AHP Ransomware

AHP Ransomware Description

The AHP Ransomware infiltrates vulnerable systems and proceeds to 'lock' the files stored on them using strong cryptographic algorithms. All files locked in this manner will become inaccessible, resulting in the users losing their precious documents, pictures, videos, audio files, work-related spreadsheets, databases, etc. effectively. The names of the encrypted files will be modified in accordance with a complex pattern. The AHP Ransomware will take the original filename and then append to it a string of characters representing the victim's unique ID, followed by the email address of the hackers, and finally, '.ahp' will be placed as a new extension. A text file named 'FILES ENCRYPTED.txt' with brief instructions, mostly the hackers' two email addresses, will be created in every folder containing locked files, while the proper ransom note will be displayed to the victim in a pop-up window.

The AHP Ransomware is a potent malware threat that is based on the Dharma Ransomware, which is extremely popular among cybercriminals. The primary email address is 'aihlp24@tuta.io' while the reserve one, which should be used only if the AHP Ransomware victims do not receive a response within 12 hours, is 'aihlp@protonmail.com'. Unlike nearly all of the other ransomware threats, the AHP Ransomware doesn't offer to decrypt any free files. This could be viewed as a major red flag due to hackers' unwillingness to demonstrate their ability to restore the encrypted files successfully. 

The full text of the note displayed by AHP Ransomware is:


Don't worry,you can return all your files!

If you want to restore them, follow this link:email aihlp24@tuta.io YOUR ID -

If you have not been answered via the link within 12 hours, write to us by e-mail:aihlp@protonmail.com


Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

The message found in the text files is:

'all your data has been locked us

You want to return?

write email aihlp24@tuta.io or aihlp@protonmail.com'

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.