Nov. 15, 2017. Students of J. Sterling Morton school district, Illinois, become targets in

               an unordinary ransomware campaign. An uncatalogued blackmail virus has been trying

               to  attack  them  via  a  counterfeit  student  survey  propped  by  professionally  tailored

               phishing emails. Although this piece of malicious code doesn’t go with a working crypto

               module thus far, it demonstrates how successful this type of infection vector can get.


               Nov. 14, 2017. Security services provider Dr.Web comes up with a cure for a relatively

               new ransom Trojan that uses the .kill or .blind extension to speckle hostage files. The

               vendor’s tool called Dr.Web Rescue Pack is reportedly capable of decrypting these files

               so  that  victims  don’t  have  to  cough  up  the  ransom.  In  order  to  use  this  software’s

               recovery feature, though, it’s necessary to pay a subscription fee.



               Nov. 13, 2017. The authors of CryptoMix, one of the most prolific ransomware samples

               around,  continue  their  prosaic  filename  tweaking  routine.  The  most  recent  version  of

               this baddie smears encrypted data items with the .XZZX extension token. This iteration

               invariably sticks with the same ransom note named _HELP_INSTRUCTION.txt.



               Nov. 10, 2017. The evolution of the LockCrypt ransomware illustrates how dynamic this

               cybercriminal  ecosystem  is.  It  was  originally  spotted  in  June  as  part  of  a  RaaS

               (Ransomware-as-a-Service)  network  called  Satan.  This  type  of  distribution  implies

               revenue sharing with the proprietor of the malign affiliate platform.


               The crooks behind LockCrypt apparently chose to depart from this scheme. They appear

               to have written their own code from the ground up and no longer use the Satan RaaS

               for proliferation. The culprit is infecting computers via brute-forced RDP services.



               Nov. 9, 2017. A new ransomware specimen dubbed Ordinypt raises a red flag as it is

               more dangerous than the average crypto infection. This one zeroes in on German users

               and organizations. The bad news for all the victims is that Ordinypt completely cripples



                   76    Cyber Defense eMagazine – December 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.