Home Malware Programs Ransomware 'ht2707@email.vccs.edu' Ransomware

'ht2707@email.vccs.edu' Ransomware

Posted: March 21, 2019

The 'ht2707@email.vccs.edu' Ransomware is a file-locking Trojan and a member of the Crysis Ransomware family's Dharma Ransomware sub-branch. The threat actors can introduce it to vulnerable systems through brute-forcing logins or e-mail, and use the program for locking media files such as documents. Ignore any ransoming demands from the threat, have your anti-malware solutions remove the 'ht2707@email.vccs.edu' Ransomware, and retrieve your files through their latest backup.

Education with Something Going on the Side

A threat actor is testing out a customized build of the Crysis Ransomware's Ransomware-as-a-Service business from what seems like a high-risk circumstance: while using Virginian college e-mail for his ransom-handling infrastructure. Other than this fact of note, which is extremely uncommon for file-locker Trojans due to the ease with which the account could shut down, the 'ht2707@email.vccs.edu' Ransomware is a typical entrant into its family. Users compromised by it run all of the usual risks, such as having their files locked without recourse for recovery, assuming they don't have backups.

The 'ht2707@email.vccs.edu' Ransomware's campaign doesn't seem ready for release into the public, for now, given that its executable is being named 'test.exe' without any certifications or other attempts at obfuscating its identity. However, as the byproduct of a Trojan-generating kit, its working features are running as intended and can use the AES encryption for blocking the media that it finds throughout a Windows PC, including documents, pictures, archives, spreadsheets and many more formats. Malware researchers, also, note that the 'ht2707@email.vccs.edu' Ransomware shares the same '.com' extension as its close relative, the 'trupm@protonmail.com' Ransomware, which carries the same problem of, potentially, confusing users with how it's labeling files.

The 'ht2707@email.vccs.edu' Ransomware's family uses two ransoming messages for selling the decryptor that restores the victims' files: a Notepad TXT and an advanced, Web page-based pop-up (or HTA). Since the 'ht2707@email.vccs.edu' Ransomware is using the standard template for both of these elements, its most significant inclusion is the college-bound e-mail address for negotiating. The victims should remember that this lends no additional authenticity or safety to any ransoming transactions, which may not give you the decryption service.

Taking Care While Ridding Yourself of Trojan Problems

One of the potential issues with the 'ht2707@email.vccs.edu' Ransomware is that unlike most members of the Crysis Ransomware (see, for contrast, the 'cryptor55@cock.li' Ransomware, the Heets Ransomware, or the Bizer Ransomware), it uses an extension that Windows, also, uses for some of its components. The victims should be cautious about deleting any content that fits the 'ht2707@email.vccs.edu' Ransomware's encryption profile without double-checking for the certainty that it's not a native part of any software. Since malware experts rate the free decryption chances of the 'ht2707@email.vccs.edu' Ransomware as being poor, having a backup could be one's only way of getting their documents and other media back to normal.

Server administrators should keep their logins secure, such as by using appropriately-strong passwords, for stopping a criminal from installing a file-locking Trojan manually. E-mail and torrents are two similarly-important infection vectors that are preventable by maintaining good security practices like scanning all downloads and disabling script-based features. A good anti-malware product should delete the 'ht2707@email.vccs.edu' Ransomware on sight since malware experts see extremely positive detection rates in the industry.

Since the administrator of the 'ht2707@email.vccs.edu' Ransomware's campaign is likely of being a student, it may be only a matter of time before this version of the Crysis Ransomware family has its ransoming channels closed. Sadly, that doesn't help unlock any files on an already-compromised Windows computer.

Loading...