Howareyou Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 8 |
| First Seen: | January 19, 2011 |
| Last Seen: | February 2, 2021 |
| OS(es) Affected: | Windows |
The Howareyou Ransomware has been determined to be a unique crypto locker threat that doesn't belong to any of the pre-existing ransomware families. Its goals are that of a typical threat from this malware type, though.
The Howareyou Ransomware tries to sneak itself onto the user's computer without triggering any alarm bells. Then, the Howareyou Ransomware proceeds to encrypt nearly all of the most widely used filetypes stored on it. Users will no longer be capable of access their documents, music, video, photos, PDFs, datasheets, etc. The consequences could be devastating if the affected files are related to business-projects. Every encrypted file will have its original name modified as '.howareyou' will be appended to it as a new extension. As for the note with instruction from the hackers, the Howareyou Ransomware drops it as a text file named '__read_me_.txt.'
The note's instructions show that the cybercriminals who developed the threat are following the recent trends among ransomware creators and have equipped the Howareyou Ransomware with the functionality to exfiltrate data before initiating the encryption process. As a result, the criminals obtain additional leverage with which to extort their victims. Indeed, they threaten to start leaking the collected data if their demands are not met. To get the ransom's exact price, affected users are supposed to establish contact by sending a message to the 'dfkjhdkjsdjfgkjdsfhkjskdjfhkj@cock.li' email address. They also can attach up to two files to be decrypted for free.
The full set of instruction delivered by the Howareyou Ransomware is:
'Your files have been encrypted and copied to our private servers!
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
But keep calm! There is a solution for your problem!
For some money reward we can decrypt all your encrypted files.
Also we will delete all your private data from our servers.
To prove that we are able to decrypt your files we give you the ability to decrypt 2 files for free.
So what is you next step ? Contact us for price and get the decryption software.
Our Mail: dfkjhdkjsdjfgkjdsfhkjskdjfhkj@cock.li
Your ClientId: -
We would share your SENSITIVE DATA in case you refuse to pay.'
