Privacy Ninja

The Week in Ransomware – September 18th 2020 – Schools Under Attack

The Week in Ransomware – September 18th 2020 – Schools Under Attack

With schools worldwide back in session, ransomware operations are barraging them with cyberattacks that disrupt the start of the school year.

Over the past few weeks, we have seen a steady barrage of attacks against K-12 schools, colleges, and universities where ransomware operators target exposed remote desktop servers and network devices’ vulnerabilities.

To warn education institutions of these attacks, the U.K. National Cyber Security Centre (NCSC) has offered guidance on the steps organizations should perform to harden their defenses.

There have also been disastrous consequences to the attackers on universities, as one attacks thought they encrypted a university, but instead hit an affiliated hospital.

This mistake led to a disruption of emergency care services, which may have caused a patient’s death who had a life-threatening condition.

Thx to this week’s contributors: @LawrenceAbrams, @VK_Intel, @FourOctets, @malwrhunterteam, @jorntvdw, @struppigel, @DanielGallagher, @PolarToffee, @serghei, @fwosar, @malwareforme, @demonslay335, @Seifreed, @Ionut_Ilascu, @NCSC, @SophosLabs, @threatresearch, @AltShiftPrtScn, @Ax_Sharma, @TU_CARE, @Kangxiaopao, @emsisoft, @MarceloRivero, @JakubKroustek, @JAMESWT_MHT, @fbgwls245, and @GrujaRS.

Also Read: Do Not Call Registry Penalty: Important Tips to Consider

September 12th 2020

Fairfax County schools hit by Maze ransomware, student data leaked

Fairfax County Public Schools (FCPS), the 10th largest school division in the US, was recently hit by ransomware according to an official statement published on Friday evening.

September 14th 2020

New Xorist variant

Xiaopao found new Xorist Ransomware variant that append the .BD extension.

New Chuk Dharma variant

Xiaopao found new Dharma Ransomware variant that append the .chuk extension.

Emsisoft releases a Crypt32 decryptor

Emsisoft has released a decryptor for the Crypt32 ransomware.

New AHP Dharma ransomware variant

Marcelo Rivero found a new Dharma Ransomware variant that appends the .AHP extension to encrypted files.

Emsisoft releases a Cyborg ransomware decryptor

Emsisoft has released a decryptor for the Cyborg ransomware that supports the .petra, .EncryptedFilePayToGetBack, .Cyborg1, and .LockIt extensions.

New Nefilim ransomware variant

Michael Gillespie found a new Nefilim variant that appends the .MEFILIN extension and drops a ransom note named MEFILIN-README.txt.

New STOP ransomware variant

Michael Gillespie found a new STOP variant that appends the .npph extension to encrypted files.

Also Read: 5 Brief Concepts Between Data Protection Directive vs GDPR

September 15th 2020

New Zeoticus 2.0 ransomware

Michael Gillespie found a new ransomware called Zeoticus 2.0 that appends the extension “[email protected]” and drops a ransom note named README.html.

New Demonware ransomware

JAMESWT found the new Demonware python ransomware.

New PewPew ransomware destroys files

GrujaRS found a new PewPew Ransomware that appends the .abkir extension and wipes files.

September 16th 2020

University Hospital New Jersey hit by SunCrypt ransomware, data leaked

University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data.

LockBit ransomware launches data leak site to double-extort victims

The LockBit ransomware gang has launched a new data leak site to be used as part of their double extortion strategy to scare victims into paying a ransom.

New TEREN Dharma variant

Jakub Kroustek found a new variant of the Dharma ransomware that appends the .TEREN extension.

New Xorist ransomware variant

Michael Gillespie found a new Xorist Ransomware variant that appends the .YOURPCISHACK16024752552658 extension to encrypted files.

New DogeCrypt DesuCrypt variant

dnwls0719 found a new DesuCrypt variant that calls itself DogeCrypt and appends the .DogeCrypt extension.

September 17th 2020

Maze ransomware now encrypts via virtual machines to evade detection

The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine.

Ransomware attack at German hospital leads to death of patient

A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.

New Xorist variant

Xiaopao found new Xorist variant that append the .TAKAextension.

New BlackHeart ransomware found

Xiaopao found new BlackHeart variant that .Alix1011RVA extension and drops a ransom note named ReadME-Alix1011RVA.

New LINA Dharma variant

Xiaopao found a new Dharma ransomware variant that appends the .lina extension to encrypted files.

New ransomware targeting Vietnam

MalwareHunterTeam found a new ransomware that targets Vietnam.

September 18th 2020

U.K. warns of surge in ransomware threats against education sector

The U.K. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware incidents targeting educational institutions, urging them to follow the recently updated recommendations for mitigating malware attacks.

Leading U.S. laser developer IPG Photonics hit with ransomware

IPG Photonics, a leading U.S. developer of fiber lasers for cutting, welding, medical use, and laser weaponry has suffered a ransomware attack that is disrupting their operations.

That’s it for this week! Hope everyone has a nice weekend!



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us