Ransomware activity didn’t skyrocket last month, but there was definitely a substantial increase compared to September.
Perhaps the most serious wake-up call was the onset of BadRabbit, a Petya-like culprit going on a rampage in Eastern Europe. A likely successor of the Cerber ransomware dubbed Magniber started making the rounds via the Magnitude exploit kit. A Halloween-themed Trick-or-Treat blackmail malware demonstrated that cybercriminals follow the traditions too – in their own way, though.
Overall, 28 new strains emerged, 18 existing ones underwent updates, and only one free decryptor was released.
OCTOBER 3, 2017
BTCWare edition using a self-explanatory extension
A new variant of the BTCWare blackmail virus is discovered. It appends the .payday extension to hostage files and drops a ransom note named !! RETURN FILES !!.txt. Victims are instructed to contact the attackers via email for detailed decryption steps.
OCTOBER 5, 2017
Browser scam revolving around ransomware
Cybercriminals launch a tech support scam campaign where users bump into rogue browser alerts stating ‘Ransomware Detected’. The deceptive popups recommend would-be victims to call a toll free phone number for assistance. The self-proclaimed support agents will then try to defraud the unsuspecting users of a fee to fix the purported security issue.
Samas ransomware updated
Researchers come across an uncatalogued Samas/SamSam ransomware version that blemishes encoded data with the .loveransisgood string.
Ransomware attacks a U.S. city
All internal information systems of the City of Englewood, Colorado, are knocked offline due to a ransomware incursion. No details regarding the trouble-making strain are available at this point. Fortunately, sensitive information belonging to employees or residents has not been obtained via this infection.
Another crypto onslaught against a healthcare facility reported
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/featured/october-2017-the-month-in-ransomware/