Html Ransomware

Malware researches have come across a new threat recently, which they called the Html Ransomware. When it was dissected, the Html Ransomware revealed that it is a variant of the very widely known Dharma Ransomware.

Cybersecurity experts have not been able to identify the infection vector employed in spreading the Html Ransomware, but it is speculated that the authors of the threat may be using spam email campaigns, bogus software updates, and corrupted pirated data to propagate their creation. Once the Html Ransomware gets access to a computer, it starts off the attack by performing a scan on the data present on the system. When the scan is completed, the Html Ransomware would have located all the files, which it intends to encrypt. Then, the Html Ransomware would begin the encryption process. When a file undergoes the encryption process of the Html Ransomware, it would have its filename altered. The Html Ransomware applies the '.id-.[paydra@cock.li].html' extension to the newly locked files. When this is done, the Html Ransomware goes on to drop a ransom note. Since the Html Ransomware belongs to the Dharma Ransomware family, it is likely that the name of the ransom note is ‘FILES ENCRYPTED.txt’ as most variants of the Dharma Ransomware follow this pattern. The attackers often end up not naming the sum, which they would demand in return for the decryption tool they would provide the victim with allegedly. However, the authors of the Html Ransomware give out an email address where they are to be contacted – ‘paydra@cock.li.’

It is never an endors course of action to get in touch with cyber crooks or attempt to negotiate with them. It is much safer to make sure you download and install a legitimate anti-spyware application and wipe the Html Ransomware off your system once and for all.