may sport a unique malicious code, it still uses the conventional infection vectors in its quest to infect as many targets as possible. In this regard, DavesSmith tries to take advantage of the entire...

PhobosImposter Ransomware

Posted: October 28, 2019 | Category: Ransomware
The PhobosImposter Ransomware is a data-encryption malware that was detected by cybersecurity experts recently. The PhobosImposter Ransomware uses a strong encryption to lock the files on the infected computer rendering them unusable. Then the malware demands payment in Bitcoins from the victim for the restoration of the data. The name of this particular string of malware - PhobosImposter, was chosen due to the .phobos extension it uses for the encrypted files, the same extension that has been associated with the Phobos Ransomware ever since it was first detected back in October 2017....

COCKROACH_LOCKER Ransomware

Posted: October 28, 2019 | Category: Ransomware
A new ransomware has been spotted in the wild by security researchers. The new ransomware has been called the Cockroach Locker Ransomware tentatively, after the file extension it uses. Files scrambled by the Cockroach Locker Ransomware receive the .[cockroach@cock.lu].COCKROACH extension. This means that a file that was named "ledger.xlsx" originally will turn into "ledger.xlsx.[cockroach@cock.lu].COCKROACH" once encrypted by the ransomware. There is little information about the internals of the encryption that Cockroach Locker uses, but there is some conjecturing that it might be a new...

Hdmr Ransomware

Posted: October 25, 2019 | Category: Ransomware
The Hdmr Ransomware is a file-encryption Trojan that is not compatible with any of the readily available decryption tools. The operators of this ransomware may distribute it with the use of phishing emails, fake downloads, and pirated software or media – to protect yourself and your computer from cyber-threats, you should avoid downloading unknown files, if they come from a shady source especially. Often, dealing with the consequences of a malware attack may be as simple as running an anti-virus scanner, but, unfortunately, in the case of a ransomware attack, the task may be much more...