This week we saw a new RaaS called CommonRansom, a new DiskCryptor variant, and numerous Dharma variant released. Otherwise, it has been a fairly light news week for ransomware.
Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @demonslay335, @PolarToffee, @struppigel, @malwrhunterteam, @malwareforme, @hexwaxwing, @FourOctets, @DanielGallagher, @BleepinComputer, @fwosar, @jorntvdw, @LawrenceAbrams, @GrujaRS, @china591, @JakubKroustek, @John_Fokker, @Hath3way, and @McAfee_Labs.
October 28th 2018

Two New Dharma Variants

Jakub Kroustek found two new Dharma variants that append the .like or .gdb extension.
October 30th 2018

CommonRansom Ransomware Demands RDP Access to Decrypt Files

A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim's files. The ransomware appends the [old@nuke.africa].CommonRansom extension and drops a ransom note named DECRYPTING.txt.

New .XXXXX Dharma Variant

Jakub Kroustek discovered a new variant of the Dharma Ransomware that appends the .xxxxx and drops a ransom note named FILES ENCRYPTED.txt.

New Vendetta Ransomware

Michael Gillespie discovered the Vendetta Ransomware which renames files to hex and adds the .vendetta extension. It then drops a ransom note named How to decrypt files.txt. An example file name is 6F-12-09-78-15-FF-97-A4-49-66-F5-C6-81-00-3D-42.vendetta.
Kraken Ransomware 2.0.7 Released

MalwareHunterTeam found that Kraken Cryptor 2.0.7.1 beta was released and is demanding 1 BTC as the ransom.

Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims

McAfee reports:
Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that the malware developer had placed the ransomware, masquerading as a security solution, on the website SuperAntiSpyware, infecting systems that tried to download a legitimate version of the antispyware software.
November 1st 2018

New Desktop Ransomware discovered

MalwareHunterTeam discovered the Desktop Ransomware, which prepends Lock. to filenames. Fly shared the pin number to unlock, which is "00114455220033669988554477++//".

November 2nd 2018

New Ransomware using DiskCryptor With Custom Ransom Message

A new ransomware has been discovered that installs DiskCryptor on the infected computer and reboots your computer. On reboot, victims will be greeted with a custom ransom note that explains that their disk has been encrypted and to contact [email]mcrypt2018@yandex.com[/email].

SimmyWare Ransomware Discovered

GrujaRS discovered a new ransomware called SimmyWare that appends the .SIMMYWARE extension and drops a ransom note named SIMMYWARE.txt.

That's it for this week! Hope everyone has a nice weekend!