The Week in Ransomware – October 16th 2020 – The weekend is upon us

Trojan Chip

Ransomware continues to target government entities and the enterprise, while victims quietly pay ransoms that power this cycle of attacks.

This week we learned that government software provider Tyler Technologies paid a ransom to obtain a decryptor for their attack.

We also learned about attacks against the Crytek and UbisoftCity of Mt. Pleasant, the London borough of Hackney, International law firm Seyfarth Shaw,  and an attack on Barnes & Noble that caused them to shut down the service powering Nook e-Readers. 

While Hackney and Barnes & Noble have not disclosed that they suffered a ransomware attack, they highly likely have.

This week we also learned that the ThunderX ransomware was part of Ako Ransomware, who renamed their operation Ranzy Locker.

It’s now the beginning of the weekend when ransomware operators come out to play. Monitor your networks for suspicious activity and make sure your admin credentials are secure because there will be a slew of new victims come Monday.

Contributors and those who provided new ransomware information and stories this week include: @fwosar, @demonslay335, @serghei, @Seifreed, @jorntvdw, @Ionut_Ilascu, @struppigel, @BleepinComputer, @LawrenceAbrams, @PolarToffee, @FourOctets, @malwrhunterteam, @malwareforme, @VK_Intel, @DanielGallagher, @ESET, @msftsecurity, @Mandiant, @BrettCallow, @IntelAdvanced, @RobbyCortes, @Bitdefender, @Kangxiaopao, @siri_urz, @Arkbird_SOLG, and @Amigo_A_.

October 10th 2020

Tyler Technologies paid ransomware gang for decryption key

Tyler Technologies has paid a ransom for a decryption key to recover files encrypted in a recent ransomware attack.

October 12th 2020

TrickBot botnet targeted in takedown operations, little impact seen

TrickBot, one of the most active botnets on the planet, recently has suffered some strong blows from actors in the cybersecurity industry aiming at disrupting its operations.

BazarLoader used to deploy Ryuk ransomware on high-value targets

The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware.

New Matrix Ransomware variant

Michael Gillespie found a new Matrix Ransomware variant that appends the .TG33 extension and drops the TG33_INFO.rtf ransom note.

New STOP Ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .foqe extension.

City of Mt. Pleasant falls victim to remote ransomware attack

The City of Mt. Pleasant has fallen victim to a ransomware attack, that is according to city officials.

New Nephilim variant

Siri found a new Nephilim ransomware variant that appends the .MERIN extension.


New Loki Stealer encrypts your files

Arkbird found a new Loki Stealer variant that steals files and then encrypts your computer. When encrypting, it appends the .loki extension to encrypted files.

Anubis stealer panel

October 13th 2020

International law firm Seyfarth discloses ransomware attack

International law firm Seyfarth Shaw announced on Monday that it was the victim of a ransomware attack over the weekend.

London Borough of Hackney suffers ‘serious’ cyberattack

The city council systems for the London Borough of Hackney have been hit with a ‘serious’ cyberattack that impacts many of their services and IT systems.

New Badboymnb Ransomware

xiaopao found the Badboymnb Ransomware that appends the .Badboy extension and drops a ransom note named ReadME-BadboyEncryption.txt.

October 14th 2020

FIN11 hackers jump into the ransomware money-making scheme

FIN11, a financially-motivated hacker group with a history starting since at least 2016, has adapted malicious email campaigns to transition to ransomware as the main monetization method.

Barnes & Noble hit by cyberattack that exposed customer data

​U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data.

Ransomware hits the Bureau of the Fire Department of Puerto Rico

PR announcement

New Philadelphia Ransomware variant

xiaopao found a new Philadelphia Ransomware variant.

Philadelphia ransomware

New Dharma Ransomware variant

xiaopao found the Dharma ransomware variant that appends the .zxcv extension.

New PewPew ransomware variant

Siri found a new PewPew ransomware variant that appends the .artemis extension.

New Scarab Ransomware variant

Amigo-A found a new variant of the Scarab Ransomware that appends the .Bioawards extension and drops ransom notes named Instruction.txt and DECRYPT FILES.TXT.

October 15th 2020

Crytek hit by Egregor ransomware, Ubisoft data leaked

The Egregor ransomware gang has hit game developer Crytek in a confirmed ransomware attack and leaked what they claim are files stolen from Ubisoft’s network.

New STOP Ransomware variant

Michael Gillespie found a new STOP Ransomware variant that appends the .mmpa extension.

New Adhubllka Ransomware

xiaopao found the Adhubllka Ransomware that appends the .see_read_me and drops a ransom note named Read_Me.txt.

Unknown ransomware found

Siri found a new ransomware that appends the .CRPTD extension.


October 16th 2020

ThunderX Ransomware rebrands as Ranzy Locker, adds data leak site

ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom.

Fanduel, Draftkings Data Provider Stats Perform Hit By Ransomware Attack 

Sports data provider Stats Perform has been down for almost a week thanks to a ransomware hack, Legal Sports Report understands.

MaMoCrypt Ransomware Decryption Tool

We’re happy to announce the availability of a new decryptor for MaMoCrypt, a strain of ransomware that appeared in December last year.

New MadDog Ransomware

Michael Gillespie found a new HiddenTear ransomware named MadDog that appends the .id-.[].MadDog to encrypted files.


That’s it for this week! Hope everyone has a nice weekend!

Source: BleepingComputer

Leave a Reply

Your email address will not be published. Required fields are marked *