Herrco Ransomware
It appears that the main targets of the Herrco Ransomware are corporate entities and organizations. Of course, the threat is perfectly capable of wreaking havoc on individual users' computers as well. Once it has found its way onto the device, the Herrco Ransomware will initiate an encryption process that will lock the vast majority of the files stored there. All victims will then be blackmailed into paying a ransom to receive the necessary decryption key and tool from the cybercriminals. Upon encrypting a file, the threat will append '.herrco' to that file's original name as a new extension. As for the ransom note typically dropped by ransomware threats, Herrco delivers it in the form of a text file named 'How to decrypt files.txt.'
Herrco Ransomware's Demands
The ransom message states that the price of the ransom will be based on the time it takes the victims to establish contact with the cybercriminals. However, before making the payment, affected users can send a couple of encrypted files that the hackers promise to unlock and send back.
According to the ransom note, hundreds of gigabytes of sensitive data have been collected from the compromised systems. The hackers threaten to contact the victim's clients and business partners and inform them about the leak. They also insinuate that the victims could get in trouble under the EU's GDPR law.
The only communication channel provided to Herrco's victims is a dedicated website hosted on the TOR network.
The full set of instructions left by the Herrco Ransomware is:
'Your personal identifier:
All files on * network have been encrypted due to insufficient security.
The only way to quickly and reliably regain access to your files is to contact us.
The price depends on how fast you write to us.
In other cases, you risk losing your time and access to data. Usually time is much more valuable than money.In addition, we have ~170 gb of data from your network.
We can see your partners and if you don't get in contact, we will let them know that you were the source of the data leak.
We are aware of the strictness of the European data protection law (GPRD) and we are sure that you are not interested in publishing it.FAQ
Q: How to contact us
A: * Download Tor Browser - hxxps://www.torproject.org/Open link in Tor Browser hxxp://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contactFollow the instructions on the website.
Q: What guarantees?
A: Before paying, we can decrypt several of your test files. Files should not contain valuable information.Q: Can I decrypt my data for free or through intermediaries?
A: Use third party programs and intermediaries at your own risk. Third party software may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam.'
