Threat Database Ransomware Skull HT Ransomware

Skull HT Ransomware

By GoldSparrow in Ransomware

The Skull HT Ransomware is a file encryption Trojan that emerged in cybersecurity reports from November 2nd, 2017. The researchers who analyzed the first reports of this threat alert that the payload is delivered by a specially crafted PDF file, which is an executable file. The fake PDF is a program titled 'The Art of Amazon Carding.pdf.exe,' and you might find the file attached to spam emails. You should note that the threat actors are likely to use new filenames in their spam campaign to avoid detection and increase their chances of infecting more users. The Skull HT Ransomware is known to be used in attacks on English-speaking PC users primarily. The name of the Trojan is derived from the custom desktop background it applies, which is an image of a forest with a railroad and a green skull on the right side.

As its name suggests, the Skull HT Ransomware is based on the Hiddentear project that received a lot of media attention in August 2015 and continues to be often mentioned on cybersecurity blogs. The HiddenTear code is used actively by crypto-threat creators to deploy Trojan variants in bulk. The threat at hand reminds a lot of the BugWare Ransomware and the Gendarmerie Ransomware that surfaced not too long before Skull HT. Malware researchers report that the Skull HT Ransomware is designed to apply a customized AES-256 cipher to the targeted files, which include files that can be loaded by Microsoft Office, Windows Photos, Windows Movies & TV and various database managers. The Skull HT Ransomware targets a broad spectrum of data containers, and the encryption process may take some time to complete. In the end, the data is rendered unreadable and features the '.locked' extension. For example, 'Belukha Mountain - Russia.png' is renamed to 'Belukha Mountain - Russia.png.locked.' The ransom notification is loaded as a new desktop background image and 'READ_ME.txt.' Both versions offer the following message:

'Your computer has been LOCKED
Your personal files have been encrypted.
Send Exactly 0.00156 BTC to Wallet ID 19GNGp9DSxEfWVeczhjvqvk4qVWv1fX45B
Then Email Us at to Let Us know.
You will need to state Your wallet ID to confirm Payment, After that We will supply You with the Decryption Key And tool.
With love... Hidden Tear Project :')'

PC users are advised to eliminate the Skull HT Ransomware using a reliable anti-malware utility. Negotiating with the cybercrooks is not likely to result in a favorable outcome. Experts warn users that the threat landscape in 2017 and the previous year is dominated by threats like the Skull HT Ransomware, which requires the users to adapt accordingly. It is highly recommended that you install a backup manager and make backups as often as you are comfortable with. The available backups allow every user to recover from potential crypto-threat attacks unscathed relatively. AV engines support rules to detect files and Registry keys made by the Skull HT Ransomware. Security alerts related to the Skull HT Ransomware list the following names:

  • Gen:Heur.Ransom.HiddenTears.1
  • HEUR/QVM03.0.E2DB.Malware.Gen
  • MSIL/Generic.AP.A67700!tr
  • Ransom_CRYPTEAR.SM0
  • Ransomware-FTD!0293B9B0BA24
  • Trojan ( 700000121 )
  • malicious (high confidence)
  • malicious.1b8fb7


Most Viewed