AslaHora Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 125 |
| First Seen: | July 14, 2017 |
| Last Seen: | March 16, 2023 |
| OS(es) Affected: | Windows |
The AslaHora Ransomware is an encryption ransomware Trojan that also is known as the Malki Ransomware. This happens because the AslaHora Ransomware will mark the affected files with the file extension '.malki,' added to the end of each affected file. The AslaHora Ransomware displays a ransom window with the title 'AslaHora.' The AslaHora Ransomware carries out an effective encryption ransomware attack that seems to target computer users in Europe and North America. The AslaHora Ransomware is a variant of HiddenTear, a well-known encryption ransomware open source platform that has spawned countless ransomware variants that are active today. However, although the AslaHora Ransomware is based on an already known variant of ransomware, the AslaHora Ransomware does not seem to be a member of a larger family of ransomware or a RaaS (Ransomware as a Service) platform and seems to have been created by a stand alone operator.
The Work of the AslaHora Ransomware and Other Ransomware Trojans
The AslaHora Ransomware carries out its attack in a way similar to most other ransomware Trojans, by infecting the victims' computers and encrypting their files. The AslaHora Ransomware then demands the payment of a ransom to restore the affected files. The AslaHora Ransomware can be distributed using spam email attachments or corrupted links online. Using the AES 256 encryption, the AslaHora Ransomware will make the victim's files inaccessible, making them unrecoverable until the victim agrees to pay for a decryption software. However, PC security researchers strongly advise computer users to refrain from paying; it is unlikely that the con artists will restore the affected files to their former state and, furthermore, the payment of these ransoms allows them to carry out other ransomware attacks on innocent computer users.
In its infection process, the AslaHora Ransomware will encrypt the files contained in local drives and on portable memory devices connected to the infected computer. The AslaHora Ransomware also will target files on shared network directories. The AslaHora Ransomware will encrypt files with commonly-used file extensions such as the following:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The files encrypted in the AslaHora Ransomware attack will have the file extension '.malki' added to the end of their names. The AslaHora Ransomware will display a program window named 'AslaHora' that contains the following message:
'ENTER UNLOCK CODE GIVEN BY MALKI!!!
[TEXT BOX]
[check box] I agree that I won't run the malicious program again.
Unlock!'
Dealing with a AslaHora Ransomware Infection
Although it may be impossible to recover the data infected in these attacks, PC security researchers have managed to get hold of the password required to unlock the files affected by the AslaHora Ransomware. Simply enter the unlock code 'MALKIMALKIMALKI' into the text box of the AslaHora Ransomware's ransom notification. With most encryption ransomware Trojans (especially HiddenTear variants like this one) it may be impossible to recover the files that have been affected in the attack. Because of this, computer users need to take preventive measures. The best protection against ransomware attacks like this one is to have backup copies of their files. Having a reliable backup system means that computer users can restore the encrypted files with a backup copy, removing any leverage the con artists have, which allows them to demand a ransom payment from the victim. Apart from backups, the use a reliable security program that is fully up to date is indispensable.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.