Hex911 Ransomware

The Hex911 Ransomware is one of the most recently spotted data-encrypting Trojans. Unfortunately, if you have fallen victim to the Hex911 Ransomware, you will not be able to decrypt your data via a free decryption tool. Users who have not backed up their data may have a hard time recovering any of the affected files.

Propagation and Encryption

The Hex911 Ransomware may be spread via fake spam emails that contain either a corrupted link or a macro-laced attachment that is masked a harmless file. Other popular propagation methods include bogus application updates and downloads, torrent trackers, malvertising campaigns, etc. Once the Hex911 Ransomware manages to compromise your computer, it will trigger a quick scan of the files present on your PC. Next, the Hex911 Ransomware will start locking the targeted data via a secure encryption algorithm. The Hex911 Ransomware is likely to go after a variety of filetypes to ensure maximum damage - .doc, .docx, .jpeg, .jpg, .xls, .xlsx, .pdf, .ppt, .pptx, .rar, .zip, .mp3, .mp4, .mov, .png, .gif, etc. The affected files will receive an additional extension - '.hex911' or '.Bot.' This means that a file that you had named 'ice-cherry.jpg,' originally will be renamed to either 'ice-cherry.jpg.hex911' or 'ice-cherry.jpg.Bot.'

The Ransom Note

The Hex911 Ransomware drops a ransom note on the infected computers to inform the users of the attack and its consequences. The name of the file containing the attackers' ransom message is 'HOW TO DECRYPT FILES.txt.' In the ransom message, the attackers ask for a ransom fee of $1,400 in Bitcoin. They also mention that users who get in touch with them within four days of the attack taking place will receive a discount. However, the creators of the Hex911 Ransomware fail to specify what the discount is. The attackers provide an email address and their Telegram details as a means of communication – ‘H911X@yahoo.com' and '@HEX911.'

There is no good reason to get in touch or pay cybercriminals. Many users who pay authors of ransomware threats never receive the decryption tool they need. You should utilize a reputable, modern anti-virus software suite that will remove the Hex911 Ransomware from your computer.