Hdmr Ransomware
A brand-new ransomware threat has been spotted in the wild – its name is the Hdmr Ransomware. It does not appear that this file-locking Trojan is related to any of the known ransomware families. Ransomware threats are one of the most threatening malware types, and they claim countless numbers of victims every year.
Propagation and Encryption
There is still no decisive information regarding the propagation method utilized in the spreading of the Hdmr Ransomware. Spam emails containing macro-laced attachments are one of the most popular methods of spreading threats of this type. The attackers may also have used fake pirated copies of popular applications or bogus software updates to propagate the Hdmr Ransomware. The Hdmr Ransomware will look for the most popular file types once it compromises the targeted host. These include .jpeg, .jpg, .png, .pdf, doc, .docx, .ppt, .pptx, .mp3, .xls, .xlsx, .mp4, .mov, and .rar files, among many others. This way, the attackers make sure their threat locks as many files as possible. When the Hdmr Ransomware applies its encryption algorithm to the targeted files, their extensions will be altered. This data-encrypting Trojan adds a ‘.hdmr’ extension to all the newly locked files. For example, an audio file that was called ‘nbg.mp3’ initially will be renamed to ‘nbg.mp3.hdmr.’
The Ransom Note
Next, the Hdmr Ransomware will drop a ransom note containing a short message for the victim. As with most file-locking Trojans, the authors of the Hdmr Ransomware will ask the victim to pay them a ransom fee. Creators of ransomware threats usually promise the victim that if they pay up the demanded sum, they will receive the decryption key, they need to unlock their data. There are two email addresses provided in the ransom note - lafoievologjanin123@tutanota.com and lafoievologjanin123@protonmail.com. This is where the attackers expect the victim to contact them and receive further instructions.
It is never a good idea to pay cybercriminals. Not only is your cash going to fund their criminal activities, but they will likely never deliver on their end.
