Hceem Ransomware
The Hceem Ransomware is a file-locking Trojan that can keep you from opening media like documents or pictures. Its encryption attacks may not be curable without the threat actor's ransom-based help, and users should consider making backups of any files of importance to them. Update your anti-malware services for the best chance at detecting this threat and uninstalling the Hceem Ransomware preemptively and completely.
A Snatching Trojan is Back in Action
The file-locker Trojan family of the Snatch Ransomware (note: not the same as '.snatch File Extension' Ransomware, which runs in macOS environments) is progenerating a new member, although malware experts are unsure if it's in the wild, yet. The Hceem Ransomware, whose name and the corresponding extension are linguistically murky, is one of the few variants that have a place in this extremely minute sub-set of file-locking Trojans. Regrettably, size and data-locking efficiency don't correlate.
The Hceem Ransomware conducts attacks against file formats that include documents, pictures, music, movies, archives, and other content that Windows doesn't need for running. This encryption-based data conversion routine will stop the files from opening until after a decryptor restores them. The decryption requires a key that only the threat actors have available, theoretically.
While the Hceem Ransomware has a presence in threat-analysis database hubs, it doesn't seem that it's ready for a release against any victims. Its ransoming website returns an error instead of accepting the victim's login details. Malware researchers also, thankfully, see no evidence of the Hceem Ransomware's ransom method – a Bitcoin wallet – having made any profits.
One mildly notable change is that the Hceem Ransomware uses a very different TXT ransoming message from that of other versions of Snatch Ransomware. The text uses broken English but has a TOR website and e-mail-based support options for users who can't access the first site, which is a modest improvement in the threat actor's supporting infrastructure.
Taking Action against File Snatchers
With a campaign still, most likely, in an 'alpha' state, the Hceem Ransomware's possible installation exploits are theoretical questions for anyone with interest in cyber-security. Some file-locking Trojans target vulnerable servers with open ports, active RDP features or passwords that are brute-forcible. An alternate method of infection involves phishing lures and social engineering tactics that trick users into clicking unsafe e-mail attachments, such as fake invoices with embedded macros, or website-hosted Trojans pretending that they're updates for media platforms like Flash.
Victims without better options can contact members of the cyber-security industry for their assistance on exploring the decryption options for any files that the Hceem Ransomware blocks. However, many file-locker Trojans are secure against third-party decryptors, and, furthermore, can remove local backups. For the safety of your media, malware experts recommend storing your backups on other devices and letting your anti-malware products remove the Hceem Ransomware proactively.
Bitcoins are sent out into the world conveniently, but not get back into your hands so readily. Anyone paying the Hceem Ransomware is funding the development of more threats just like it, and may not even get the unlocker in return for their trouble.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.