Threat Database Ransomware Adhubllka Ransomware

Adhubllka Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 10
First Seen: January 19, 2011
Last Seen: March 6, 2020
OS(es) Affected: Windows

Cybersecurity analysts have uncovered a new file-locking Trojan plaguing users online. Its name is Adhubllka Ransomware. Most authors of ransomware threats depend on ransomware building kits or readily available code from already established data-encrypting Trojans. This means that even inexperienced cybercriminals can create and spread a ransomware threat easily. It is not yet clear whether the Adhubllka Ransomware is built from scratch or its authors relied on the code of an existing threat to create this pest.

Propagation and Encryption

A large number of cyber crooks who propagate ransomware threats often rely on mass spam email campaigns to distribute their creations. The targeted user would receive an email that contains a bogus message and a corrupted attachment. The fake message’s goal is to trick the users into launching the attached file. Other common methods of distribution are torrent trackers, fraudulent software downloads, compromised advertisement campaigns, etc. The Adhubllka Ransomware will make sure to encrypt all the data on the victim’s system securely. Rest assured that all your images, documents, videos, databases, archives, spreadsheets, audio files, and countless others will be encrypted by this ransomware threat swiftly. When the Adhubllka Ransomware locks a file, it appends a new extension to its name. Victims of the Adhubllka Ransomware will notice that this data-locking Trojan adds a ‘.ADHUBLLKA’ extension to the names of their files. For example, a file called ‘wooden-crate.png’ will be renamed to ‘wooden-crate.png.ADHUBLLKA’ when the Adhubllka Ransomware completes its encryption process.

The Ransom Note

In the next step of the attack, the Adhubllka Ransomware will drop a ransom note on the victim’s desktop. The ransom note contains the attackers’ message, and it is stored in a file named ‘read_me.txt. The creators of the Adhubllka Ransomware do not mention a specific ransom fee that will be required from the victim. However they will demand a hefty sum in exchange for the decryption key you will need to recover your data. Users are required to contact the attackers via email - ‘’ It is likely that the attackers will provide further instructions once the victim gets in touch with them. The creators of this data-locking Trojan state that victims who contact them within 72 hours of the attack taking place will receive a discount.

It is never a good idea to contact cybercriminals. They will promise to provide you with a decryption tool that will help you unlock your data, but this is the case rarely. Cyber crooks are not known for their honesty, and it is likely that you will be tricked. This is why a legitimate anti-malware solution should be used to clean your PC and remove the Adhubllka Ransomware safely.


Most Viewed