• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
WebSetNet

WebSetNet

Technology News

  • Technology News
    • Mobile
    • Games
  • Internet Marketing
  • System Admin
    • Windows
    • Linux
    • Mac & Apple
    • Website Scripts
      • Wordpress

The Week in Ransomware – February 2nd 2018 – TOR Sites Stealing Ransom Payments & GandCrab

August 5, 2020 by Martin6

This has been an interesting week in ransomware news. We had the GandCrab ransomware being released and distributed by exploit kits, TOR gateways stealing ransom payments from ransomware devs, and a bunch of towns getting hit with ransomware.

Contributors and those who provided new ransomware information and stories this week include: @hexwaxwing, @demonslay335, @Seifreed, @campuscodi, @LawrenceAbrams, @malwareforme, @PolarToffee, @struppigel, @malwrhunterteam, @BleepinComputer, @jorntvdw, @fwosar, @DanielGallagher, @FourOctets, @proofpoint, @CryptoInsane, @Malwarebytes, @thedailyherald, @wcnc, @BBCWorld, @CryptoInsane.

January 29th 2018

GandCrab Ransomware Distributed by Exploit Kits, Appends GDCB Extension

A new ransomware was discovered by David Montenegro called GandCrab was released towards the end of last week that is currently being distributed via exploit kits. GandCrab has some interesting features not seen before in a ransomware, such as being the first to accept the DASH currency and the first to utilize the Namecoin powered .BIT tld.

Tor-to-Web Proxy Caught Replacing Bitcoin Addresses on Ransomware Payment Sites

Proofpoint discovered that the operators of at least one Tor proxy service was recently caught replacing Bitcoin addresses on ransomware ransom payment sites, diverting funds meant to pay for ransomware decrypters to the site’s operators.

SC school district latest victim to ransomware

According to NBC Charlotte, the Chester County school district was affected by a ransomware.

Chester County School District posted on its Facebook page Monday that ransomware hit the district’s servers over the weekend. The post went on to say that no data has been taken or breached, and it has a specialist on site to assist the district.

New Dharma/Crysis variant

Michael Gillespie discovered a new variant of Dharma/Crysis uploaded to ID-Ransomware that utilizes the .write.

January 30th 2018

Utility payments back online following ransomware

According to the The Daily Herald, the Spring Hill, Tennessee city computers were hit with an undisclosed ransomware.

Spartanburg public library computer system hit by ransomware

According to the Herald-Journal, the Spartanburg County Public Libraries in South Carolina was hit with an undisclosed ransomware.

Hangry and ransomware added to Oxford English Dictionary

According to the BBC:

Mansplaining, ransomware and hangry are among more than 1,000 words that have been added to the latest Oxford English Dictionary (OED).

January 31st 2018

MindLost Ransomware Is a Piece of Junk That Wants to Collect Credit Card Details

MalwareHunterTeam discovered a new ransomware called MindLost that encrypts users files and redirects users to an online page to pay the ransom via credit/debit card.

New GlobeImposter variant discovered

Michael Gillespie discovered a new variant of Globe Imposter uploaded to ID-Ransomware that appends the .DREAM extension to encrypted files.

February 1st 2018

Ransomware Hero to Receive FBI Award

The US Federal Bureau of Investigation (FBI) announced on Tuesday that it would be awarding the FBI Director’s Community Leadership Award to Michael Gillespie for his efforts in combating ransomware and helping users who fell victims to this threat.

GandCrab Ransomware being sold as a Ransomware as a Service (RaaS)

David Montenegro discovered that GandCrab is being promoted as a RaaS on underground criminal forums.

February 2nd 2018

Scarabey Ransomware – A Scarab Version Targeting Enterprises

Malwarebytes discovered a new version of the Scarab ransomware has been spotted in the wild, but instead of being distributed via email spam campaigns, crooks are brute-forcing computers with weakly-secured RDP connections and are installing the ransomware manually on each system.

System Cryptomix Ransomware Variant Released

Michael Gillespie discovered a new Cryptomix variant uploaded to ID-Ransomware this week. Today, I was able to find a sample so we can see what has changed. For the most part, it is the same as previous variants except it now appends the .SYSTEM extension to encrypted files and changes the contact emails used by the ransomware.

New Tear Dr0p v2 Ransomware discovered

MalwareHunterTeam discovered a new ransomware caled Tear Dr0p v1. This ransomware taunts you via speech from the computer’s speakers. It is decryptable.

InfiniteTear V3 released

Lawrence Abrams discovered a new variant of InfiniteTear called InfiniteTear V3. It still uses Telegram to send your details to the developer. It also appends the .Infinite extension to encrypted files, drops a ransom note named #How_Decrypt_Files.txt, and has [email protected] as the contact info.

That’s it for this week! Hope everyone has a nice weekend!

Source

Related posts:

  1. The best Michael Kors smartwatches you can buy: Bradshaw 2, MKGO, and more
  2. How To Start A Premium WordPress Blog (Step-by-Step Guide)
  3. Sophisticated new Android malware marks the latest evolution of mobile ransomware
  4. Turn On Built-in Ransomware Protection In Windows 10
  5. Trend Micro Ransomware File Decryptor will decrypt files encrypted by Ransomware
  6. McAfee Ransomware Recover (Mr2) can help in decrypting files encrypted by Ransomware
  7. System Cryptomix Ransomware Variant Released
  8. Ako Ransomware targeting businesses using RaaS
  9. Running out of storage? Try these tips to free up space on Windows 10
  10. Top 20 GNOME Extensions You Should Be Using Right Now

Filed Under: Uncategorized

Primary Sidebar

Trending

  • How to fix Windows Update Error 80244019
  • Windows 10 Update keeps failing with error 0x8007001f – 0x20006
  • How To Change Netflix Download Location In Windows 10
  • Troubleshoot Outlook “Not implemented” Unable to Send Email Error
  • How do I enable or disable Alt Gr key on Windows 10 keyboard
  • How To Install Android App APK on Samsung Tizen OS Device
  • 3 Ways To Open PST File Without Office Outlook In Windows 10
  • FIX: Windows Update error 0x800f0986
  • How to Retrieve Deleted Messages on Snapchat
  • Latest Samsung Galaxy Note 20 leak is a spec dump revealing key features
  • Install Android 7.0 Nougat ROM on Galaxy Core 2 SM-G355H
  • 192.168.1.1 Login, Admin Page, Username, Password | Wireless Router Settings
  • Websites to Watch Movies Online – 10+ Best Websites Without SignUp/Downloading
  • How to Backup SMS Messages on Your Android Smartphone
  • How to delete a blank page at the end of a Microsoft Word document
  • Fix: The Disc Image File Is Corrupted Error In Windows 10
  • Android 11 Custom ROM List – Unofficially Update Your Android Phone!
  • Samsung Galaxy Z Fold 3 could be scheduled for June 2021, with S Pen support

Footer

Tags

Amazon amazon prime amazon prime video Apple Application software epic games Galaxy Note 20 Galaxy S22 Plus Galaxy S22 Ultra Google Sheets headphones Huawei icloud Instagram instant gaming ip address iPhone iphone 12 iphone 13 iphone 13 pro max macOS Microsoft Microsoft Edge Mobile app office 365 outlook Pixel 6 Samsung Galaxy Samsung Galaxy Book 2 Pro 360 Samsung Galaxy Tab S8 Smartphone speedtest speed test teams tiktok Twitter vpn WhatsApp whatsapp web Windows 10 Windows 11 Changes Windows 11 Release Windows 11 Update Windows Subsystem For Android Windows 11 Xiaomi

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org