That's what Larry Abrams from Bleepingcomputer started out with yesterday, and he was right! We have had six new ransomware strains, one new RaaS (Ransomware-as-a-Service) and one major update of an existing strain. To start off with the last:
CryptXXX v2.0 - Version 2.0 of CryptXXX was released, which defeated the free decryption tool that Kaspersky released last week. ProofPoint has a great article on this new version. However, Kaspersky quickly fixed their decryptor which now handles the V2.0 CryptXXX files.
Enigma Ransomware - A new ransomware called the Enigma Ransomware was discovered that targets Russian speaking victims. This is fairly uncommon because if anything ransomware typically avoids encrypting Russian victims.
Shujin Ransomware - This could be the first ransomware that specifically targets Chinese victims. The ransom notes, web pages, and decryption tools are all written in Chinese and decryption process are super complicated. A great write-up on this infection can be found on the Nyxbone blog.
GNL Locker - GNL Locker, or German Netherlands Locker, has been around for a while now, but we were just able to get a sample to examine this week. When this ransomware is run it will check the computer's IP address and only encrypt the machine if they are located in the Netherlands of Germany.
CryptoHitman - The developers behind the Jigsaw Ransomware released a new version called CryptoHitman. This time they are using Agent 47 of the Hitman video game and movie franchise as their logo. The locker screen will also include many pornagraphic images on it and and will add the .porno extension to encrypted files. A detailed write-up on this infection can be found here: Jigsaw Ransomware becomes CryptoHitman with Porno Extension
Crypren Ransomware - It was heavily pushed this week. The Crypren ransomware will encrypt your data, append the .ENCRYPTED extension to encrypted files, and thankfully, someone named pekeinfo has already created a working decryptor for this ransomware.
Latest Petya v2.0 Comes Loaded with Double-Barrel Ransomware Attack - Remember, Petya is a new type of ransomware that doesn’t encrypt specific files but makes the entire hard drive inaccessible by overwriting the master boot record. A new version of the Petya installer was released with a really "interesting" feature.
