Various upgraded versions of ransomwares active, affected users may not be able to recover data


    4th March 2022 – (Hong Kong) As the Chinese saying goes, “As virtue rises one foot, vice goes ten”. Whenever people think that they have become fully immune to cyber attacks, hackers will also strengthen their attack capabilities and design more complex and lethal malwares. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council has observed there are various upgraded versions of ransomwares such as LockBit being active in the wild. As these upgraded ransomwares have prevented old decryptors from decrypting the encrypted data, affected users are not able to recover the data in the end.

    Besides, wiper malware, which wipes off data in storage devices, has appeared during the current cross-country cyber attacks. There are three wiper malwares, HermeticWiperan, IsaacWiper and WhisperGate, actively performing the attacks. They aim to render the computer systems inoperative, and then display a fake ransomware note on screen. Even if a ransom is paid, the targeted data will still be destroyed and cannot be recovered.

    HKCERT is urging the public to stay alert to such malware attacks, and keep the systems and anti-virus software up-to-date, as well as to perform system backups regularly.

    For information security related incidents, for example, ransomware, phishing, denial of service (DoS) attack, etc., you can report to HKCERT through our online Incident Report Form at  .

    For any questions, please contact HKCERT by email: [email protected] or call its 24-hour hotline: 8105 6060.