Hollycrypt Ransomware

The Hollycrypt Ransomware is a ransomware Trojan that uses an open-source ransomware platform known as Hidden Tear. This open source platform was released as an 'educational ransomware' tool initially. However, since its release con artists have created and liberated numerous ransomware Trojans, including the Hollycrypt Ransomware, that take advantage of this freely available ransomware code to create devastating ransomware attacks that have claimed countless victims around the world. The Hollycrypt Ransomware uses the extension 'Hollycrypt' to identify the files that have been encrypted during the attack. The Hollycrypt Ransomware's ransom note is a text file dropped on the victim's desktop. This file is named 'read_this_shit.txt' and demands that the victim pays a ransom to recover the encrypted files.

How the Hollycrypt Ransomware Carries out Its Attack

The Hollycrypt Ransomware's ransom note does not provide a lot of information about the Hollycrypt Ransomware attack. The Hollycrypt Ransomware ransom note simply states that the victim must pay the ransom in BitCoins or 'Vodka,' to recover from the attack. Most ransom notes used in similar attacks will include details such as deadlines for attack or information about the encryption method used. In the case of the Hollycrypt Ransomware, the victim is simply instructed to contact the email address hollyman137@gmail.com. PC security researchers suspect that the creator of the Hollycrypt Ransomware is an amateur, both for the use of the Hidden Tear encryption and because the attack uses a public email platform, Gmail, which will often collaborate with law enforcement to stop these attacks. Malware analysts strongly advise that computer users avoid paying the ransom or contact the people responsible for this attack. Computer users that have contacted these con artists have reported being asked for additional payment and never receiving the means to restore their files.

The following is the ransom note that is being used in the Hollycrypt Ransomware attack:

'Your Files has been encrypted with the Hollycrypt
Send me some bitcoins or Vodka , Then I will email with an antidote
(>,<) , Email:Hollyman137@gmail.com'

The Strong Encryption Method Used by the Hollycrypt Ransomware

The Hidden Tear ransomware platform is an open-source ransomware Trojan that was released by Utku Sen in 2016. Unfortunately, this ransomware platform, which allowed anyone to encrypt and decrypt data through a combination of the AES and RSA encryption algorithms, put a powerful ransomware creation tool in the hands of amateurs. Malware researchers have since the release of Hidden Tear, uncovered countless ransomware Trojans that abuse this platform to carry out attacks, including the Hollycrypt Ransomware. The Hollycrypt Ransomware may be distributed in corrupted attachments contained in spam emails messages that have references to pornography or cracks for pirated software. In many cases, the emails used to distribute the Hollycrypt Ransomware will use social engineering techniques designed to trick inexperienced computer users into believing that the email is legitimate.

How to Recover from a Hollycrypt Ransomware Attack

Unfortunately, the files that have been encrypted by the Hollycrypt Ransomware are not recoverable without access to the decryption key, which the con artists will hold in their possession. The best way to deal with threats like the Hollycrypt Ransomware is to have backups of all files. This way, after the Hollycrypt Ransomware encrypts the victim's files, the victim can simply restore the compromised file from a backup location. Otherwise, computer users have no choice but to lose their data since paying the ransom associated with the Hollycrypt Ransomware and similar attacks may not result in returned access to the encrypted data. Apart from establishing backups, computer users must be educated to learn to handle emails and email attachments in a safe manner. Malware analysts strongly advise caution when dealing with unsolicited email attachments, and recommend confirming with the source through a phone call or other method to ensure that the attachment is legitimate. A reliable security program can also prevent the Hollycrypt Ransomware from being installed if it has compromised the victim's defenses.