New Ransomware Overview, January 11-17, 2021


The past week was marked by a number of interesting events, although overall it turned out to be quite calm in terms of incidents involving ransomware.


In particular, the source code of the ransomware ChastityLock, which is used to carry out attacks on users of the "smart" Bluetooth male chastity lock, is publicly available for research purposes.

Security researcher Jakub Kroustek has discovered three new variants of Dharma ransomware that add the .hub, .aol or .14x extension to encrypted files.


Intel announced at CES 2021 that it is embedding hardware-based ransomware detection in its recently announced 11th Gen Core vPro business processors. Detection hardware uses Intel Threat Detection Technology (Intel TDT) and Hardware Shield, running directly on the CPU under the operating system and firmware levels.


Bitdefender announced the release of a free tool that organizations and companies can use to recover files encrypted by the DarkSide ransomware.


Security researchers using the Raavan Extended and Amigo-A aliases have discovered new variants of the STOP ransomware that add .qlkm and .coos extensions to files. Amigo-A also discovered a new variant of Flamingo ransomware that adds the .LIZARD extension and sends a ransom note named ReadThis.txt.


One of the world's largest developers and publishers of computer games, the Japanese corporation Capcom, has published new details about the investigation into a cyber attack on its networks that took place in November last year. According to updated data, the incident could have affected about 390 thousand people.


A security researcher using the alias xiaopao has discovered a new ransomware that adds the .judge extension and leaves a ransom note named info.txt.


Information security expert Thomas Barabosch from Telekom spoke about the criminal activities of the financially motivated group TA505 (also known as FIN11), which organized the Big Game Hunting campaign to introduce ransomware CL0P.


The MalwareHunterTeam information security team has discovered a new malicious application for Android that contains ransomware capabilities. According to experts, the malware is a new variant of Lucy ransomware.

A security researcher using the alias GrujaRS discovered a new variant of the HiddenTear ransomware called ByteLocker , which encrypts files without adding an extension, and a BlackHeel variant that adds the .a extension to encrypted files. GrujaRS also discovered a new ransomware Epsilon that adds the .boom extension and sends a ransom note READ_ME.hta.


Security researcher Vitali Kremez analyzed the new REvil sample and found it very similar to the DarkSide ransomware.


Scottish Environment Protection Agency (SEPA), the Scottish Environment Protection Agency (SEPA), was the victim of a major cyber -ransomware attack on Christmas Eve .

Previous Post Next Post