HCK Ransomware

The HCK Ransomware is a file-locking Trojan that comes from Dharma Ransomware's Ransomware-as-a-Service family. Users without backups are at risk of having their files placed under an encryption-placed blockade that permanently prevents their opening. Anti-malware utilities may block most delivery methods for this Trojan or remove the HCK Ransomware automatically as soon as it appears.

More to Come from a Leader of File Waylayers

Ransomware-as-a-Services are, foremost, businesses that evolve only as circumstantial demands require it of them to ensure profits. Families like the STOP Ransomware or its closest competitor by the numbers, the Dharma Ransomware (an offshoot of Crysis Ransomware's kit) offer an endless variety of themes for all-too-familiar attacks. The HCK Ransomware is in keeping with that tradition, although it's scarcely safer for any careless Windows users than the earliest variants of the Dharma Ransomware RaaS.

The HCK Ransomware's family is a long-lived one, by RaaS standards, with numerous variations and minor build differences evident in campaigns like the Darknes@420blaze.it Ransomware, the Heets Ransomware, the FREDD Ransomware or the Php Ransomware. The HCK Ransomware variant is a recent model from early June and stands apart from its relatives with little more than the extension that it appends to blocked files, along with custom e-mails and IDs. As usual, the blocking feature leverages a secured form of AES encryption. This attack keeps the user's data – whether it's a picture, document, or one of the many other digital media formats – from opening, as a hostage for the ransom demands.

The ransom messages of the HCK Ransomware's family are, usually, straightforward, and consist of TXT files and HTA ones, in most cases. The campaign gives almost no information besides the address for negotiating with the criminal and paying a ransom. Other techniques that the HCK Ransomware expresses as common exploits of its family include using fake Windows OS filenames, abusing command-line utilities in the LOLbin style, and destroying any Restore Point backups.

Being the Hiccup in a Streamlined Trojan Money Maker

Windows users all are at risk from an HCK Ransomware infection, which can turn Word or PDF documents, JPG, BMP, or GIF pictures, MP3s or MP4s, and vast amounts of other files into worthless, uninterpretable data. However, system administrators should be especially cautious about the infection exploits that malware experts see in such attacks regularly: crafted e-mail phishing lures and dictionary or brute-force attacks that compromise login credentials. Users also should be careful around unusual downloads, such as unofficial software updates and torrents.

Backup preparedness is the number one defense against file-locking Trojan attacks, which require access to all the files that they plan on holding as hostages. Malware experts are finding the HCK Ransomware's encryption secure as those of its forebears equally, and victims should place their hopes on prevention-based backup preservation and not decryption opportunities.

Generally, Ransomware-as-a-Service groups put minimal work into obfuscation, viewing it as a waste of resources (with some notable exceptions, such as the Thanos Ransomware). The HCK Ransomware doesn't change this dynamic, and most anti-malware programs will flag and remove the HCK Ransomware, as per current samples, easily.

The HCK Ransomware changes up its extension and one of its filenames, but most of its characteristics are typical for a Dharma Ransomware variant entirely. Still, Windows users should remain vigilant. The cost of laxness is measurable in both ransomed Bitcoins and potentially irreplaceable files.