As we creep towards the end of the summer, things have started to thankfully slow down a bit.

While there are still plenty of ransomware attacks going around, the amount we had seen last month against schools, companies, and government agencies has definitely decreased.

The biggest news was a wiper called GermanWiper targeting Germany and pretending to be a ransomware. Otherwise, for this week we mostly saw new variants of existing ransomware being released.

Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @malwareforme, @struppigel, @BleepinComputer, @demonslay335, @Seifreed, @FourOctets, @LawrenceAbrams, @malwrhunterteam, @fwosar, @PolarToffee, @thyrex2002, @cybereason, @leotpsc, @Accenture, @JakubKroustek, @adrian__luca, @tkanalyst, @jeromesegura, @Malwarebytes, @Jan0fficial, @emsisoft, @virusbay_io, @VK_Intel, @James_inthe_box, and @raby_mr.

August 3rd 2019

Jakub Kroustek found a new variant of the Dharma ransomware that appends the .Q1G extension to encrypted file names.

August 4th 2019

Multiple German companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware targeted them and asked for a ransom. This wiper is being named GermanWiper due to its targeting of German victims and it being a destructive wiper rather than a ransomware.

August 5th 2019

A decryptor for the eCh0raix Ransomware, or QNAPCrypt, has been released that allows victims to recover encrypted files on their QNAP NAS devices.

Alex Svirid found a new ransomware called Paradise Team and appending the .junior extension to encrypted files.

iDefense engineers have identified and analyzed a recently updated version of the dangerous ransomware MegaCortex, which is known to have previously caused costly incidents across various industries in Europe and North America.

In April of 2019, the Cybereason Nocturnus team encountered and analyzed a new type of ransomware dubbed Sodinokibi. Sobinokibi is highly evasive, and takes many measures to prevent its detection by antivirus and other means.

Michael Gillespie found two new STOP DJvu variants that append the .zatrov or .prandel extensions to encrypted file names.

August 6th 2019

A new kit for web-based attacks calling itself Lord EK has been spotted at the beginning of the month as part of a malvertising chain that uses the PopCash ad network.

Michael Gillespie found a new STOP DJvu variant that appends the .brusaf extension to encrypted file names.

Michael Gillespie updated his STOP Djvu decryptor to support the offline keys for the .nelasod, .mogranos, .lotej, .prandel, .zatrov, .masok extensions.

Jan discovered the new Arsium Ransomware Builder being prompted on malware forums.

August 7th 2019

Vitali Kremez found a new variant of the MegaCortex Ransomware that users the MEGA-G6= marker.

Raby found a new variant of the Phobos Ransomware that appends the .help extension to encrypted file names.

August 8th 2019

The threat of ransomware is more prevalent in the U.S., with more than half of the global detections originating from this country, a new report informs

JSWorm 4.0 is a ransomware written in C++ that uses a modified version of AES-256 to encrypt files, and adds the extension ".[ID-][].JSWRM to files.

Luckily for us, ransomware developers are not always as professional as they wish and sometimes, they make mistakes that allow us to recover the kidnapped files without having to pay the ransom. That’s exactly what happened with a ransomware called Whiterose.

Michael Gillespie found a new STOP DJvu variant that appends the .londec extension to encrypted file names.

MalwareHunterTeam found a new ransomware called SkidPatrol.

That's it for this week! Hope everyone has a nice weekend!