YOUGOTHACKED Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 17 |
| First Seen: | April 25, 2016 |
| Last Seen: | June 16, 2022 |
| OS(es) Affected: | Windows |
The YOUGOTHACKED Ransomware is a ransomware Trojan that creates files on the victim's computer with the '.h3ll' extension. The YOUGOTHACKED Ransomware takes the victim's files hostage by encrypting these files and demanding the payment of a ransom. Malware analysts have noted that the YOUGOTHACKED Ransomware will encrypt the first 64-KB portion of the victim's files using a strong encryption algorithm. The YOUGOTHACKED Ransomware then encodes the decryption key and saves it in a file with the '.key' extension. Paying the YOUGOTHACKED Ransomware ransom is not a recommended move.
How the YOUGOTHACKED Ransomware may Enter a Computer
The YOUGOTHACKED Ransomware may be distributed using corrupted Microsoft Office files that exploit macro vulnerabilities in the Microsoft Office The YOUGOTHACKED Ransomware also may be distributed using compromised PDF files or embedded in other downloads that may be distributed using spam email message attachments. Once the YOUGOTHACKED Ransomware enters a computer, it creates a temporary file on the victim's computer. Once the YOUGOTHACKED Ransomware has been installed, it scans the victim's hard drive and attempts to encrypt all files it finds, specifically targeting documents, media files, images, and other potentially important content.
Once a file has been compromised by the YOUGOTHACKED Ransomware, it cannot be opened by the victim or decrypted without the decryption key. After the YOUGOTHACKED Ransomware encrypts the victim's files, the YOUGOTHACKED Ransomware drops the following files on the victim's computer: YOUGOTHACKED.TXT and SECRETISHIDINGHEREINSIDE.KEY. The first of these files contains the ransom message, with instructions for the computer user on how to pay the ransom. The second of these files, highly encrypted using AES encryption, is likely to contain the decryption key. Apart from dropping these text files, the YOUGOTHACKED Ransomware will also change the Desktop wallpaper image and alter the victim's Web browser to ensure that the victim is exposed to the YOUGOTHACKED Ransomware's ransom message repeatedly.
How the YOUGOTHACKED Ransomware Demands Payment from Its Victims
To decrypt the files, the private key is necessary. This key is saved on remote servers controlled by the developers of the YOUGOTHACKED Ransomware. The YOUGOTHACKED Ransomware ransom message contains instructions on contacting its perpetrators through the anonymous BitMessenger application. It also includes information on payment, which is carried out in BitCoins. The following is an example of the ransom note used by the YOUGOTHACKED Ransomware:
Hello.
All your files have been encrypted using our extremely strong private key. There is no way to recover them without our assistance.
If you want to get your files back, you must be ready to pay for them. If you are broke and poor, sorry, we cannot help you.
If you are ready to pay, then get in touch with us using a secure and anonymous p2p messenger. We have to use a messenger,
because standard emails get blocked quickly and if our email gets blocked your files will be lost forever.
Go to hxxp://bitmessage.org/, download and run Bitmessage. Click Your Identities tab > then click New > then click OK (this will generate your personal address, you need to do this just once). Then click Send tab. TO: BM-2cWJRWHSUdPqW66nRRV4BGTEVe1NKWPiZ3
SUBJECT: name of your PC or your IP address or both.
MESSAGE: Hi, I am ready to pay.
Click Send button. You are done. To get the fastest reply from us with all further instructions, please keep your Bitmessage running on the computer at all times, if possible, or as often as you can, because Bitmessage is a bit slow and it takes time to send and get messages. If you cooperate and follow the instructions, you will get all your files back intact and very, very soon. Thank you.
Note that the language of the file is riddled with unnatural syntax and grammar issues, making it likely that the people responsible for the YOUGOTHACKED Ransomware are not located in an English-speaking country. The message above is also contained in the image file and bogus error messages used by the YOUGOTHACKED Ransomware to push computer users into paying the ransom.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.