Hipandahi Ransomware

The Hipandahi Ransomware is a file-locker Trojan that blocks media such as documents from opening. The Hipandahi Ransomware targets Windows systems and includes threats of leaking data to the public, which is typical of campaigns targeting business entities. Users should protect their PCs through appropriate security standards and backups and have dedicated anti-malware services for removing the Hipandahi Ransomware.

When Taking Files Hostage Stops Being Good Enough

A trend in some families of file-locker Trojans (such as NEFILIM Ransomware) is becoming part of the mainstream data sabotage and extortion industry rapidly. With threats like the latest the Hipandahi Ransomware, blocking files isn't good enough – for more incentive, additional threats also pile onto the ransom note. As ever, the intention is forcing victims into paying a hacker before considering all the consequences of the act.

The Hipandahi Ransomware is a too typical Windows Trojan with unknown distribution mechanics. Malware researchers confirm an unusually-large file size of over seven megabytes, which implies a more amateur-level threat actor behind its campaign. Regardless, it can block the user's files, including their documents, pictures, databases, and many other media formats, with currently-secure encryption.

Besides the file-blocking feature, the Hipandahi Ransomware generates an English HTML note similar to many Trojan families of the day. As an 'important note,' it warns that users who don't pay for file recovery will experience the leaking of their confidential data to the Web. Usually, these assertions are part of campaigns that target business or government networks; home users are also at risk from the encryption side of the payload.

Stepping Lightly around Strangers Hijacking Data

Despite its size, malware analysts can find no traces of spyware-like extra features in the Hipandahi Ransomware's behavior. It's likely that attackers use backdoor-based methods, such as RDP features, for uploading information from the target to their servers. Some general protective steps that all Windows users should take for lessening the odds of an attack include:

• Applying security patches and updates diligently
• Using strong passwords
• Disabling macros for documents and spreadsheets
• Disabling Java, Flash, and JavaScript while Web-browsing

Specific themes that recur in attacks against business entities include obfuscated links to threatening downloads over social messages and disguised e-mail attachments like fake invoices with embedded drive-by-download content. Home users also may compromise their PCs by downloading update tactics from Black Hat websites or trafficking in illicit downloads (copyright-protected movies, etc.).

At least half of all notable AV vendors detect this threat. Update any anti-malware solutions as appropriate for removing the Hipandahi Ransomware as efficiently as possible.

Users also can back their work up to other devices for reversing any fallout from the Trojan's file-locking feature. However, that's not the end of the consequences from the Hipandahi Ransomware infections, which, like many of its kind, may use the publicizing of private information as a brute-force tool against the extorted.