Adhubllka Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 10 |
| First Seen: | January 19, 2011 |
| Last Seen: | March 6, 2020 |
| OS(es) Affected: | Windows |
Cybersecurity analysts have uncovered a new file-locking Trojan plaguing users online. Its name is Adhubllka Ransomware. Most authors of ransomware threats depend on ransomware building kits or readily available code from already established data-encrypting Trojans. This means that even inexperienced cybercriminals can create and spread a ransomware threat easily. It is not yet clear whether the Adhubllka Ransomware is built from scratch or its authors relied on the code of an existing threat to create this pest.
Propagation and Encryption
A large number of cyber crooks who propagate ransomware threats often rely on mass spam email campaigns to distribute their creations. The targeted user would receive an email that contains a bogus message and a corrupted attachment. The fake message’s goal is to trick the users into launching the attached file. Other common methods of distribution are torrent trackers, fraudulent software downloads, compromised advertisement campaigns, etc. The Adhubllka Ransomware will make sure to encrypt all the data on the victim’s system securely. Rest assured that all your images, documents, videos, databases, archives, spreadsheets, audio files, and countless others will be encrypted by this ransomware threat swiftly. When the Adhubllka Ransomware locks a file, it appends a new extension to its name. Victims of the Adhubllka Ransomware will notice that this data-locking Trojan adds a ‘.ADHUBLLKA’ extension to the names of their files. For example, a file called ‘wooden-crate.png’ will be renamed to ‘wooden-crate.png.ADHUBLLKA’ when the Adhubllka Ransomware completes its encryption process.
The Ransom Note
In the next step of the attack, the Adhubllka Ransomware will drop a ransom note on the victim’s desktop. The ransom note contains the attackers’ message, and it is stored in a file named ‘read_me.txt. The creators of the Adhubllka Ransomware do not mention a specific ransom fee that will be required from the victim. However they will demand a hefty sum in exchange for the decryption key you will need to recover your data. Users are required to contact the attackers via email - ‘pr0t3am@protonmail.com.’ It is likely that the attackers will provide further instructions once the victim gets in touch with them. The creators of this data-locking Trojan state that victims who contact them within 72 hours of the attack taking place will receive a discount.
It is never a good idea to contact cybercriminals. They will promise to provide you with a decryption tool that will help you unlock your data, but this is the case rarely. Cyber crooks are not known for their honesty, and it is likely that you will be tricked. This is why a legitimate anti-malware solution should be used to clean your PC and remove the Adhubllka Ransomware safely.
