From many articles we have collected the following news about there was New ransomware varients released last week. The following are the new releases . Thanks bleepingcomputers for sharing this info.

April 21st 2018

BlackHeart Ransomware discovered

Jakub Kroustek discovered the BlackHeart Ransomware. This ransomware appends the .pay2me or .BlackRouter extension to encrypted files and drops a ransom note named ReadME-BLackHeart.txt.

 

April 22nd 2018
Kraken Ransomware uses Discord as a C2

Leo found a new in-development ransomware called Kraken that was using a Discord server and a Discord webhook to act as the C2 server for infected victims.

 

April 23rd 2018
P.E.I. government website hit by ransomware attack

The Guardian reports that the Prince Edwards Island government web site was infected with ransomware. This ransomware is VevoLocker.

GandCrab v2.1 Released

Marcelo Rivero discovered that a version 2.1 of the GandCrab ransomware was released. This version uses code injection into svchost.exe and uses a new proxy domain of ahnlab.com.
New PUBG Ransomware “Special 999Hours” / “TALK SHOP Edition”

MalwareHunterTeam found a new variant of the PUBG Ransomware called “Special 999Hours” / “TALK SHOP Edition”. This variant requires you to play 999 hours to decrypt your files.

 

April 24th 2018
Xorist variant with an incredibly annoying extension

MalwareHunterTeam found a new Xorist variant that uses the very long and annoying extension of PAY_IN_MAXIM_24_HOURS_OR_ALL_YOUR_FILES_WILL_BE_PERMANENTLY_DELETED_PLEASE_BE_REZONABLE_you_have_only_1_single_chance_to_make_the_payment”.

 

Oblivion Ransomware spotted

Michael Gillespie spotted the Oblivion Ransomware from submissions to ID-Ransomware. This ransomware scrambles the file name and then appends the .OBLIVION extension and drops a note named OBLIVION DECRYPTION INFORMATION.TXT.

 

April 25th 2018
Ransomware Hits HPE iLO Remote Management Interfaces

Attackers are targeting Internet accessible HPE iLO 4 remote management interfaces, supposedly encrypting the hard drives, and then demanding Bitcoins to get access to the data again. While it has not been 100% confirmed if the hard drives are actually being encrypted, we do know that multiple victims have been affected by this attack since yesterday.

 

New .mich LockCrypt variant can be decrypted

Michael Gillespie spotted a new variant of the LockCrypt ransomware and was able to decrypt it. If you are infected with a variant that appends the .mich extension, contact Michael.

 

 

April 26th 2018
New C# Ransomware Compiles itself at Runtime

A new in-development ransomware was discovered by MalwareHunterTeam that has an interesting characteristic. Instead of the distributed executable performing the ransomware functionality, the executables compiles an embedded encrypted C# program at runtime and launches it directly into memory.

 

April 27th 2018
KCW Ransomware Encrypting Web Sites in Pakistan

Team Kerala Cyber Warriors, a hacking group based out of India, have begun to install ransomware on web sites based out of Pakistan. This ransomware, called KCW Ransomware, encrypts the files on a web site and then demands a ransom payment in order to get the files back.

 

Reference: https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-27th-2018-ilo-kcw-and-vevolocker/

© 2018, Techrunnr. All rights reserved.

#1
#2
#3
Questions Answered
Articles Written
Overall Points
Categories: Security

Prabhin Prabharkaran

He is Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!!

0 Comments

Leave a Reply

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.