Huy Ransomware

Cybercriminals are using a new ransomware threat to lock the data on compromised computers and then extort their victims for money. The threat is being tracked as the Huy Ransomware and its capacity to cause damage shouldn't be underestimated. Whenever the malware locks a file as part of its encryption algorithm, it will append '.huy' to that file's original name as a new extension. When all targeted file types on the infected device have been encrypted, the Huy Ransomware will proceed to create a text file carrying a ransom note with instructions for the victims. The name of the file is 'КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt.'

Huy Ransomware's Demands

The ransom note dropped by the threat is written in Russian entirely and features no translation in other languages. This can be a sign that the hackers deploying the Huy Ransomware are targeting users from Russian-speaking countries predominantly A rough translation of the instructions reveals that the hackers are willing to provide their victims with the required decryption key and software tool, but only after they are paid the demanded ransom. The note lacks many important details, so victims are forced to contact the provided TELEGRAM account. Furthermore, according to the note, affected users have only 48 hours to pay the hackers or risk having all of their locked data being lost.

The full text of the note in its original form is:

'Вся информация на вашем компьютере была зашифрована с использованием новейшего алгоритма шифрования.
все зашифрованные файлы имеют формат .Huy.
Вы можете восстановить данные используя декриптор и пароль, пароль знаем только мы.
Его невозможно подобрать.
Переустановко ос ничего не изменит.
Не один системный администратор в мире не сможет решить эту проблему без знания пароля.
Не меняйте расширение файлов самостоятельно! Вы можете делать только бекап.
Напишите в данный TELEGRAM @master_sgls
У вас есть 48 часов. Иначе вы навсегда потеряете свои данные!'