The Week in Ransomware – July 17th 2020 – Freshly squeezed – BleepingComputer

With Twitter hackers, 10/10 vulnerabilities, and Cloudflare outages this week, thankfully ransomware has been pretty slow this week.

The biggest news is Orange confirming they were hit with a Nefilim ransomware attack and business customer's data being stolen. We also saw an interesting ransomware that utilizes the Age encryption tool.

Other than that, it has mostly been smaller attackers and new ransomware variants released.

Contributors and those who provided new ransomware information and stories this week include: @demonslay335, @VK_Intel, @struppigel, @malwrhunterteam, @fwosar, @BleepinComputer, @LawrenceAbrams, @Seifreed, @serghei, @DanielGallagher, @PolarToffee, @FourOctets, @jorntvdw, @Ionut_Ilascu, @malwareforme, @JakubKroustek, @xiaopao80087499, @fbgwls245, @Amigo_A_, @campuscodi, and @360TotalSec.

xiaopaofound a new Matrix Ransomware variant that appends the .AL8P extension and drops a ransom note namedReadme_AL8P.rtf.

dnwls0719 found a new FonixCrypter variant that appends the.XINOF extension.

A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files.

Michael Gillespiefound a new STOP Ransomware variant that appends the .repl extension to encrypted files.

Jakub Kroustekfound two new variants of the Dharma Ransomware that append either the .data or .smpl extensionto encrypted files.

The data theft and name-and-shame tactics initiated by Maze in November 2019 and subsequently adopted by multiple other groups have blurred the line between ransomware attack and data breach.

Michael Gillespiefound a new Makop Ransomware variant that appends the .zbw extension and drops a ransom note namedreadme-warning.txt.

Michael Gillespie is looking for a new ransomware that appends the .FastWind extension and drops a ransom note named ransomware.txt.

Recently, 360 Security Center has detected that a file encryption virus in the form of a hoax has appeared on the network. In view of the encrypted file suffix of the virus is named .flowEncryption, we named it flowEncryption file encryption virus.

Orange has confirmed to BleepingComputer that they suffered a ransomware attack exposing the data of twenty of their enterprise customers.

Michael Gillespiefound a new Makop Ransomware variant that appends the .BNFD extension to encrypted files.

Blackbaud, a provider of software and cloud hosting solutions, said it stopped a ransomware attack from encrypting files earlier this year but still had to pay a ransom demand anyway after hackers stole data from the company's network and threatened to publish it online.

Michael Gillespiefound a new Dharma Ransomware variant that appends the .spareextension to encrypted files.

Michael Gillespiefound a new Maoloa Ransomware variant that appends the .Globeimposter-Alpha865qqzextension to encrypted files.

Michael Gillespiefound a new STOP Ransomware variant that appends the .kuusextension to encrypted files.

Originally posted here:
The Week in Ransomware - July 17th 2020 - Freshly squeezed - BleepingComputer