November didn’t shape up to be revolutionary in terms of ransomware, but the shenanigans of cyber-extortionists continued to be a major concern. The reputation of the Hidden Tear PoC ransomware project hit another low as it spawned a bunch of new real-life spinoffs. The crooks who created the strain dubbed Ordinypt should be really ashamed of themselves, as their brainchild goes a scorched-earth route and simply destroys victims’ data beyond recovery. Furthermore, quite a few copycats of the infamous WannaCry ransomware popped up only to demonstrate that the original is always better than the sequel.

All in all, here’s a brief statistical breakdown of the month: 37 new ransomware species were discovered, 23 existing samples got a facelift, and three ransomware decryptors were released by the white hats.

NOVEMBER 1, 2017

Hidden Tear offshoot with French origin

Threat actors continue to abuse the proof-of-concept Hidden Tear ransomware. Its newest real-life incarnation targets French users, appends encrypted files with the .hacking extension, and instructs victims to contact the attacker at fbi-cybercrimedivision@hotmail.com.

NOVEMBER 2, 2017

Ostentatious claims regarding Hidden Tear

An umpteenth remake of the above-mentioned academic Hidden Tear goes live. It blemishes encrypted files with the .locked string, drops READ_ME.txt help manual, and displays a questionably truthful warning screen that says it’s “one of the most powerful ransomware’s around”.

Magniber strain updated

Magniber, a ransomware sample that’s most likely a successor to the nasty Cerber culprit, undergoes an update within one of the multiple affiliate campaigns. The infection switches to subjoining the .skvtb extension to ransomed files.

It’s time for Jigsaw to get some fine-tuning

Cybercriminals release a new variant of the Jigsaw ransomware, a true old stager on the extortion arena. The pest now appends the .game suffix to victims’ data entries while still displaying the same movie-themed (Read more...)