New ‘DeepBlueMagic’ Ransomware Discovered by Heimdal Security Researchers
A new ransomware variant has been detected by researchers at Heimdal Security that is being used by a threat group that calls itself DeepBlueMagic. The ransomware differs considerably from all other previously identified ransomware strains.
Heimdal Security researchers discovered the new ransomware variant on Wednesday, August 11, 2021, which had been used in an attack on a device running Windows Server 2012 R2. The analysis of the attack revealed DeepBlueMagic ransomware works completely differently to any other ransomware encountered in the past.
The researchers determined DeepBlueMagic ransomware disables security solutions installed on devices to prevent detection, then proceeds to encrypt entire hard drives using a third-party disk encryption tool rather than files. All drives on the targeted server are encrypted with the exception of the system drive (“C:\” partition).
The ransomware uses BestCrypt Volume Encryption software from Jetico. In the attack,...