Hlpp Ransomware

There are new data-locking Trojans released almost daily. This is due to the fact that there are ransomware building kits available online freely, which allow even inexperienced, rookie cybercriminals to create and propagate file-encrypting Trojans with ease. An effective example of this is the recently spotted Hlpp Ransomware. The Hlpp Ransomware is a variant of the Dharma Ransomware.

Propagation and Encryption

The Hlpp Ransomware is likely to be propagated via some of the most common means, among which are:

• Torrent trackers –It is best to keep your distance from pirated content as cybercriminals often use it to spread malware and target the systems of unsuspecting users.
• Malvertising campaigns – Misleading advertisements that look harmless at first glance, but aim at propagating threats, are a commonly utilized infection vector.

Threat actors would often use spam emails that contain either corrupted links or macro-laced attachments to distribute data-lockers. Other popular infection vectors are fraudulent social media posts and pages, bogus application updates and downloads, etc. When the Hlpp Ransomware infects your system, it will scan its contents. This ransomware threat is very likely to target .doc, .docx, .pdf, .xls, .xlsx, .txt, .png, .jpg, .jpeg, .svg, .gif, .ai, .tif, .psd, .mp3, .wma, .mid, .midi, .mpa, .mkv, .mov, .mp4, .mpg, mpeg, .avi, .zip, .rar, .db, .x and numerous other filetypes. When the Hlpp Ransomware applies its encryption algorithm and locks a targeted file, it also changes its filename. This file-locker appends a '.id-<VICTIM ID>.[hlpp@protonmail.ch].hlpp' extension to the locked files’ names.

The Ransom Note

The ransom note of the Hlpp Ransomware is dropped on the user’s desktop. The victim can find the attackers’ ransom message in a file called ‘FILES ENCRYPTED.txt.’ The authors of the Hlpp Ransomware do not provide much information in the ransom note. The victim is asked to contact them using email. The creators of the Hlpp Ransomware have offered up two email addresses as a means of communication with the victim – ‘hlpp@protonmail.ch’ and ‘hlpp2@protonmail.com.’

If the Hlpp Ransomware has encrypted your data, it is recommended to avoid contacting the attackers, as authors of ransomware threats provide their victims with a functional decryption key rarely, even if they get paid. Consider investing in a genuine, modern anti-virus suite, which will help you remove the Hlpp Ransomware from your computer.