Hucky Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 2 |
| First Seen: | October 26, 2016 |
| Last Seen: | February 6, 2020 |
| OS(es) Affected: | Windows |
The Hucky Ransomware is a variant of the Locky Ransomware. In fact, the Hucky Ransomware is nearly identical to this well-known ransomware Trojan, even having a name that is very similar. The Hucky Ransomware carries out an attack that is identical to Locky, as well as having a ransom note that nearly identical. There are countless variants of the Locky Ransomware, which include the Hucky Ransomware. However, in the last month, October of 2016, several new Locky variants have appeared in the wild. This may be due to a con artist group starting to use Locky variants in their attacks, the implementation of a yet unknown RaaS (Ransomware as a Service), or another unknown possibility. Like Locky and other variants of this ransomware Trojan, the Hucky Ransomware will encrypt the victim's files, replacing their extension with '.locky,' and demanding that the victim pays a substantial ransom to receive the decryption key necessary to recover the affected files.
How the Hucky Ransomware and Other Locky Ransomware Variants may Infect Your Computer
The Hucky Ransomware is being distributed through corrupted email attachments. These corrupted email attachments, commonly delivered through email spam, may use subject lines designed to trick inexperienced computer users into opening the message. The subject line may make it seem as if the message contains a receipt or invoice to trick the victim into opening it. The attachment may be a script that will download and install the Hucky Ransomware on the victim's computer. Once the Hucky Ransomware is installed, it will scan the victim's computer in search for certain file types and encrypt them using a strong encryption algorithm. The following file extensions are targeted in the Hucky Ransomware attack:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.
After encrypting all files matching the extensions in the list above, the Hucky Ransomware will drop ransom notes in the form of image, text, and HTML files on the victim's computer.
Dealing with a Hucky Ransomware Infection
Unfortunately, there is currently no decryption utility to help computer users that have been affected by a Locky variant like the Hucky Ransomware. However, it is not recommended to pay the Hucky Ransomware's ransom. This is because there is no guarantee that the con artists responsible for the Hucky Ransomware attack will help computer users recover by providing the decryption key after the payment is carried out. It is equally likely that the con artists will ask for more money or ignore the victim entirely. To deal with a the Hucky Ransomware infection, PC security researchers recommend that computer users wipe the affected hard drive or disinfect it thoroughly and the files that were encrypted be restored from a backup. This is why having backups of all files and keeping those backups regularly updated is the single best preventive measure to protect computer users from ransomware Trojans like the Hucky Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.