Decryption keys for the Dharma strain of ransomware have been released.

A spam campaign has started spreading Sage ransomware, while a ransomware service known as Satan allows users to customize distribution.

In addition to encrypting files, a new strain of ransomware, FireCrypt, also attempts to carry out a weak DDoS attack.

The master decryption keys unlocking files encrypted by the CrySis ransomware have been released. Kaspersky Lab has already updated its Rakhni decryptor to help victims restore their data.

Ransomware purporting to come from a phony government agency, something called the Central Security Treatment Organization, has been making the rounds, researchers say. The ransomware, which is already known by a number of names including Cry, CSTO ransomware, or Central Security Treatment Organization ransomware, uses the User Datagram Protocol (UDP) to communicate and the photo sharing service Imgur and Google...

A recent run of attacks against Linux servers called Fairware has been traced to insecure internet-facing Redis installations that hackers have abused to delete web folders and, in some cases, install malicious code. Redis is an open source tool used by web application developers for the purpose of quickly caching data. The tool’s developers configured Redis...

Linux server admins are reporting attacks resulting in the disappearance of the server’s web folder and websites being down indefinitely. Posts to the forums on the BleepingComputer website corroborate a number of such attacks, most likely intrusions powered by brute-force attacks against SSH, according to one of the victims. In each instance, the web folder...

It didn’t take long for attackers to start capitalizing on the popularity of Pokémon GO. Shortly after Niantic, the company behind the now ubiquitous app, released it last month, researchers spotted a malicious, backdoored version of the app on a file repository service. Now attackers are pushing SMS spam messages to entice Pokémon GO players to visit...

For the second time since June 1, the handlers of CryptXXX ransomware have changed their ransom note and Tor payment site. More importantly to those developing detection signatures and administrators, this update no longer makes changes to the file extensions of encrypted files. “To make it more difficult for administrators, this release no longer uses...

We’ve already seen ransomware take on many forms this year, but researchers this week claim they’ve noticed a new strain unlike any they’ve seen prior–a type composed entirely of JavaScript. The ransomware, dubbed RAA by researchers, has been circulating through attachments masquerading as Word .doc files according to Lawrence Abrams, who wrote about the malware late...