The Week in Ransomware – January 15th 2021


It has been another quiet week for ransomware, though we did have some interesting stories come out this week.

By far, the most interesting is the news about ChastityLocker – ransomware that exploits vulnerabilities in men’s chastity belts (not joking) so that they can’t unlock them.

Other interesting news is Intel’s announcement that their new vPro chips will have built-in hardware ransomware detection and BitDefender released a decryptor for the DarkSide ransomware.

Unfortunately, after the decryptor was released, the DarkSide operation announced that they fixed the weakness allowing the decryptor to work.

DarkSide message

Contributors and those who provided new ransomware information and stories this week include: @struppigel, @Ionut_Ilascu, @VK_Intel, @BleepinComputer, @FourOctets, @serghei, @Seifreed, @malwrhunterteam, @demonslay335, @DanielGallagher, @fwosar, @malwareforme, @jorntvdw, @PolarToffee, @LawrenceAbrams, @Telekom_group, @LukasStefanko, @GrujaRS, @Bitdefender, @vxunderground, @JakubKroustek, @M_Shahpasandi, @Kangxiaopao, @ExtendedRaavan, and @Amigo_A_.

January 9th 2021

Hacker used ransomware to lock victims in their IoT chastity belt

The source code for the ChastityLock ransomware that targeted male users of a specific adult toy is now publicly available for research purposes.

January 10th 2021

Three new Dharma ransomware variants

Jakub Kroustek found three new Dharma ransomware variants that append the .hub, .aol, or .14x extension to encrypted files.

January 11th 2021

Intel adds hardware-based ransomware detection to 11th gen CPUs

Intel announced today at CES 2021 that they have added hardware-based ransomware detection to their newly announced 11th generation Core vPro business-class processors.

DarkSide ransomware decryptor recovers victims’ files for free

Romanian cybersecurity firm Bitdefender has released a free decryptor for the DarkSide ransomware to allow victims to recover their files without paying a ransom.

New STOP ransomware variant

Raavan Extended found a new STOP Ransomware variant that appends the .qlkm extension.

New STOP ransomware variant

Amigo-A found a new STOP Ransomware variant that appends the .coos extension.

New Flamingo ransomware…