'hnumkhotep@india.com' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 8 |
First Seen: | January 6, 2017 |
Last Seen: | March 6, 2020 |
OS(es) Affected: | Windows |
The 'hnumkhotep@india.com' Ransomware is a ransomware Trojan that is used to force computer users to pay large sums to recover their files, which are taken hostage by this threat. The 'hnumkhotep@india.com' Ransomware belongs to the same family as the Globe Ransomware, a family that is notable for leaving very short ransom notes and for carrying out a simple, but effective ransomware attack. The 'hnumkhotep@india.com' Ransomware first appeared in the initial days of 2017. There is little to distinguish the 'hnumkhotep@india.com' Ransomware from other members of the Globe Ransomware family of encryption ransomware Trojans. The 'hnumkhotep@india.com' Ransomware may spread using corrupted email attachments that use macros to download and install corrupted content on the victim's computer. DOC files that use corrupted macros have become one of the preferred distribution methods for ransomware since Summer 2016.
Assimilating the 'hnumkhotep@india.com' Ransomware Infection
The 'hnumkhotep@india.com' Ransomware has been spread with pornographic materials, as well as through spam email messages that use social engineering tactics to trick computer users into opening the attached file. The corrupted DOC files use a macro that makes the Windows operating system download and runs an executable file hosted on a remote server. This executable file is the 'hnumkhotep@india.com' Ransomware's Trojan dropper, which drops the 'hnumkhotep@india.com' Ransomware files onto the victim's computer. This distribution method may bypass anti-virus programs, as well as the Windows User Control. A good way to prevent it from being carried out is to disable automatic execution of macros. Once the 'hnumkhotep@india.com' Ransomware is installed, it is placed in the victim's Temp folder under a random name. The 'hnumkhotep@india.com' Ransomware and other Globe Ransomware variants may be disguised as PDF files or image files of different types, a method designed to make it difficult to find the files associated with this threat.
How the 'hnumkhotep@india.com' Ransomware Carries out Its Attack
The 'hnumkhotep@india.com' Ransomware attack is straightforward, unlike other threats that include full-disk encryption or even DDoS attack. The 'hnumkhotep@india.com' Ransomware simply encrypts the victim's files using the AES-256 encryption, then encrypts the private key using the RSA-512 encryption. The decryption key is hosted on the 'hnumkhotep@india.com' Ransomware's Command and Control servers, under the control of the people responsible for this attack. Without the decryption key, it may become impossible to recover the encrypted files. The 'hnumkhotep@india.com' Ransomware takes the victim's files hostage, demanding the payment of a large ransom in exchange for the decryption key necessary to unlock the affected files. The encryption method is strong, making it impossible with current technology to decrypt the affected files. The same encryption technology that is used to keep computer users' online communications secure and software developers' intellectual property safe is applied in this case for harmful purposes.
How the 'hnumkhotep@india.com' Ransomware Demands Its Ransom
The files affected by the 'hnumkhotep@india.com' Ransomware will have the file extension '.hnumkhotep@india.com.hnumkhotep,' making it simple to find out which files have been encrypted during the 'hnumkhotep@india.com' Ransomware attack. The files that have been encrypted by the 'hnumkhotep@india.com' Ransomware will become unreadable and will show up on Windows Explorer as blank icons since Windows Explorer is incapable of creating thumbnails for these encrypted files. The people responsible for the 'hnumkhotep@india.com' Ransomware attack ask that victims email them at the 'hnumkhotep@india.com' to receive payment instructions. The ransom amount associated with the 'hnumkhotep@india.com' Ransomware is approximate $200 USD and should be paid in BitCoins. However, malware researchers advise against paying the 'hnumkhotep@india.com' Ransomware ransom. The people responsible for the attack are just as likely to ignore the victim, ask for more money, or deliver a decryption key that doesn't work as it should to restore the victim's files. Even if the result is positive, however, paying the 'hnumkhotep@india.com' Ransomware ransom allows these people to continue creating ransomware Trojans and finance other ill-minded activities.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.