Hc7 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 10,404 |
Threat Level: | 20 % (Normal) |
Infected Computers: | 536 |
First Seen: | May 5, 2022 |
Last Seen: | September 10, 2023 |
OS(es) Affected: | Windows |
The Hc7 Ransomware is a variant of the Hc6 Ransomware, which appeared only a few days before the Hc7 Ransomware. There is very little to differentiate both threats, and it is clear that they are from the same source. First observed on December 1, 2017, the Hc7 Ransomware is delivered using spam email messages, which will include a compromised attached document. These email attachments tend to take the form of Microsoft Word documents with bad scripts, which download and install the Hc7 Ransomware onto the victim's computer. Once installed, the Hc7 Ransomware will try to take the victim's files hostage, encrypting these files with a robust encryption algorithm and then demanding the payment of a ransom in exchange for the decryption key that will restore the affected files.
Table of Contents
The Well-Know Attack of the Hc7 Ransomware
The Hc7 Ransomware will scan the victims' drives for the user-generated files using a strong encryption algorithm to make the affected files inaccessible. The decryption key that will restore the affected files, is sent to the Hc7 Ransomware's Command and Control servers, out of reach of the victim or their security software. The file types that are typically encrypted by attacks like the Hc7 Ransomware are:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Hc7 Ransomware will mark the files it targets in its attack with the file extension '.GOTYA,' which is added to the end the file's name.
The Hc7 Ransomware’s Ransom Demand
The Hc7 Ransomware demands a ransom from the victim by delivering a ransom note to the infected computer. The ransom note that is used by the Hc7 Ransomware reads:
'ALL YOUR FILES WERE ENCRYPTED.
ORDER, TO RESTORE THIS FILE, YOU MUST SEND $700 BTC for MASCHINE OR $5,000 BTC FOR ALL NETWORK
[Bitcoin wallet address] AFTER PAYMENT SENT EMAIL m4zn0v@keemail.me.
FOR INSTALLATION FOR DECRIPT
NOT TO TURN OFF YOUR COMPUTER, UNLESS IT WILL BREAK'
The addition of a 5,000 USD ransom payment for network administrators is different from what was used by the Hc7 Ransomware's predecessor, which demanded a payment of 2,500 USD for each infected computer. Regardless of the payment options, it is important to refrain from paying the Hc7 Ransomware ransoms. Apart from the fact that paying the Hc7 Ransomware ransom allows the cybercrooks to continue creating and developing threats like the Hc7 Ransomware, it is very unlikely that these people will help computer users recover from a Hc7 Ransomware attack. They are just as likely to ignore the victim's payment, ask for additional money, or target the victim for future attacks (since the victim will already have shown a willingness to pay.)
Preventing the Hc7 Ransomware Attacks
Computer users must protect their data by having file backups in safe locations where the threat can't reach. Having file backups, together with a security program and safe online browsing habits, are the best ways to protect your data from attacks like the Hc7 Ransomware. In fact, if enough computer users have reliable backup methods for their data, attacks like the Hc7 Ransomware would become ineffective.
URLs
Hc7 Ransomware may call the following URLs:
protectionsrequired.com |