Fortinet’s security researchers have shared information on three new ransomware families named Aerst, ScareCrow, and Vohuk. These are typical ransomware families that target Windows computers and encrypt victim files before demanding a ransom in exchange for a decryption key.
This new ransomware is being employed in a growing number of attacks. Instead of leaving a standard ransom note, Aerst was seen adding the “.aerst” extension to encrypted files and displaying a pop-up window with the attacker’s email address. Vohuk does leave a readme.txt ransom note instructing the victim to email the attackers. Each victim is given a distinct ID by the malware, which appears to be constantly evolving.
According to Fortinet, “the ransomware leaves a distinctive mutex, ‘GlobalVohukMutex,’ which prevents multiple Vohuk ransomware instances from running on the same system.”