Gvh65 Ransomware

The Gvh65 Ransomware threat leverages a strong cryptographic algorithm to lock the files on the computers it infects. The goal of the attacks is to then pressure their victims into paying a ransom to get their valuable information back. Each file locked by the threat in this manner will be marked by having its original name modified. Gvh65 will first add a long string of random characters that appears to be specific for each victim followed by '.gvh65' as a new extension. The ransom note of the threat is delivered as a text file named 'vk6i_HOW_TO_DECRYPT.txt.'

Ransom Note's Details

The ransom-demanding message states that the hackers have managed to obtain sensitive information from the compromised machines. If their demands are not met, the collected data will be released to the public by being published on a dedicated leak site. To get more concrete details about the payment, victims are directed towards a different site, also hosted on the TOR network. The last section of the note contains various warnings, such as not renaming the encrypted files or hiring a third-party recovery firm.

The full text of Gvh65 Ransomware's note is:

'Your network has been breached and all data were encrypted.
Personal data, financial reports and important documents are ready to disclose.

To decrypt all the data and to prevent exfiltrated files to be disclosed at
hxxp://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
you will need to purchase our decryption software.

Please contact our sales department at:

hxxp://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/

      Login:    -

      Password: -

To get an access to .onion websites download and install Tor Browser at:
hxxps://www.torproject.org/ (Tor Browser is not related to us)

Follow the guidelines below to avoid losing your data:Do not modify, rename or delete *.key.gvh65 files. Your data will be
undecryptable.

Do not modify or rename encrypted files. You will lose them.

Do not report to the Police, FBI, etc. They don't care about your business.
They simply won't allow you to pay. As a result you will lose everything.

Do not hire a recovery company. They can't decrypt without the key.
They also don't care about your business. They believe that they are
good negotiators, but it is not. They usually fail. So speak for yourself.

Do not reject to purchase. Exfiltrated files will be publicly disclosed.'