HELLO Ransomware
Posted: August 10, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 90 |
| First Seen: | August 10, 2017 |
|---|---|
| Last Seen: | December 9, 2019 |
| OS(es) Affected: | Windows |
The HELLO Ransomware is a Trojan that can block your files with an encryption routine that enciphers their internal data. In the course of its attacks, this Trojan also may change the names of your files or generate messages asking you for Bitcoins to achieve data recovery. While victims may test any free decryption solutions available, malware experts warn that only having non-encoded backups can give your files complete protection from these attacks. Anti-malware products also may protect the PC by halting and removing the HELLO Ransomware at its installation phase.
A Quick Hello and Goodbye to Your Files
Threat actors trying to get ransoms from the people they attack often are quick to make demands to limit the victim's time for consideration or ability to explore the alternatives. Although time-based limiters are commonplace with file-encrypting threats, with the new the HELLO Ransomware, malware experts note ransom prerequisites that are strict unusually, even by the values of other Trojans. The people administering the HELLO Ransomware campaign currently ask for full payment within a maximum of one day before they delete the key to recovering your files, permanently.
The HELLO Ransomware shows no symptoms while running its primary function of encrypting files on the infected PC. This feature searches file directories for media like images, documents, or archives, and locks them with a cipher-based encoding process. You can identify these blocked files by their newly-appended '.HELLO' extensions, which, traditionally, the Trojan places after any previous ones (such as 'document.doc.HELLO').
The Trojan does create visible symptoms after finishing the above, file-locking procedure: creating ransom messages that it can deliver through a Notepad text or other methods, such as pop-up windows and modified desktop wallpapers. Although malware analysts have seen the same ransom notes in other Trojan infections, the HELLO Ransomware's fee and Bitcoin wallet address appear to be new values for this campaign. The HELLO Ransomware also imposes the exceptional restriction of twelve hours before the cost doubles, and twenty-four before the threat actor deletes his copy of the decryption key.
Saying Goodbye to Trojans in a Day's Time
Threat actors like the HELLO Ransomware's administrators use social engineering tactics, such as imposing timers, to keep those whom they attack from responding rationally. Besides forcing you to decide to pay or not within a matter of hours, the HELLO Ransomware also uses the con artist-favored standard of a crypto currency that sidesteps most traditional refund and financial protection laws for the individual transferring the money. Malware experts always recommend not paying ransoms if at all possible since con artists have little reason to provide their file-unlocking help afterward.
While malware experts can't yet confirm any threats related to the HELLO Ransomware, some security brands are identifying it as being a possible variant of the Xorist Ransomware family. The vectors for infection seem to be using spam email campaigns, which can disguise themselves as being invoices, delivery notifications or internal office communications. To delete the HELLO Ransomware and similar threats before they damage any files, always scan incoming attachments and other, unusual downloads before opening them. Most anti-malware programs also may remove the HELLO Ransomware after its installation even though they can't decode any encrypted media.
In Trojan operations, one man's panic is another man's profit. Even when your time is counting down towards the deletion of all your digital belongings, keeping a level head can help anyone save their work from a new threat that's saying 'hello' to their files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.