Threat Database Ransomware YOUGOTHACKED Ransomware


By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 17
First Seen: April 25, 2016
Last Seen: June 16, 2022
OS(es) Affected: Windows

The YOUGOTHACKED Ransomware is a ransomware Trojan that creates files on the victim's computer with the '.h3ll' extension. The YOUGOTHACKED Ransomware takes the victim's files hostage by encrypting these files and demanding the payment of a ransom. Malware analysts have noted that the YOUGOTHACKED Ransomware will encrypt the first 64-KB portion of the victim's files using a strong encryption algorithm. The YOUGOTHACKED Ransomware then encodes the decryption key and saves it in a file with the '.key' extension. Paying the YOUGOTHACKED Ransomware ransom is not a recommended move.

How the YOUGOTHACKED Ransomware may Enter a Computer

The YOUGOTHACKED Ransomware may be distributed using corrupted Microsoft Office files that exploit macro vulnerabilities in the Microsoft Office The YOUGOTHACKED Ransomware also may be distributed using compromised PDF files or embedded in other downloads that may be distributed using spam email message attachments. Once the YOUGOTHACKED Ransomware enters a computer, it creates a temporary file on the victim's computer. Once the YOUGOTHACKED Ransomware has been installed, it scans the victim's hard drive and attempts to encrypt all files it finds, specifically targeting documents, media files, images, and other potentially important content.

Once a file has been compromised by the YOUGOTHACKED Ransomware, it cannot be opened by the victim or decrypted without the decryption key. After the YOUGOTHACKED Ransomware encrypts the victim's files, the YOUGOTHACKED Ransomware drops the following files on the victim's computer: YOUGOTHACKED.TXT and SECRETISHIDINGHEREINSIDE.KEY. The first of these files contains the ransom message, with instructions for the computer user on how to pay the ransom. The second of these files, highly encrypted using AES encryption, is likely to contain the decryption key. Apart from dropping these text files, the YOUGOTHACKED Ransomware will also change the Desktop wallpaper image and alter the victim's Web browser to ensure that the victim is exposed to the YOUGOTHACKED Ransomware's ransom message repeatedly.

How the YOUGOTHACKED Ransomware Demands Payment from Its Victims

To decrypt the files, the private key is necessary. This key is saved on remote servers controlled by the developers of the YOUGOTHACKED Ransomware. The YOUGOTHACKED Ransomware ransom message contains instructions on contacting its perpetrators through the anonymous BitMessenger application. It also includes information on payment, which is carried out in BitCoins. The following is an example of the ransom note used by the YOUGOTHACKED Ransomware:

All your files have been encrypted using our extremely strong private key. There is no way to recover them without our assistance.
If you want to get your files back, you must be ready to pay for them. If you are broke and poor, sorry, we cannot help you.
If you are ready to pay, then get in touch with us using a secure and anonymous p2p messenger. We have to use a messenger,
because standard emails get blocked quickly and if our email gets blocked your files will be lost forever.
Go to hxxp://, download and run Bitmessage. Click Your Identities tab > then click New > then click OK (this will generate your personal address, you need to do this just once). Then click Send tab. TO: BM-2cWJRWHSUdPqW66nRRV4BGTEVe1NKWPiZ3
SUBJECT: name of your PC or your IP address or both.
MESSAGE: Hi, I am ready to pay.
Click Send button. You are done. To get the fastest reply from us with all further instructions, please keep your Bitmessage running on the computer at all times, if possible, or as often as you can, because Bitmessage is a bit slow and it takes time to send and get messages. If you cooperate and follow the instructions, you will get all your files back intact and very, very soon. Thank you.

Note that the language of the file is riddled with unnatural syntax and grammar issues, making it likely that the people responsible for the YOUGOTHACKED Ransomware are not located in an English-speaking country. The message above is also contained in the image file and bogus error messages used by the YOUGOTHACKED Ransomware to push computer users into paying the ransom.


Most Viewed