'hellstaff@india.com' Ransomware

By GoldSparrow in Ransomware

Translate To:

The Hellstaff@india.com Ransomware Trojan is classified by AV companies as a slightly modified version of the Aurora Ransomware. The Hellstaff@india.com Ransomware is joined by two similar threats called the Oktropys@protonmail.com Ransomware and the Desu Ransomware. Its payload is delivered the same way — spam emails that include logos of trusted Internet companies lure users into double-clicking a macro-enabled document. PC users who click on the corrupted document may be shown a brief alert that they need to enable macros so that the document can load properly. Fake invoices and press releases may trick users into allowing a bad macro to install the Hellstaff@india.com Ransomware on their systems.

The program is known to erase the Shadow Volume snapshots on Windows, encode data (images, audio, video, text, databases, PDFs and eBooks) and suggest users sent an email to 'hellstaff@india.com' if they hope to regain access to their data again. As its name suggests, the affected files receive the '.desu' suffix and something like 'Tommy Heron - Gonna Get Me.mp3' is renamed to 'Tommy Heron - Gonna Get Me.mp3.desu.' The ransom message is presented via '@_RESTORE_PC_1.txt', '@_RESTORE_PC_2.txt,' and '@_RESTORE_PC_3.txt.' The files above may be saved to each folder with encrypted data inside. We have seen the Hellstaff@india.com Ransomware run as 'n_BadRansomware.exe' on infected devices. The text files dropped by Hellstaff@india.com Ransomware may feature the following text:

'Oops! Your files have been encrypted.
Your files are no longer accessible.
You might have been looking for any way to recover your files.
Don't waste your time, you can't recover all your files safely. But
you need to pay and get the decryption password.
Email support: hellstaff@india.com
Your ID:
[random characters]'

Malware analysts alerted that the Hellstaff@india.com Ransomware features new obfuscation layers, and it may evade some cybersecurity policies. We encourage users to take precautionary measures that would allow them to avoid making a payment to the threat authors. The best thing to be done is to run a backup manager in the system background and export clean copies of your files to unmapped memory storage regularly. Cloud services like Dropbox and OneDrive may seem alluring alternatives to portable SSDs and HDDs. You may be able to acquire a free decryptor from Michael Gillespie (@demonslay335 on Twitter) who is a researcher leading the charge against crypto-threats. AV engines remove the items used by the Hellstaff@india.com Ransomware if they are marked as:

Generic.Ransom.Animus.5D33661B
HEUR/QVM10.1.D4C1.Malware.Gen
ML.Attribute.HighConfidence
TR/Downloader.Gen2
Win32.Trojan-Ransom.Filecoder.P@gen
a variant of Win32/Filecoder.NNP
malicious (high confidence)
malicious_confidence_80% (D)
malware (ai score=80)

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

'hellstaff@india.com' Ransomware

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen