The Week in Ransomware – April 23rd 2021

The Week in Ransomware – April 23rd 2021


This week has been brutal, not because of many ransomware variants released but due to a single ransomware campaign that affected thousands of people.

Last weekend started with a new infection called Nitro Ransomware that demanded Discord Nitro gift code rather than cryptocurrency to decrypt files.

It got really busy, though, on Tuesday when a Qlocker ransomware attack began exploiting vulnerabilities in QNAP NAS storage devices to encrypt device’s files with the 7zip program.

This attack is the largest one this year that has affected the most people at once, ranging from business owners to consumers using their NAS devices to store family photos and movies.

While this attack has slowed down, we continue to see a steady trickle of new victims.

Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @FourOctets, @serghei, @jorntvdw, @DanielGallagher, @VK_Intel, @struppigel, @malwrhunterteam, @fwosar, @demonslay335, @BleepinComputer, @malwareforme, @PolarToffee, @Ionut_Ilascu, @Seifreed, @campuscodi, @snlyngaas, @jackhcable, @vxunderground, @IntelAdvanced, @JakubKroustek, @fbgwls245, @chum1ng0, @PogoWasRight, @GrujaRS, @Amigo_A_, and @3xp0rtblog.

April 17th 2021

Ryuk ransomware operation updates hacking techniques

Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.

New Zeoticus ransomware variant

GrujaRS found a new Zeoticus 2.0 ransomware variant that appends the .pandora extension and drops a ransom note named .pandoraREADME.html.


Babuk Locker claims to have fixed bugs

3xp0rt found a post by Babuk Locker where they state they fixed bugs found in their ransomware.

Babuk post

April 18th 2021

Discord Nitro gift codes now demanded as ransomware payments

In a novel approach to ransom demands, a new ransomware calling itself ‘NitroRansomware’ encrypts victim’s files and then demands a Discord Nitro gift code to decrypt files.

April 19th 2021

New Xorist Ransomware variant

dnwls0719 found a new Xorist ransomware variant that appends .btCry_zip and drops a ransom note HOW TO DECRYPT FILES.txt.

April 20th 2021

REvil gang tries to extort Apple, threatens to sell stolen blueprints

The REvil ransomware gang asked Apple to “buy back” stolen product blueprints to avoid having them leaked on REvil’s leak site before today’s Apple Spring Loaded event where the new iMac was introduced. 

April 21st 2021

Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices

A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.

New Dharma ransomware variants discovered

Jakub Kroustek found two new Dharma Ransomware variants that append the .2122 and .HPJ extensions.

New Bentley Nefilim variant

dnwls0719 found a new Nefilim Ransomware variant that appends the .BENTLEY extension and drops a ransom note named BENTLEY-HELP.txt.

April 22nd 2021

Ransomware gang wants to short the stock price of their victims

The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets.

Stanford student finds glitch in ransomware payment system to save victims $27,000

The hackers behind a nascent strain of ransomware hit a snag this week when a security researcher found a flaw in the payment system and, he says, helped victims save $27,000 in potential losses.

You May Also Like…