What a week. Every day we see a new city, police station, college, government agency, or company being affected by a ransomware attack. To make matters worse, they are getting hit with targeted ransomware that asks for a hefty price to get a decryptor.

This week we also saw the first real analysis of the MegaCortex Ransomware when a sample was found by MalwareHunterTeam. Along with this sample, though, came a wave of attacks that affected many organizations.

All I can say is: Backup, backup, backup! If you have working backups, ransomware is ineffective and you can shrug it off. Make sure your backups work and that you have a good policy in place.

Contributors and those who provided new ransomware information and stories this week include: @malwrhunterteam, @malwareforme, @fwosar, @hexwaxwing, @LawrenceAbrams, @BleepinComputer, @jorntvdw, @FourOctets, @DanielGallagher, @Seifreed, @struppigel, @PolarToffee, @demonslay335, @VK_Intel, @coveware, @FBI, @CrowdStrike, @PortSwigger, @emsisoft, @avast_antivirus, @petrovic082, @M_Shahpasandi, @serghei, @Ionut_Ilascu, @pushecx, and @GrujaRS.

July 13th 2019

Emsisoft released a decryptor for imS00rry Ransomware.

Petrovic‏ found a new ransomware called SkyStars.

Amigo-A found a new Matrix Ransomware variant that appends the .[Kromber@tutanota.com] extension and drops a ransom note named #_#ReadMe#_#.rtf.

July 14th 2019

Another public administration in the U.S. surrenders cybercriminal demands as La Porte County, Indiana, pays $130,000 to recover data on computer systems impacted by ransomware.

Jakub Kroustek found a new Dharma Ransomware variant that appends the .1BTC extension to encrypted files.

July 15th 2019

Malware researchers have discovered a new file-encrypting malware they dubbed DoppelPaymer that has been making victims since at least mid-June, asking hundreds of thousands of US dollars in ransom.

July 16th 2019

The average payment demand following a ransomware attack has almost doubled in the second quarter of the year and victims have Ryuk and Sodinokibi to blame.

In an FBI Flash Alert, the FBI has released the master decryption keys for the Gandcrab Ransomware versions 4, 5, 5.0.4, 5.1, and 5.2. Using these keys, any individual or organization can create and release their very own GandCrab decryptor.

Michael Gillespie found a new variants of the STOP DJvu Ransomware that append the .budak or .herad extension to encrypted files.

M. Shahpasandi found a new variant of the Cry36/Nemesis Ransomware that appends the .id_**********_.YOUR_LAST_CHANCE extension to encrypted file names.

Libraries across Onondaga County continue to deal with service issues caused by a cyber attack discovered last Friday.

July 17th 2019

Some ransomware authors get the cryptography right, but make web security mistakes that leave their command and control (C2) infrastructure vulnerable to attacks.

Michael Gillespie found a new variant of the STOP DJvu Ransomware that appends the .berosuce extension to encrypted files.

Michael Gillespie updated his STOP DJvu Ransomware decryptor to support the offline keys for the .godes, .budak, .heran, and .berosuce extensions.

Karsten Hahn reported that a spam wave targeting Germany was distributing the Sodinokibi Ransomware.

Tampa-based community radio station WMNF 88.5-FM is stepping up cybersecurity after its computer systems were hobbled by ransom-seeking hackers last month.

GrujaRS found a new variant of the Phobos ransomware that appends the .id[XXXXXX-2224].[zoye1596@msgden.net].actor extension and drops a ransom note named info.txt.

GrujaRS found a new variant of the Ouroboros Ransomware that appends the .[id=xxxxxxx][mail=BackFileHelp@protonmail.com].limbo extension and drops a ransom note named Read-Me-Now.txt.

July 18th 2019

Avast Software has released their own decryptor for the GandCrab Ransomware.

Michael Gillespie found new variants of the STOP DJvu Ransomware that appends the .gusau, .vusad, .madek, or .gehad extensions to encrypted files.

Michael Gillespie updated his STOP DJvu Ransomware decryptor to support the offline keys for the .gehad extensions.

City officials said the attack disrupted the town’s information technology systems. They first received reports of the disruption Thursday morning and have determined it is the Ryuk ransomware virus.

July 19th 2019

A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we will provide a brief look at the MegaCortex Ransomware and how it encrypts a computer.

A flurry of ransomware attacks has been reported this week affecting entities in US states of Georgia, New York, Tennessee, and Florida.

Cloud computing provider iNSYNQ experienced a ransomware attack which forced the company to shut down some of its servers to contain the malware infection from spreading and affecting more customer data.

Lawrenceville police confirmed the FBI and private security experts have been called in to help with the cyberattack that has hijacked the department’s body camera file footage and other department files. It is also the same ransomware that attacked Henry County police, sources say.

GrujaRS found a new variant of the Maoloa Ransomware that appends .Persephone666 extension to encrypted files.

That's it for this week! Hope everyone has a nice weekend!