Hip1 Ransomware
HIP1 is a ransomware threat that can be deployed as part of attack operations. Ransomware threats are threatening creations designed to lock the data of their victims with an uncrackable encryption algorithm. The affected files will no longer be accessible or usable in any way. Typically, the goal of the threat actors is to extort the impacted individuals or corporate entities for money, in exchange for providing them with the necessary decryption keys. Analysis of the HIP1 Ransomware has confirmed that it is a variant of the VoidCrypt Ransomwsre threat.
When fully activated on the breached device, HIP1 will encrypt the target files and change their original names. More specifically, the threat adds an ID string, an email address, and a new file extension. The ID is generated for each victim, the email address is 'FreedomTeam@mail.ee' and the attached file extension is '.HIP1.' A ransom note containing instructions from the threat actors is dropped as a text file named 'Read_Me!_.txt.'
The ransom message mentions a secondary communication channel via the 'Freedom29@Tutanota.com' email. It also reveals that the attackers are running a double-extortion operation. In addition to encrypting valuable files, the attackers claim to have collected sensitive and confidential data from infected devices. The information will be published to the public or sold to interested parties, such as the victim's competitors unless the cybercrminals are paid the demanded ransom. Although the exact sum of the ransom is not mentioned, the note states that only payments in Bitcoin will be accepted.
The full text of the ransom note is:
'All Your Files Encrypted And Sensitive Data Downloaded (Financial Documents,Contracts,Invoices etc.. ).
To Get Decryption Tools You Should Buy Our Decrption Tools And Then We Will Send You Decryption Tools And Delete Your Sensitive Data From Our Servers.
If Payment Is Not Made We have to Publish Your Sensitive Data If Necessary Sell Them And Send Them To Your Competitors And After A While Our Servers Will Remove Your Decrypion Keys From Servers.
Your Files Encrypted With Strongest Encryption Algorithm So Without Our Decryption Tools Nobody Can't Help You So Do Not Waste Your Time In Vain!
Your ID:
Email Address: FreedomTeam@mail.ee
In Case Of Problem With First Email Write Us E-mail At : Freedom29@Tutanota.com
Send Your ID In Email And Check Spam Folder.
This Is Just Business To Get Benefits, If Do Not Contact Us After 48 Hours Decryption Price Will x2.
What Guarantee Do We Give You ?
You Should Send Some Encrypted Files To Us For Decryption Test.
----------------------------------------------------------------------
Attention!
Do Not Edit Or Rename Encrypted Files.
Do Not Try To Decrypt Files By Third-Party Or Data Recovery Softwares It May Damage Files.
In Case Of Trying To Decrypt Files With Third-Party Sofwares,This May Make The Decryption Harder So Prices Will Be Rise.
----------------------------------------------------------------------
How To Buy Bitcoin :
Buy Bitcoin Instructions At LocalBitcoins :
hxxps://localbitcoins.com/guides/how-to-buy-bitcoins
Buy Bitcoin Instructions At Coindesk And Get More Info By Searching At Google :
hxxps://www.coindesk.com/learn/how-can-i-buy-bitcoin/'
