'hnumkhotep@india.com' Ransomware
Posted: January 6, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 19 |
First Seen: | January 6, 2017 |
---|---|
Last Seen: | March 6, 2020 |
OS(es) Affected: | Windows |
The 'hnumkhotep@india.com' Ransomware is a variant of the Globe Ransomware, which can search for files according to their formats and locations and lock them with a cipher. Since decryption services may or may not be available, creating and updating backups on servers or drives not available to this threat can give victims a reliable recovery method. Any anti-malware program effective against most releases of the Globe Ransomware previously also should be able to delete the 'hnumkhotep@india.com' Ransomware without issue.
An Unwanted Bit of Egypt in Your Files
The Globe Ransomware family continues expanding itself with new Trojans in observation early January. The 'hnumkhotep@india.com' Ransomware is the latest variant of this origin, to date, and still tries to encrypt your files to block them for the sake of extorting money. Interested readers may note that while the 'hnumkhotep@india.com' Ransomware uses a contact address with Egyptian linguistics, 'Hnumkhotep' is not the name of any living or deceased person or historical figure. The name may either be a simple typo or a result of its closest legitimate match, 'Khnumhotep,' no longer being an available address.
The 'hnumkhotep@india.com' Ransomware may self-terminate when it detects a threat analysis-related environment, such as a virtual machine. If it doesn't, it scans the PC for any files in its encryption whitelist, which, by default, includes hundreds of different extensions. Along with using a Blowfish-based cipher for locking them, it also inserts an additional 'hnumkhotep@india.com.hnumkhotep' extension onto each filename. Victims can, in theory, contact the threat actors at that e-mail address to get their help with decrypting the encrypted content, most likely at a premium.
Malware experts have yet to analyze all available components of the 'hnumkhotep@india.com' Ransomware. However, additional symptoms also are likely of including non-consensual changes to your desktop wallpaper and the presence of Web page-based pop-ups, both of which may deliver the Trojan's ransoming demands.
Keeping Your Files from Being Condemned to Entombment
The 'hnumkhotep@india.com' Ransomware predominantly is a testament to threat actors' continuing benefit from widely-available code resources that can be found for free or on a premium basis on the dark Web. While malware experts currently are searching for evidence of the 'hnumkhotep@india.com' Ransomware's installation strategy, con artists are most likely to install it through spam e-mails or by bundling the Trojan with illicit downloads (such as cracks or pirated software). All symptoms are only determinable after the 'hnumkhotep@india.com' Ransomware has had the chance to damage your files, which is not necessarily reversible.
The 'hnumkhotep@india.com' Ransomware also may delete SVC data or disable the Startup Repair feature, which makes it especially essential to save backups of valuable files on removable devices or servers that the Trojan can't encrypt. While paying for the 'hnumkhotep@india.com' Ransomware's 'official' decryption service is one possibility, malware experts recommend using a free Globe Ransomware-based decryption solutions beforehand, if you have no other options. As usual, when active, most anti-malware products should detect and remove the 'hnumkhotep@india.com' Ransomware before its payload can cause any damage.
As the Globe Ransomware continues living up to its name as a global problem, all Windows users with data worth saving should consider the consequences of not protecting themselves from emerging threats like the 'hnumkhotep@india.com' Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.