Industria_host Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | July 1, 2021 |
| Last Seen: | January 21, 2022 |
| OS(es) Affected: | Windows |
The Industira_host Ransomware aims to infect targeted computers, deploy an encryption routine that locks the files stores there, and then extort its victims for money - a typical ransomware operation. Despite Industria_host being an almost identical copy of the ChupaCabra Ransomware threat, it is still extremely harmful. The strong encryption ensures that all affected files will be rendered inaccessible and unusable. Each locked file will be marked by threat with '.industria_host' appended to its original name. When Industria_host finishes the encryption process, it will proceed to drop a ransom note with instructions from the cybercriminals. The note will be displayed both in a pop-up window and inside a text file named 'HowToDecrypt.txt.'
Victims are left with an extremely short message that consists of two important details. To receive the decryption key and password, they will need to send a ransom of 0.2 BTC (Bitcoin) to the cryptowallet address found in the note. Bitcoin is notorious for having an unstable exchange rate that could swiftly shift in either direction. Currently, the ransom demanded by Industria_host is equal to $7,700. The second detail found in the note is the Telegram account @industria_host that victims can use as a communication channel to reach the ransomware operators.
The full text of the ransom note is:
'IMPORTANT INFORMATION!!!!
All your files are encrypted with industria.host:v.2.0 Reload
To Decrypt:
- Send 0.02 BTC to: 1Eh4f3p2fQVjfyHAyJ2rCqjUgDxPgjJE5q
- Contact me Telegram: @industria_host.'
