Back in December 2016, a member posted a forum support topic regarding a new ransomware called Sage, which is a variant of the CryLocker infection. At the time, there was not much known about it and its distribution seemed small as not a lot of victims were reporting being affected by it.
Looking back at the topic, though, since security researcher Kafeine posted and stated that it was being distributed by the RIG exploit kit, it should have tipped me off that it may be something bigger than we thought.
Fast forward a little over a month later to January 21st when ISC Handler and security researcher Brad Duncan posted a new ISC diary entry. In his diary entry, Brad discussed how a new ransomware called Sage 2.0 is now being distributed via SPAM emails. What is even more disconcerting is that the current Sage 2.0 distributor also appears to be one of the actors that we commonly see distributing Cerber, Locky, and now Spora. This means that there is a good potential that there may be an increased distribution of the Sage 2.0 ransomware in the future.
Full Article