The Week in Ransomware – October 23rd 2020


This week has been busy with ransomware related news, including new charges against Russian state-sponsored hackers and numerous attacks against well-known organizations.

In 2017, there was an attack utilizing the NotPetya ransomware to destroy data on systems worldwide. This week, the US govt indicted six Russian intelligence operatives, known to be part of the notorious ‘Sandworm’ group, for hacking operations, including NotPetya.

We also learned of numerous attacks against large organizations, such as Barnes & Noble, the Monreal public transit system (STM), Sopra Steria, and Boyne Resorts.

Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @demonslay335, @VK_Intel, @BleepinComputer, @Seifreed, @PolarToffee, @serghei, @jorntvdw, @struppigel, @fwosar, @malwareforme, @Ionut_Ilascu, @LawrenceAbrams, @FourOctets, @malwrhunterteam, @ValeryMarchive, @Sophos, @BrettCallow, @thepacketrat, @Kangxiaopao, @siri_urz, @MarceloRivero, @JakubKroustek, @Glacius_, and @GrujaRS

October 17th 2020

New Dharma ransomware variants

Jakub Kroustek found new Dharma ransomware variants that append the .Crypt and .LCK extension to encrypted files.

New Pransomware ransomware

@Glacius_ found a copy of BlackKingdom ransomware that was renamed to Pransomware.


October 18th 2020

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .efji extension to encrypted files.

October 19th 2020

US indicts Russian GRU ‘Sandworm’ hackers for NotPetya, worldwide attacks

The U.S. Department of Justice has charged six Russian intelligence operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the notorious NotPetya ransomware attack.

New Vaggen Ransomware

Marcelo Rivero found a new ransomware named Vaggen that appends the .VAGGEN extension and drops ransom notes named ABOUT_UR_FILES.txt and AboutYourFiles.txt.


October 20th 2020

Darkside ransomware donates $20K of extortion money to charities

The operators of Darkside ransomware have donated some of the money they made extorting victims to nonprofits Children International and The Water Project.