This week has been busy with ransomware related news, including new charges against Russian state-sponsored hackers and numerous attacks against well-known organizations.
In 2017, there was an attack utilizing the NotPetya ransomware to destroy data on systems worldwide. This week, the US govt indicted six Russian intelligence operatives, known to be part of the notorious ‘Sandworm’ group, for hacking operations, including NotPetya.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @demonslay335, @VK_Intel, @BleepinComputer, @Seifreed, @PolarToffee, @serghei, @jorntvdw, @struppigel, @fwosar, @malwareforme, @Ionut_Ilascu, @LawrenceAbrams, @FourOctets, @malwrhunterteam, @ValeryMarchive, @Sophos, @BrettCallow, @thepacketrat, @Kangxiaopao, @siri_urz, @MarceloRivero, @JakubKroustek, @Glacius_, and @GrujaRS
October 17th 2020
Jakub Kroustek found new Dharma ransomware variants that append the .Crypt and .LCK extension to encrypted files.
@Glacius_ found a copy of BlackKingdom ransomware that was renamed to Pransomware.
October 18th 2020
Michael Gillespie found a new STOP ransomware variant that appends the .efji extension to encrypted files.
October 19th 2020
The U.S. Department of Justice has charged six Russian intelligence operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the notorious NotPetya ransomware attack.
Marcelo Rivero found a new ransomware named Vaggen that appends the .VAGGEN extension and drops ransom notes named ABOUT_UR_FILES.txt and AboutYourFiles.txt.
October 20th 2020
The operators of Darkside ransomware have donated some of the money they made extorting victims to nonprofits Children International and The Water Project.