Multi-Device Licenses (Volume Discounts)

Change Region

English Dansk Deutsch Español Français Italiano Nederlands Polski Português Svenska Türkçe Русский हिन्दी 日本語 汉语 漢語 한국어
Threat Database Ransomware H$ Ransomware

H$ Ransomware

By Mezo in Ransomware
Translate To:
English

Infosec researchers have discovered a new dangerous ransomware threat lurking in the wild. Named H$ Ransomware, the threat is capable of causing massive damage to any computer system it manages to compromise. By employing a strong encryption process, H$ Ransomware is capable of rendering a wide range of file types inaccessible and usable. Users will find themselves unable to open their private or work-related files - pictures, photos, documents, PDFs, databases, archives, etc. 

To mark the files its locks, H$ Ransomware appends '.h$' to their names as a new file extension. Upon completing the encryption process, the threat proceeds to deliver the instructions from its malicious creators. The ransom note is dropped in a peculiar way - H$ Ransomware creates on the infected system a hundred text files with names ranging from 'Pay2Decrypt1.txt' to 'Pay2Decrypt100.txt.' The message inside all of the ransom-bearing files is identical. 

H$ Ransomware's Demands

The hackers warn their victims that restarting the encrypted system could potentially cause damage to the locked files. In addition, affected users are given just 5 days to initiate contact and meet the demands of the hackers or risk having their data being deleted. Two communication channels are mentioned in the ransom note - a dedicated Discord server and the 'nekez@discard.email' email address.

Generally, users should avoid entering into negotiations with cybercriminals distributing ransomware threats as doing so could expose them to even more security risks. Also, there are no guarantees that the hackers will honor their end of the bargain. Instead, users are advised to remove the H$ Ransomware and only after that attempt to restore their files from a suitable backup. 

The full text of the ransom note is:

DONT TRY TO REBOOT, YOUR FILES ARE ENCRYPTED

JOIN TO OUR DISCORD SERVER: hxxps://discord.gg/E8dgPKsmrb, IF YOU DON'T HAVE DISCORD EMAIL US IN nekez@discard.email

SEND US A MESSAGE WITH YOUR PERSONAL KEY:-

YOU HAVE 5 DAYS TO PAY OUR EXIGENCES, IF NOT, YOUR FILES WILL BE DELETED

THE TIME START NOW:

Trending

Most Viewed

Loading...