EDHST Ransomware
While examining potential malware threats, information security researchers came across a new variant of ransomware identified as EDHST. This particular malware encrypts a wide array of files on the infected system, appending the '.EDHST' extension to their original names. Additionally, it generates a ransom note titled 'HOW TO RECOVER YOUR FILES.txt' to inform victims about the encryption and demand a ransom for decryption. For example, files such as '1.doc' would be renamed to '1.doc.EDHST,' while '2.pdf' would become '2.pdf.EDHST,' and so on for all affected files.
The EDHST Ransomware Takes Data Hostage and Extorts Its Victims
The ransom note left by the attackers notifies victims that their crucial files, spanning documents, photos, and databases, have been encrypted and are inaccessible without contacting the perpetrators. To demonstrate their ability to decrypt files, cybercriminals offer to decrypt two randomly chosen files free of charge. They reassure victims that no files were pilfered and pledge complete file recovery upon payment.
The note advises victims that they have the discretion to determine the ransom amount and urges them to contact the threat actors promptly for smoother file recovery. Additionally, it cautions against renaming or attempting to decrypt files independently to prevent data loss and provides a contact email (trufflehogger@proton.me).
Typically, files encrypted by ransomware cannot be decrypted without a specific decryption tool possessed by the attackers. While paying the ransom is discouraged as it does not guarantee the receipt of the decryption tool, there are instances where victims find free decryption tools online, thus bypassing the need for payment.
Furthermore, it's essential to remove ransomware from infected computers. Failure to do so may result in the ransomware spreading to other computers on the local network or encrypting additional files on already compromised systems.
Implement Robust Security Measures against Malware and Ransomware Attacks
Protecting data and devices from malware and ransomware threats is paramount in today's digital landscape. Here are comprehensive measures users can take to enhance their security:
- Install and Update Security Software: Use professional and reliable anti-malware software and keep it updated to detect and block threats effectively.
- Keep Systems Updated: Always update your operating systems, software, and applications with the latest available patch security vulnerabilities that attackers may exploit.
- Enable Firewall Protection: Activate firewalls on devices to monitor and control the network traffic, providing an additional layer of defense against malicious activity.
- Careful with Email Attachments and Links: Be cautious when opening email attachments or following links, especially from unknown or suspicious sources, to prevent phishing attacks and malware infections.
- Use Strong, Unique Passwords: Create strong passwords for all accounts and devices using a combination of letters, numbers, and special characters. Consider utilizing a reputable password manager to generate and store complex passwords securely.
- Implement Multi-Factor Authentication (MFA): Enable MFA whenever possible to have a better security beyond passwords, making itmore difficult for criminals to gain unauthorized access to accounts and devices.
- Backup Data Regularly: Perform regular backups of essential data to ensure it can be restored in case of a ransomware attack or data loss incident. Store backups securely, preferably offline or in encrypted cloud storage.
- Limit User Privileges: Restrict user privileges to only what is necessary for their roles to minimize the impact of malware infections and unauthorized access.
- Stay Always Informed: Stay on top of the latest cybersecurity trends, news and best practices to remain vigilant against evolving threats.
By implementing these comprehensive measures, users can significantly reduce the risk of malware and ransomware threats and better protect their data and devices from cyber attacks.
Victims of the EDHST Ransomware are left with the following ransom note:
'| DON'T PANIC! |
| EVERYTHING WILL BE FINE! |All your files, documents, photos, databases and other important
files are encrypted.You are not able to decrypt it by yourself! all of the encrypted
data cannot be recovered by any means without contacting our team directly.To make sure that we REALLY CAN recover all of the encrypted data - we offer you to
decrypt 2 random files of your choice completely free of charge.
None of your internal documents or files were downloaded this time, and
as soon as we receive the payment - your network will be completely recovered
like nothing happened.Don't worry! It's up to you to decide how much you pay!
The faster you reply, the easier it will be!
How to obtain Bitcoins?
Read this guide:
hxxps://www.coindesk.com/learn/how-can-i-buy-bitcoin/EMAIL us:
trufflehogger@proton.me-> ATTENTION:
DO NOT rename encrypted files.
DO NOT try to decrypt your data using third party software,it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
