The Week in Ransomware – January 22nd 2021


Ransomware news is slow this week, with mostly small ransomware variants being released and a small number of attacks reported.

This week’s biggest news is threat actors hacking the IObit forums to host malware for an IObit phishing scam that infected numerous people with the DeroHE ransomware.

This week’s other interesting news is a new threat actor utilizing Windows BitLocker and Diskcryptor to encrypt organization’s file and backup servers. A known attack by this group encrypted 40 servers in an attack on the CHwapi Hospital in Belgium, which disrupted medical care.

Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @DanielGallagher, @LawrenceAbrams, @malwrhunterteam, @serghei, @struppigel, @demonslay335, @VK_Intel, @jorntvdw, @FourOctets, @fwosar, @PolarToffee, @Ionut_Ilascu, @malwareforme, @Seifreed, @GrujaRS, @JakubKroustek, @ffforward, @chum1ng0, @gcluley, @ValeryMarchive, @ExtendedRaavan, @0x4143, @siri_urz, and @Amigo_A_.

January 16th 2021

New FCorp Ransomware

GrujaRS found a new HiddenTear variant that appends the .fcorp extension and drops a ransom note named READ_IT.txt.


January 17th 2021

New DeroHE ransomware

A new ransomware was distributed via a IObit forums hack that appends the .DeroHE extension and drops a ransom note named READ_TO_DECRYPT.html.

DeroHE ransomware

New DIS Dharma ransomware variant

Jakub Kroustek found a new Dharma ransomware variant that appends the .dis extension to encrypted files.

January 18th 2021

IObit forums hacked to spread ransomware to its members

Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.

DeCovid19Bot ransomware discovered

S!ri found a new ransomware that appends the .locked extension and drops a ransom note named ATTENTION!!!!0.txt.

Swanky Wentworth golf club hacked, details of 4000 members stolen in ransomware attack

Members of one of England’s most exclusive golf clubs has warned its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack.

The city of Angers in turn bears the brunt of a cyberattack by…