List of New Ransomware discovered in last 30 day's.
From 28 May
- The Zcrypt Ransomware is Released
A new ransomware called Zcrypt.
When user infect with Zcrypt it will encrypt user data and add the .zcrypt extension to the filenames. And then demand ransom for decryption key for 1.2 bitcoins.
When user infect with Zcrypt it will encrypt user data and add the .zcrypt extension to the filenames. And then demand ransom for decryption key for 1.2 bitcoins.
- New ransomware called BadBlock was released
A ransomware called BadBlock. When user infect with this, it encrypts user data and then requests 2 bitcoins to get your encryption.
------------------------------
- New Ransomware called JuicyLemon
A ransomware called JuicyLemon. When users PC encrypted by JuicyLemon, they instructed user to email support@juicylemon.biz for payment instructions. Victim's who have sent emails report that, juicylemon requesting 1,000 Euros in order to receive the decryption key.
------------------------------
- Cooking Up Autumn (Herbst) Ransomware.
A ransomware called Herbst that targets German victims. This ransomware will encrypt data files with AES encryption and append the .herbst extension to encrypted files. It will demand approximately ~$50 USD to get a decryption key.
------------------------------
- The new RAA Ransomware is created entirely using Javascript
The RAA Ransomware is created entirely in Javascript.
This ransomware utilizes the CryptoJS library so that AES encryption could be used to encrypt the files.
RAA is currently being distributed via emails as attachments that pretend to be doc files. When the JS file is opened it will encrypt the computer and then demand a ransom of ~$250 USD to get the files back. To make matters worse, it will also extract the embedded password stealing malware called Pony from the JS file and install it onto the onto the victim's computer. Encrypted files will have the .locked extension with filename.
This ransomware utilizes the CryptoJS library so that AES encryption could be used to encrypt the files.
RAA is currently being distributed via emails as attachments that pretend to be doc files. When the JS file is opened it will encrypt the computer and then demand a ransom of ~$250 USD to get the files back. To make matters worse, it will also extract the embedded password stealing malware called Pony from the JS file and install it onto the onto the victim's computer. Encrypted files will have the .locked extension with filename.
------------------------------
- The Ded Cryptor Ransomware thinks you have been Naughty this Year.
A new EDA2 ransomware was discovered called "Ded Cryptor". This ransomware has been around for quite a while and targets both Russian and English speaking victims. They request 2 bitcoins get the decryption key and there is no way to decrypt for free at this time.
When user infected with this it will add .ded extension in filename. Ded Cryptor will also change the wallpaper of the Windows desktop to an image that contains the ransom amount and the email address, dedcrypt@sigaint.org, which the victim is told to email for payment instructions.
------------------------------
- New dr.jimbo@bk.ru Ransomware Discovered
A new ransomware that encrypts your data and add the .encrypted extension and then tells you to email dr.jimbo@bk.ru for payment instructions. At this time there is no way to decrypt encrypted files for free.
- New CryptoShocker Ransomware Fails to Impress
A one more New ransomware has been discovered. that encrypts user data using AES encryption and then demands $200 USD worth of bitcoins to get your files back. When CryptoShocker encrypts a victim's files it will add the .locked extension in filename. It will also create a shortcut on your desktop to their TOR decryption site called ATTENTION.url. The decryption site also contains the cryptoshocker@tutanota.com email for the developer.
------------------------------
- Kozy.Jozy Ransomware
A new ransomware that encrypts a victim's files and sets the background to a ransom note in Russian with the filename "w.jpg" that asks to contact the criminals at kozy.jozy@yahoo.com.
The following extensions are targeted:.cd, .ldf, .mdf, .max, .dbf, .epf, .1cd, .md, .pdf, .ppt, .xls, .doc, .arj, .tar, .7z, .rar, .zip, .tif, .jpg, .bmp, .png, .cdr, .psd, .jpeg, .docx, .xlsx, .pptx, .accdb, .mdb, .rtf, .odt, .ods, .odb, .odg,
Shadow copies are deleted by this ransomware.
Be careful and do not open any emails if you do not know the sender and specifically do not open any attachments and any unknown links unless you are expecting from someone.
because researcher see most of the cyber criminal target users through phishing E-mails.
------------------------------
------------------------------
