The Week in Ransomware - May 29th 2020 - Quiet before the storm?
by Lawrence AbramsFor the most part, this week has been fairly quiet with not a lot of new ransomware released and only a few large-scale ransomware attacks.
The biggest news is the Netwalker attack on Michigan State University and a [F]Unicorn spam campaign targeting italy.
Other than that, it has been thankfully pretty quiet.
Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @jorntvdw, @Seifreed, @Ionut_Ilascu, @VK_Intel, @malwareforme, @PolarToffee, @BleepinComputer, @serghei, @demonslay335, @malwrhunterteam, @struppigel, @FourOctets, @fwosar, @DanielGallagher, @siri_urz, @JAMESWT_MHT, and @fbgwls245.
May 23rd 2020
New PayB Dharma Ransomware variant
dnwls0719 found a new variant of the Dharma Ransomware that appends the .payb extension to encrypted files.
May 25th 2020
New BlackClaw Ransomware
Michael Gillespie found a new ransomware called Black Claw that appends the .bclaw extension to encrypted files and drops a ransom note named RECOVER YOUR FILES.hta.
May 26th 2020
List of ransomware that leaks victims' stolen files if not paid
Starting last year, ransomware operators have escalated their extortion strategies by stealing files from victims before encrypting their data. These stolen files are then used as further leverage to force victims to pay.
New [F]Unicorn ransomware hits Italy via fake COVID-19 infection map
A new ransomware threat called [F]Unicorn has been encrypting computers in Italy by tricking victims into downloading a fake contact tracing app that promises to bring real-time updates for COVID-19 infections.
May 27th 2020
Ransomware's big jump: ransoms grew 14 times in one year
Ransomware has become one of the most insidious threats in the past couple of years, with actors scaling up their operations to the point that the average ransom demand increased more than 10 times in one year.
New Pezi STOP Ransomware variant
Michael Gillespie discovered a new STOP Ransomware variant that appends the .pezi extension to encrypted files.
May 28th 2020
Michigan State University network breached in ransomware attack
Michigan State University received a deadline to pay ransomware attackers under the threat that files stolen from the institution’s network will be leaked to the public.
New Banks1 Ransomware
Michael Gillespie found a new ransomware that appends the .banks1 extension and drops a ransom note named ReadMe.txt.
Real Ransomwar discovered
Jack found a new ransomware that I will, uh, let the image for speak for itself:
May 29th 2020
New Zorab Ransomware
S!Ri found the new Zorab Ransomware that appends the .ZRB extension to encrypted files and drops a ransom note named --DECRYPT--ZORAB.txt.
New Elvis Presley Jigsaw variant
Jack found a new Jigsaw Ransomware variant appending the .ElvisPresley extension to encrypted files.