Hep Ransomware
The Hep Ransomware is a harmful threat that is classified as part of the Xorist Ransomware family. Despite being yet another variant, Hep's destructive capabilities should not be underestimated. It should be noted that the Hep Ransomware is not identical to other Xorist variants completely.
For example, the threat appears to be targeting Russian-speaking users specifically. Its ransom note, the name of the text file carrying the note, and the '.нер' file extension it uses to mark all encrypted files are written in Russian. As such, on systems that do not support the Cyrillic alphabet, the symbols will be displayed as gibberish.
Ransom Note's Details
The ransom-demanding message will be delivered to the compromised systems inside a text file named 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt.' Inside, as we mentioned, is a set of instructions written in Russian entirely with no translation into other languages. The hackers behind the Hep Ransomware attack state that in addition to locking the victim's files they have also been able to steal sensitive information that has been uploaded to their server.
The note claims that the only way to restore the affected files is to buy the hacker's 'Decryptor' software tool. In essence, the attackers demand to be paid a ransom. No additional details about the payment are found inside the note such as if a specific cryptocurrency will have to be used. Affected users are simply directed towards messaging the 'kseniya8394@yandex.ru' email address to get additional instructions.
The full text of the ransom note in its original Russian is:
'Здравствуйте.
Ваш компьютер атакован и заражен вирусом.
Ваши данные зашифрованны и загружены к нам на сервер.Расшифровка файлов возможна, только при помощи специальной программы "Дешифратор"
Мы настоятельно не рекомендуем использовать другие дешифраторы, так как это может повредить файлы,
и мы не сможем Вам их в дальнейшем расшифровать.Для того что бы расшифровать файлы и получить лицензию на нашу программу "Дешифратор", Вам необходимо написать нам на адрес электронной почты,
который указан ниже:kseniya8394@yandex.ru
Указав в письме номер №07
Ключи не удалили. Ждем от Вас ответа.Вернем все ваши базы с файлами, пишите о цене договоримся'
