A new sample of the DanaBot trojan has been spotted in a recent campaign. Operators behind the malware have now included a ransomware component into its code, along with new string encryption and communications protocols. The update represents a significant upgrade to the malware. Researchers say they have devised a possible way to recover files encrypted by the newly added DanaBot ransomware component. DanaBot campaigns have migrated to Europe and are now dropping executable files containing ransomware written in the programming language Delphi. Additional capabilities include stealing browser credentials, running a local proxy to manipulate web traffic.
Source: https://threatpost.com/danabot-ransomware-arsenal/145863/

