Hoffmx Ransomware
Hoffmx is a recently spotted piece of ransomware designed to encrypt your files so that you no longer have access to them unless you pay a predefined ransom amount. Hoffmx is a typical crypto-virus, whose modus doesn't make a world of difference in comparison with other popular ransomware threats out there.
A successful Hoffmx Ransomware infection occurs when the virus has penetrated your system, encrypting all the files that matter to you along the way - multimedia files, text files, or photos, to name but a few. Eventually, each infected file has the ".hoffmx" suffix appended next to its real extension via the following pattern:
<file_name>.<file_type>.<hoffmx>
The ransom note – a text file dubbed "leia_isso" – then shows up on the victim's desktop, as well as in every directory containing encrypted files. Written in Portuguese, the note urges victims to pay 0,450 ETH (approx.. $200 or thereabouts) within the next 12 hours or risk losing their data for good.
Here is the original text of the ransom note:
'olá, desculpe informá-lo, mas você foi pwned e seus arquivos foram criptografados
não tente desligar o seu computador ou seus arquivos serão queimados
para recuperar o acesso a eles você deve
fazer uma pequena contribuição de 0,450 ETH para a carteira bitcoin
dentro de 12 horas ou seus arquivos serão corrompidos para sempre.
TELEGRAM DE APOIO
hxxps://t.me/yourfilesagainhot
CARTEIRA PARA PAGAMENTO:
OxidbB0d0F3b6Fae76b93baf9d0A4D6837a919F651
Quando o pagamento for feito, envie sua chave para o bot @yourfilesagainbot do telegram para que possa receber sua senha de recuperação, informando aqui que você pode ficar tranquilo que se tudo correr conforme o planejado, seus arquivos logo estarão de volta em seu mãos sem problemas.
você pode criar sua carteira e comprar moedas ETH aqui: hxxps://metamask.me/
se você já pagou, entre em contato com o bot no telegram e execute / key + seu id de transação
And here's a rough translation of the note in English:
hello sorry to inform you, but you have been pwned, and your files have been encrypted
don't try to shut down your computer, or your files will be burned
to regain access to them, you must
make a small contribution of 0.450 ETH to the bitcoin wallet
within 12 hours, or your files will be corrupted forever.
SUPPORT TELEGRAM
hxxps://t.me/yourfilesagainhot
PAYMENT PORTFOLIO:
OxidbB0d0F3b6Fae76b93baf9d0A4D6837a919F651
When payment is made, send your key to the telegram bot @yourfilesagainbot so that you
can receive your recovery password, stating here that you can rest assured that if everything goes
according to plan, your files will soon be back in your hands without problems.
you can create your wallet and buy ETH coins here: hxxps://metamask.me/
if you have already paid, contact the bot on the telegram and run /key + your transaction id.'
We have yet to determine whether the decryption tool advertised in the Hoffmx ransom note works at all. However, we always advise against paying for such stuff because cybercrooks engaging in ransomware attacks rarely provide any working solutions anyway.
If your PC ends up with a Hoffmx ransomware infection, chances are it may have come as part of a well-disguised Trojan, via spam email, or from a peer-to-peer network. Regardless of the infection vector, the potential damage is always extensive due to the sheer scope of infection such threats are typically capable of. That is why proceeding with the utmost caution while browsing the Web has become an integral part of our cyber life.