Ahihi Ransomware
The Ahihi Ransomware is a file-locking Trojan that reuses most of the code of Hidden Tear, a freeware demonstration of encryption software. This threat blocks your media by encrypting the files without any name changes and discards the decryption information if it can't contact its C&C server. For your data's safety, you should schedule regular backups on other devices and have your anti-malware products remove the Ahihi Ransomware once they detect it.
A Trojan that Cares Little for Its Profits
Threat actors often, build file-locker Trojans with various degrees of dependency on network communications with another server. This contact can range from e-mailing a code to the criminal or, much more rarely, even uploading entire files. Many of them also include different encryption methods for compensating for the absence or presence of a Command & Control server, but the Ahihi Ransomware implements this feature in the most damaging way possible.
The Ahihi Ransomware is, otherwise, a vanilla update of Hidden Tear, a file-locker Trojan that includes many variants that malware experts looked at previously, such as the OPdailyallowance Ransomware, the FORMA Ransomware, the Comrade HT Ransomware and the Ordinal Ransomware branch. It blocks each media file, such as Word documents or JPG pictures, with AES-based encryption. Unlike most other variants, it doesn't change the filename, such as by adding another extension. The user only identifies the encoding of any files by their not opening in the associated program.
Depending on whether it contacts its C&C or not, the Ahihi Ransomware drops one of two ransom notes (both of which are Notepad readme files). The first of these messages gives traditional ransoming instructions and a link to the author's website for buying an unlocker. The second one, however, which appears in the event of no network contact, informs the reader that their files are no longer recoverable.
Vietnam's Hidden Tear is Out of Hiding
While the Ahihi Ransomware is functional and may be in deployment, malware experts can't confirm any live exploits for delivering it to any victims. Hidden Tear software is compatible with most Windows OSes, and the Ahihi Ransomware is using Vietnamese-based text as part of its executable's disguise. Users may wish to monitor any e-mail attachments, download resources, and websites appealing to Vietnamese users for a potential attack.
The media formats that Hidden Tear blocks are frequently, but not universally, decryptable by free-to-download tools. Users requiring help should contact a PC security researcher with experience versus cryptographic-based threats like file-locking Trojans. Backing up work before an infection is, however, always a preferable solution, especially in the probable scenario of the Ahihi Ransomware's locking anything permanently. Most strong anti-malware products should uninstall the Ahihi Ransomware, as well as block its earlier installation efforts.
It's unusual that the Ahihi Ransomware's authors are content with discarding any ransoms that they might collect from users with secure or unstable network connectivity. This strange business model does serve one valuable purpose: reminding everyone that encrypted data restoration is far easier said than done.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.