Hades666 Ransomware

New ransomware threats are being released daily, and the trend does not seem to die out as time passes. On the contrary, more and more cybercriminals are trying their luck by building data-locking Trojans and attempting to generate some revenue by blackmailing innocent users. One of the newest file-encrypting Trojans is the Hades666 Ransomware. When malware researchers inspected this threat, they determined that the Hades666 Ransomware is a variant of the Maoloa Ransomware.

Spreading and Encryption

It is not known what propagation methods are being used in the spreading of the Hades666 Ransomware. Some researchers speculate that the authors of the Hades666 Ransomware may be employing some of the most common infection vectors used by creators of ransomware threats, namely spam email campaigns containing macro-laced attachments, fraudulent application updates, and corrupted pirated copies of popular software downloaded from shady websites. If the Hades666 Ransomware succeeds in compromising a system, it will begin the attack with a scan. The purpose of the scan is to locate all the data, which the Hades666 Ransomware is programmed to go after. Then, the encryption process is triggered. All the targeted files will be locked and their names will be changed swiftly. The Hades666 Ransomware adds a ‘.hades666’ extension at the end of the names of the newly locked files. For example, if you had a photo named ‘Cheshire-smile.png,’ its name will be changed to ‘Cheshire-smile.png.hades666’ after the encryption process is through.

The Ransom Note

Next, the ransom note will be dropped. The Hades666 Ransomware’s note is called ‘HOW TO BACK YOUR FILES.txt’ and it reads:

’YOUR FILES ARE ENCRYPTED !!!
TO DECRYPT, FOLLOW THE INSTRUCTIONS:
To recover data you need decrypt tool.
To get the decrypt tool you should:1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool!
4.We can decrypt few files in quality the evidence that we have the decoder.
DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US:
Sin_Eater.666@aol.com
ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER:
{{ID}}’

The authors of the Hades666 Ransomware do not state what the ransom fee is. They give out contact details in the shape of an email address – ‘sin_eater.666@aol.com.’ To prove to the user that they have a decryption key, the creators of the Hades666 Ransomware offer to decrypt several files for free, as long as they do not contain any valuable information.

We advise you not to believe the tricks of shady individuals like the creators of the Hades666 Ransomware. Instead of paying what will probably be a hefty sum to decrypt your data, use a reputable anti-malware application to wipe off the Hades666 Ransomware from your system. Next, you can try to recover some of the data by using a third-party data recovery software.