Halloware Ransomware

The Halloware Ransomware, created by an individual that goes by the online handle 'Luc1F3R,' was first observed on December 6, 2017. The Halloware Ransomware seems to be in development currently, and its source code is for sale to anyone willing to pay the low sum of 40 USD. The Halloware Ransomware is being advertised on the Dark Web, and PC security researchers have purchased and studied a copy of this threat. It seems that the website that is used to advertise and distribute the Halloware Ransomware is not protected properly, and it has been possible for PC security analysts to obtain access and crack the Halloware Ransomware code if it ends up being responsible for widespread attacks. Although the Halloware Ransomware is not in active distribution, the early detection of this threat has meant that PC security researchers may be capable of developing ways for computer users to secure their data from these attacks.

How the Halloware Ransomware Attacks a Computer

The Halloware Ransomware behaves in a way identical to most encryption ransomware Trojans. The Halloware Ransomware uses a combination of the AES and RSA encryptions that makes the victim's files inaccessible. Threats like the Halloware Ransomware do this to demand a ransom payment from the affected victim. The Halloware Ransomware targets the user-generated files, while leaving Windows system files untouched. The file types that may be targeted in infections like the Halloware Ransomware's include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Halloware Ransomware's attack is fairly generic and typical of these attacks. The Halloware Ransomware adds the prefix '(Lucifer)' to the beginning of each affected file's name, while most encryption ransomware Trojans add a new file extension to the affected files. The files with the string '(Lucifer)” will have been compromised in the attack and will no longer be legible by the victim's applications or operating system.

The Halloware Ransomware and Its Ransom Payment

The Halloware Ransomware demands a ransom from the victim as long as the victim's files are encrypted. To do this, the Halloware Ransomware displays a program window and changes the infected computer's desktop image. The Halloware Ransomware ransom note contains the following text, which is displayed on the infected computer:

'Your Data Have Been Encrypted
If You Need Your Data Back
So Go Here
hxxp://zinrm67igbdcdy5h.onion'

The text displayed on the infected computer's new desktop image reads:

'You are hacked
your all files folder have been encrypted its happen when you watch too much porn or do some illeagle work if you want you files back you have to pay 100 dollar in bitcoin
visit this to contact with us for payment and key or decrypter info
hxxp://zinrm67igbdcdy5h.onion open this link in tor browser and get ur files back.'

Threats like the Halloware Ransomware are one of the motives why computer users need take steps to protect their data. They should take precautions when handling spam email messages since this is the main way in which the Halloware Ransomware is delivered. It also is primordial to have file backups, which can allow computer users to restore their files from the backup copy in case their files become compromised due to the Halloware Ransomware's encryption.

SpyHunter Detects & Remove Halloware Ransomware