Hceem Ransomware

The Hceem Ransomware belongs to a small family of ransomware Trojans, the Snatch Ransomware family, and is used by criminals to block the computer users' data by changing the files' names by adding the '.hceem' file extension to their names, which makes them unrecognizable by the system. To access the corrupted data, the victims will need a decryption key that only the controllers of the Hceem Ransomware can provide. They are willing to send the decryptor for a price, which they do not specify on their ransom note.

The criminals present their ransom note to the victims in a text file named 'RESTORE_HCEEM_DATA.tx,' which will be displayed on the victims desktop with the following message:

'Attention!
Do not rename the ciphered files
Do not try to decrypt your data of the third-party software, it can cause constant data loss
You do not joke with files
To restore your files visit "****************" website. This website is safe
If this website is not available use reserve website "****************" in a TOR network. This website is safe. For visit of this website it is necessary to install Tor browser (hxxps://www.torproject.org)
Your login: -
Your password: -
Your BTC address: 13TvbUKYEAqwu3FP7RDu8vZhVucmUg9Zxy
If all websites are not available write to us on email of newrecoverybot@pm.me
You keep this information in secret'

A computer user can be infected with the Hceem Ransomware when they visit corrupted torrent websites, open infected email attachments, click on suspicious advertisements, etc. Since threat infections are very common nowadays, computer users should take inhibitory measures to keep threats like the Hceem Ransomware away from their machines such as having a powerful anti-malware scanner, visiting secure websites only, not opening unsafe email attachments and having secure browsing habits.