CIP Cyber

Ransomware Top Stories June 2017

Table of Contents

Ransomware has risen by over 250 percent during the first few months of 2017, according to a report Monday by the security firm Kaspersky. The publication of the cybersecurity statistics, which revealed that the U.S. is the country worst affected by the issue, comes as experts warn of a ransomware epidemic in the wake of the WannaCry cyberattack.

Here is an overview of Ransomware Top Stories of June 2017:

June 2, 2017

According to statistics obtained via Shodan, a search engine for online-accessible devices, about 4,500 Hadoop Distributed File System clusters worldwide are susceptible to ransomware attacks due to lack or absence of authentication. The volume of data stored in these databases amounts to some 5 Petabytes. Cybercrooks had already demonstrated back in January 2017 how easily they can compromise Hadoop servers, so the current state of things is a time bomb.

June 5, 2017

Michael Gillespie, member of MalwareHunterTeam (MHT) and author of the ID Ransomware site, updates his Jigsaw Decrypter. The latest version of this utility is capable of decrypting files with the .ram, .tax, and .lost extensions ransomed by the ever-evolving Jigsaw infection.

June 9, 2017

Whereas affiliate models of distributing Windows ransomware have been around for quite some time, this trend hasn’t been the case for macOS environment until now. The Ransomware-as-a-Service (RaaS) platform called MacRansom looks potent enough to become a game changer in this context.

June 13, 2017

South Korean web hosting provider Nayana falls victim to the Erebus ransomware. This Trojan infected numerous Linux servers belonging to said host. What makes the incident stand out from the crowd is that Erebus used to only compromise Windows based systems and suddenly became a multi-platform threat.

June 14, 2017

A breakthrough in decrypting the Jaff ransomware hits the headlines. Having spotted a flaw in the infection’s crypto, Kaspersky updates their RakhniDecryptor utility to support Jaff editions that stain locked files with the following extensions: .jaff, .sVn, and .wlu. Victims of this probable Locky successor can now get their data back for free.

June 15, 2017

A file-encrypting ransomware sample infects the computer network of University College London. The most likely entry point was a malspam email with contagious attachment inside. The harmful code quickly proliferated throughout UCL’s shared drives and student management system. Antivirus tools reportedly failed to intercept the perpetrating code due to its zero-day nature.

June 19, 2017

Ransomware called SamSam, or Samas, resurfaces after months of inactivity. The comeback turns out a blast as three new variants of this hoax begin making the rounds. These editions append victims’ data items with the .breeding123, .suppose666, or .mention9823 extension.

June 20, 2017

The Nayana web host attack incident mentioned above didn’t end well. As a result of negotiations with the threat actors, the ransomed company agrees to pay $1 million for decrypting data on its 153 Linux servers. Perhaps the upshot of this whole compromise wouldn’t have been so awful if it weren’t for the fact that about 3,400 customer websites got affected along the way.

June 21, 2017

The WannaCry ransomware, which gained notoriety for its worldwide reach and sophisticated distribution tactics, continues wreaking havoc a month after the original outbreak. Its new high-profile target is the Honda car plant in Japan. The attack forces the vehicle manufacturer to halt production until the issue is addressed.

June 22, 2017

A new massive wave of malicious spam starts delivering the payload of Locky ransomware’s brand new edition. Fortunately, the cryptographic routine of this sample is shoddy. It fails to perform encryption on Windows 7 and later operating system builds equipped with the Data Execution Prevention (DEP) feature. Therefore the pest only functions on Windows XP and Vista.

June 23, 2017

The FBI’s Internet Crime Complaint Center (IC3) provides some interesting ransomware statistics in the most recent edition of the Internet Crime Report. According to the analysts’ findings, most ransomware victims do not report the attacks to law enforcement agencies, so the official numbers aren’t even close to reflecting the real scope of the epidemic.


June 27, 2017

A revamped version of the destructive Petya ransomware is discovered. Referred to as NotPetya or PetrWrap, this strain mainly zeroes in on Ukraine, a country in East Europe that’s in a state of military conflict with Russia. Experts believe this geo-targeting of the NotPetya campaign is an indication of its Russian origin. The prevalent distribution channel involves a malicious update for M.E.Doc, accounting software widely used in Ukraine.

June 29, 2017

Cerber ransomware is renamed to CRBR Encryptor. The updated infection features diversified propagation. It is spreading via the Magnitude exploit kit as well as trojanized JavaScript email attachments. The offending program drops a combo of HTA and TXT ransom notes and turns filenames into gibberish strings appended with a four-character extension.

To prevent ransomware attacks, organizations are required to have their harddrive backed up time to time. It will make ransom attack useless, and showcase your readiness towards cyber incindents.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings