Threat Database Ransomware Industria_host Ransomware

Industria_host Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: July 1, 2021
Last Seen: January 21, 2022
OS(es) Affected: Windows

The Industira_host Ransomware aims to infect targeted computers, deploy an encryption routine that locks the files stores there, and then extort its victims for money - a typical ransomware operation. Despite Industria_host being an almost identical copy of the ChupaCabra Ransomware threat, it is still extremely harmful. The strong encryption ensures that all affected files will be rendered inaccessible and unusable. Each locked file will be marked by threat with '.industria_host' appended to its original name. When Industria_host finishes the encryption process, it will proceed to drop a ransom note with instructions from the cybercriminals. The note will be displayed both in a pop-up window and inside a text file named 'HowToDecrypt.txt.'

Victims are left with an extremely short message that consists of two important details. To receive the decryption key and password, they will need to send a ransom of 0.2 BTC (Bitcoin) to the cryptowallet address found in the note. Bitcoin is notorious for having an unstable exchange rate that could swiftly shift in either direction. Currently, the ransom demanded by Industria_host is equal to $7,700. The second detail found in the note is the Telegram account @industria_host that victims can use as a communication channel to reach the ransomware operators. 

The full text of the ransom note is:

All your files are encrypted with Reload
To Decrypt:

  • Send 0.02 BTC to: 1Eh4f3p2fQVjfyHAyJ2rCqjUgDxPgjJE5q
  • Contact me Telegram: @industria_host.'


Most Viewed