KEEP IN TOUCH
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!
Ransomware news is slow this week, with mostly small ransomware variants being released and a small number of attacks reported.
This week’s biggest news is threat actors hacking the IObit forums to host malware for an IObit phishing scam that infected numerous people with the DeroHE ransomware.
This week’s other interesting news is a new threat actor utilizing Windows BitLocker and Diskcryptor to encrypt organization’s file and backup servers. A known attack by this group encrypted 40 servers in an attack on the CHwapi Hospital in Belgium, which disrupted medical care.
Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @DanielGallagher, @LawrenceAbrams, @malwrhunterteam, @serghei, @struppigel, @demonslay335, @VK_Intel, @jorntvdw, @FourOctets, @fwosar, @PolarToffee, @Ionut_Ilascu, @malwareforme, @Seifreed, @GrujaRS, @JakubKroustek, @ffforward, @chum1ng0, @gcluley, @ValeryMarchive, @ExtendedRaavan, @0x4143, @siri_urz, and @Amigo_A_.
Also Read: What Is A Governance Framework? The Importance And How It Works
GrujaRS found a new HiddenTear variant that appends the .fcorp extension and drops a ransom note named READ_IT.txt.
A new ransomware was distributed via a IObit forums hack that appends the .DeroHE extension and drops a ransom note named READ_TO_DECRYPT.html.
Jakub Kroustek found a new Dharma ransomware variant that appends the .dis extension to encrypted files.
Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.
S!ri found a new ransomware that appends the .locked extension and drops a ransom note named ATTENTION!!!!0.txt.
Members of one of England’s most exclusive golf clubs has warned its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack.
The services of the metropolis are also affected by an attack which entered its final phase on the night of Friday 15 to Saturday 16 January. A “long” cleaning and restoration process is expected.
Raavan Extended found a new STOP ransomware variant that appends the .COOS extension.
Amigo-A found a new STOP ransomware variant that appends the .wbxd extension.
Amigo-A found a ransomware with a Pulp Fiction theme that uses the company name or domain as the extension, and drops a ransom note named read_this.txt.
The vehicle rental company reveals that it was the victim of a computer attack at the start of the year. Thanks to a data backup, the activity was not affected.
Amigo-A found the Cring Ransomware that appends the .cring extension and drops a ransom note named deReadMe!!!.txt.
The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker.
0x4143 discovered a new ransomware that appends the .cnh extension to encrypted files.
Also Read: Website Ownership Laws: Your Rights And What These Protect
TheAnalyst found a ransomware pretending to be TeslaCrypt that appends the .0l0lqq extension. The real TeslaCrypt shut down in 2016.
A spokesperson for Colliers verified that it had been targeted by a cyberattack after IT World Canada confronted the company about a listing on the dark web by the Netfilm ransomware gang – a listing which suggests that the firm was hit by the gang, and that Colliers’ files were copied.
Amigo_A found a new variant of the Flamingo ransomware that appends the .DoNotWorry exension and drops a ransom note named #ReadThis.TXT and #ReadThis.HTA.
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
Latest resources sent to your inbox weekly
© 2025 Privacy Ninja. All rights reserved
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!