HC6 Ransomware
Posted: November 30, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 79 |
| First Seen: | March 1, 2022 |
|---|---|
| Last Seen: | March 1, 2022 |
| OS(es) Affected: | Windows |
The HC6 Ransomware is a Python Trojan that locks your files by encoding them with an AES cipher and, then, protecting that encryption method with the SHA-256. This Trojan's threat actor is deploying it against business-based networks so that he can collect a ransom for the decryption solution. While this Trojan isn't secure and is decryptable by other methods, malware experts also suggest having isolated backups and proactive anti-malware programs to keep your files safe and delete the HC6 Ransomware when required.
A File Problem as Big as Your Home Network
The data kind that Trojans choose for their victims often give blueprints of their overall campaign's plan for monetizing their attacks, but not all threatening software is highly discriminating. The HC6 Ransomware represents one of the most 'inclusive' of file-locking threats and may act against numerous types of digital media on multiple PCs after installing itself a single time. For the moment, malware experts are rating business sector networks as being at the most risk through means such as e-mail spam and brute-force attacks.
After compromising a PC that's compatible with the Python software, the HC6 Ransomware searches all folders and directories for nearly three hundred data types that it can 'lock' with encryption. The formats at risk include specialized, workplace-oriented databases, as well as different forms of archives, spreadsheets, sound clips, software-specific backups and movies.
For its encryption purposes, the Trojan uses a simple, AES-256 in CBC mode cipher that it secures with the SHA-256, instead of the more often used AES-RSA combination. It also adds '.fucku' extensions to the names of the disabled content, which is a symptom that the HC6 Ransomware shares with the unrelated Fucku Ransomware (which is a variant of Samas or SamSam Ransomware).
Note that this file-scanning behavior also accesses other PCs that the Trojan is capable of reaching over a local network connection, including both mapped and non-mapped drives. Consequently, one HC6 Ransomware attack can disable the media of an entire network that consists of multiple Windows machines.
Getting Bargains with Trojan File Excavation
Most threat actors include secure enciphering techniques like the RSA algorithms for good reasons: with a weak alternative, like the HC6 Ransomware's AES and SHA-256 combination, third parties are free to break the encryption method with little to no difficulty. Victims who have no unharmed backups for retrieving their files can use free a decryption software already available in the cybersecurity community specific to the HC6 Ransomware. Although the HC6 Ransomware does drop Notepad messages demanding money (in the form of 2500 USD via Bitcoins) for decryption services, informed PC users have no reason to pay this ransom with the Trojan's current build.
Cybercrooks are deploying the HC6 Ransomware against business entities for cryptocurrency profits actively, although malware experts are awaiting additional evidence of the infection strategies in use. Web-browsing exploits sometimes are implemented for attacking targets of this type, but, most often, e-mail attachments or improperly weak network logins are the ultimate causes of a file-locking Trojan's installation. Many anti-malware programs are deleting the HC6 Ransomware accurately and also should identify and block most of the exploits that threat actors could use in its install routine, such as Word macros.
The HC6 Ransomware attacks an outrageously wide range of formats of content, along with not limiting itself to just the one system that it infects. A single misstep in minding your Web-browsing behavior can turn into multiple PCs' worth of file damage; at least, for users who don't back up their work.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.