Home Malware Programs Ransomware ‘Hairullah@inbox.lv’ Ransomware

‘Hairullah@inbox.lv’ Ransomware

Posted: October 12, 2015

Threat Metric

Threat Level: 10/10
Infected PCs: 49
First Seen: October 12, 2015
Last Seen: February 12, 2021
OS(es) Affected: Windows

The 'Hairullah@inbox.lv' Ransomware is a file encrypting Trojan, or threat that makes your files unreadable for the sake of holding them for ransom. Even though standard protocols for ransomware campaigns imply that victims may purchase a file decrypting service, malware experts advise holding onto any ransom funds and using file backup techniques to neuter the 'Hairullah@inbox.lv' Ransomware's payload. Removing the 'Hairullah@inbox.lv' Ransomware, similarly to all Trojans, should include the proper and timely use of reliable anti-malware programs and strategies.

A Hairy Situation for Your PC's Files

The 'Hairullah@inbox.lv' Ransomware is an increasingly common sub-variety of file encryptor that malware researchers have seen in 2015, a Trojan that includes file name changes in its attacks. Its primary payload includes scanning for files on your computer and encrypting them, a process that makes them unreadable by relevant programs until it's reversed. The encryption algorithm in use still is being investigated, as are the types of files vulnerable to the 'Hairullah@inbox.lv' Ransomware attacks. However, malware experts can verify the inclusion of Word 2007/2010 documents in the encryption routine. Equally likely file types include images such as PNG, MP3 music files and XLS spreadsheets.

Besides its encryption attack, the 'Hairullah@inbox.lv' Ransomware also appends an ID tag and its administrator's e-mail address to the names of the files. Victims are expected to contact the e-mail address for instructions on where and how to send ransom payments for a theoretical decryption tool or key. Most such payments make use of BitCoin and other, difficult to trace services, but with no promise of any return on the investment in the ransom fee.

The above details are highly similar to past threats of the same category, such as the 'Decipher@keemail.me' Ransomware. Such shared traits could indicate that different groups are using a common toolkit or code base for developing new variants of these file encryptors. By way of contrast, notably older variants of file encryptors than the 'Hairullah@inbox.lv' Ransomware refrained from inserting any contact information directly into the file names. Instead, they prefer to refer the victims to an included text file or desktop image.

Digging Your Files out of a Ransomware Campaign's Inbox

Files attacked by the 'Hairullah@inbox.lv' Ransomware may be unopenable, but can be restored easily from any unaffected file backups you might have on hand. Malware experts often recommend making use of online file storage or even removable devices for protecting your files from the 'Hairullah@inbox.lv' Ransomware and other file encryptors. In doing so, you can prevent the 'Hairullah@inbox.lv' Ransomware from having any long term effects on your PC without gambling on a ransom transaction.

Since the 'Hairullah@inbox.lv' Ransomware is threatening software and will not display any program entries or files for easy deletion, removing the 'Hairullah@inbox.lv' Ransomware never should be done without the full assistance of anti-malware products or trained PC support technicians. Although the 'Hairullah@inbox.lv' Ransomware has no observable self-distribution features, other threats may be used to install the 'Hairullah@inbox.lv' Ransomware or even reinstall it on previously compromised machines. PC users also should keep common infection vectors fully in mind while browsing the Web, since compromised advertisement networks and mislabeled file downloads are some of the top means by which threats like the 'Hairullah@inbox.lv' Ransomware may install themselves.

Loading...