.HOW Ransomware Description
.HOW Ransomware is a new file-encrypting Trojan, which appears to belong to the notorious Dharma Ransomware family. Data-lockers like the .HOW Ransomware are not built from scratch. Instead, their creators borrow the code of well-established threats like the Dharma Ransomware and create a new copy of it with a different name.
Propagation and Encryption
To cause a significant amount of damage to the compromised host, the .HOW Ransomware is likely to go after a wide array of filetypes, such as .doc, .docx, .pdf, .txt, .mp3, .midi, .mid, .aac, .wav, .mov, .webm, .mp4, .db, .zip, .rar, .jpg, .jpeg, .png, .svg, .gif, .xls, .xlsx, .ppt, .pptx and others. The .HOW Ransomware uses a complex encryption algorithm to lock the targeted files and render them unusable. If you have fallen victim to the .HOW Ransomware, you may have noticed that all the locked files have a new extension added to their names. This is because the .HOW Ransomware appends a ‘.id-<VICTIM ID>.[email@example.com].HOW’ extension to them. For example, a file called ‘iron-boot.mp4’ will be renamed to ‘iron-boot.mp4.id-<VICTIM ID>.[firstname.lastname@example.org].HOW.’ It is likely that the operators of the .HOW Ransomware utilize some of the most common distribution methods to spread this nasty Trojan. The .HOW Ransomware is likely propagated via phishing emails that contain macro-laced attachments or corrupted links, torrent trackers, malvertising, bogus software downloads and updates, fraudulent social media posts, etc.
The Ransom Note
When the encryption process is completed, the .HOW Ransomware would drop its ransom note on the user’s system. The file containing the message of the attackers is called ‘FILES ENCRYPTED.txt.’ In the ransom message, the authors of the .HOW Ransomware do not specify what the ransom fee is as it is likely disclosed only after the victim contacts them. There are two email addresses where the user can get in touch with the attackers – ‘email@example.com’ and ‘firstname.lastname@example.org.’
You may be tempted to cooperate with the authors of the .HOW Ransomware, but it is not recommended to go through with this. Cybercriminals keep their promises rarely, so there is no reason for you to pay the ransom fee demanded by the creators of this Trojan. Make sure you eliminate the .HOW Ransomware from your system with the help of a modern, trustworthy anti-virus suite.