Hela Ransomware
The Hela Ransomware is a potent threat that can impact a large array of file types on the systems it manages to infect. The targeted files will be locked with uncrackable encryption and will be held as a hostage. Victims will then be extorted for money if they want to regain access to their personal or business-related data.
Analysis of the Hela Ransomware has revealed that the threat is a variant of the previously detected Ragnarok Ransomware. When it locks a file, Hela modifies that file's original name by appending to it a string of random numbers followed by '.hela' as a new extension. Upon finishing its encryption process, the malware drops a ransom note as an Html file named '!!Read_Me.[random_number].html.'
Ransom Note Details
The ransom message delivered by Hela Ransomware states that besides locking the files stored on the infected device, the hackers have also obtained numerous sensitive files. A sample of the collected data is going to be published on a dedicated leak site. If they do not receive the demanded ransom payment within 7 days, the cybercriminals threaten to publish all of the victim's private files.
Users affected by Hela Ransomware are allowed to send a single file to be decrypted for free. The message can be addressed to the two emails provided in the ransom note. The main address is CHRISTIAN1986@TUTANOTA.COM while melling@confidential.tips acts as a backup email.
The full text of the ransom message is:
'ALL YOUR FILES ARE ENCRYPTED AND STOLEN BY RAGNAROK
Dear Sir
Your files are encrypted with RSA4096 and AES encryption algorithm.
But don't worry, you can return all your files!! follow the instructions to recover your filesCooperate with us and get the decrypter program as soon as possible will be your best solution.
Only our software can decrypt all your encrypted files.What guarantees you have?
We take our reputation seriously. We reject any form of deception
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain any valuable information.
When hiring third-party negotiators or recovery companies. listen to what they tell you. try to think.
Are they really interested in solving your problems or are they just thinking about their profit and ambitions?By the way.We have stolen lots of your company and your private data which includes doc,xls,pdf,jpg,mdf,sql,pst…
Here we upload sample files of your company and your private data on our blog :
hxxp://sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid.onion/
We promise that if you don't pay within a week, we will package and publish all of your company and your data on our website.
We also promise we can decrypt all of your data and delete all your files on internet after your payment.
Such leaks of information lead to losses for the company. fines and lawsuits. And don't forget that information can fall into the hands of competitors!
For us this is just business and to prove to you our seriousness.Our e-mail:
CHRISTIAN1986@TUTANOTA.COMReserve e-mail:
melling@confidential.tips
Device ID:'
