HQ_52_42 Ransomware

Infosec researchers have discovered a new ransomware threat that is being employed in attack campaigns. The threat is named HQ_52_42 Ransomware and is capable of causing massive damage to the computers it manages to infect. The malware initiates an encryption process that targets a large number of file types including photos, documents, archives, databases, etc.

Each affected file will be locked via an uncrackable cryptographic algorithm and, as a result, rendered inaccessible and unusable in any way. Furthermore, the locked files will have '.HQ_52_42' appended to their names as a new extension. The threat delivers its ransom note through a 'How to decrypt files.html' file that it drops on the breached devices.

Hackers Demand Over $1 Million

HQ_52_42 Ransomware's ransom note reveals that the hackers want to receive an exorbitant amount of money from their victims. Indeed, users affected by the threat are supposed to send 25 BTC (Bitcoin) to the cybercriminals' crypto-wallet address if they want to receive the private key needed to restore the encrypted data. Even though Bitcoin has fallen from its high at the current exchange rate the demanded sum is worth over $1.2 million.

If the money is not transferred within a week, the ransom will be increased to 35 bitcoins or more than $1.7 million. After two weeks, the threat actors threaten to delete the decryption key rendering all locked files unrecoverable. Victims can contact the hackers via a provided JABBER account.

The full text of the ransom note is:

'ALL YOUR PERSONAL FILES ARE ENCRYPTED

All your data (photos, documents, database, …) have been encrypted with a private and unique key generated for this Network. It means that you will not be able to access your files anymore until they’re decrypted. The private key is stored in our servers and the only way to receive your key to decrypt your files is making a payment.

The payment has to be done in Bitcoin to a unique address that we generated for you, Bitcoins are a virtual currency to make online payments. If you don’t know how to get Bitcoins, you can google “How to Buy Bitcoins” and follow the instructions.

To recover your files and unlock your computers, you must send 25 Bitcoins (This amount for all Network), to the next Bitcoin address:

YOU ONLY HAVE 1 WEEK TO SUBMIT THE PAYMENT! When the provided time ends, the payment will increase to 35 Bitcoins. Also, if you don’t pay in 2 Week, your unique key will be destroyed and you won’t be able to recover your files anymore.

WARNING!

DO NOT TRY TO GET RID OF THIS PROGRAM YOURSELF. ANY ACTION TAKEN WILL RESULT IN DECRYPTION KEY BEING DESTROYED. YOU WILL LOSE YOUR FILES FOREVER. ONLY WAY TO KEEP YOUR FILES IS TO FOLLOW THE INSTRUCTIONS.

After Payment , Send message to XMPP ID ( rans_contact@xmpp.jp ) for receive Private Key.'