This week was mostly about small ransomware variants being released, but we did have some big stories. First, we have HC7, which is targeting entire networks through hacked remote desktop services, then we had StorageCrypt being installed on NAS devices using SambaCry, and finally we have county computers of Mecklenburg County, North Carolina being infected with LockCrypt.
While malspam is still a large component of ransomware, the trend towards targeting entire networks by hacking exposed remote desktop services is definitely on the uptick. Whoever is currently using remote desktop and has it connected directly to the Internet really needs to put it behind a VPN.
Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @PolarToffee, @FourOctets, @Seifreed, @malwrhunterteam, @struppigel, @fwosar, @demonslay335, @hexwaxwing, @jorntvdw, @DanielGallagher, @campuscodi, @LawrenceAbrams, @BleepinComputer, @siri_urz, @myfox9, @themonsterpus, @0xec_, @JakubKroustek .
December 2nd 2017
Jakub Kroustek found a new Blind ransomware variant that appends the .napoleon extension and drops a ransom note named How_Decrypt_Files.hta.
Karsten Hahn discovered the in-dev Stupid variant called Eternity Ransomware that crashes because of a missing audio file. Appends the .eTeRnItY extension to encrypted files.
Karsten Hahn discovered a new variant of a Vietnamese JCoder ransomware that appends .MTC to encrypted files.