The Week in Ransomware – January 22nd 2021
Ransomware news is slow this week, with mostly small ransomware variants being released and a small number of attacks reported.
This week’s biggest news is threat actors hacking the IObit forums to host malware for an IObit phishing scam that infected numerous people with the DeroHE ransomware.
This week’s other interesting news is a new threat actor utilizing Windows BitLocker and Diskcryptor to encrypt organization’s file and backup servers. A known attack by this group encrypted 40 servers in an attack on the CHwapi Hospital in Belgium, which disrupted medical care.
Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @DanielGallagher, @LawrenceAbrams, @malwrhunterteam, @serghei, @struppigel, @demonslay335, @VK_Intel, @jorntvdw, @FourOctets, @fwosar, @PolarToffee, @Ionut_Ilascu, @malwareforme, @Seifreed, @GrujaRS, @JakubKroustek, @ffforward, @chum1ng0, @gcluley, @ValeryMarchive, @ExtendedRaavan, @0x4143, @siri_urz, and @Amigo_A_.
January 16th 2021
New FCorp Ransomware
GrujaRS found a new HiddenTear variant that appends the .fcorp extension and drops a ransom note named READ_IT.txt.
January 17th 2021
New DeroHE ransomware
A new ransomware was distributed via a IObit forums hack that appends the .DeroHE extension and drops a ransom note named READ_TO_DECRYPT.html.
New DIS Dharma ransomware variant
Jakub Kroustek found a new Dharma ransomware variant that appends the .dis extension to encrypted files.
January 18th 2021
IObit forums hacked to spread ransomware to its members
Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.
DeCovid19Bot ransomware discovered
S!ri found a new ransomware that appends the .locked extension and drops a ransom note named ATTENTION!!!!0.txt.
Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack
Members of one of England’s most exclusive golf clubs has warned its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack.