HELPME Ransomware
A potent malware threat, the HELPME Ransomware can affect a wide range of file types and render them unusable and inaccessible completely. Victims will find that their documents, images, PDFs, archives, databases, etc. have all been locked with an uncrackable cryptographic algorithm.
During its encryption process, the HELPME Ransomware will change the original names of the files drastically. The threat will append to them a unique ID string, an email address under the attackers' control, and a new file extension. The email in question is 'bugagaga@tuta.io' while the file extension is '.HELPME.' Finally, a ransom note will be dropped on the infected system. The random-demanding message will be contained inside a text file named 'decrypt_info.txt.'
HELPME Ransomware's Demands
Unfortunately, the ransom note lacks many important details. It doesn't specify the sum demanded by the hackers or if they are willing to unlock some files for free as a demonstration of their ability to restore the encrypted data. The note simply states that victims will need to establish contact with the attackers via the two provided communication channels - the same 'bugagaga@tuta.io' email address and a '@Online7_365' Telegram account. As part of the message, users are also told to attach and send the 'decrypt_info.txt' file.
The full text of the ransom note is:
'If you want to restore your files, write to us by mail
bugagaga@tuta.io
or:
write to us in telegram
hxxps://t.me/Online7_365
or:
@Online7_365
Send us this file
decrypt_infoKEYID:
Number of files that were processed is:
PC Hardware ID:'
