Hex911 Ransomware
The Hex911 Ransomware is a file-locking Trojan that keeps various files, mainly, digital media, from opening. It may add different extensions onto their filenames as indicators of their hostage status, and solicits expensive Bitcoin payments for its unlocking help. Users should let their anti-malware products contain or delete the Hex911 Ransomware on sight and review their backup strategies for weaknesses against encryption attacks.
Trojans Casting Hexes on Your Server's Data
A new file-locking Trojan with at least two variants is in the wild attacking presumably-enterprise-grade victims. , a possible product of the Xorist Ransomware Trojan-building kit, is a Windows threat. The Hex911 Ransomware disguises and ransoms suggest that it's taking over entire servers and internal networks, instead of going after individuals merely. Despite its preferences, Windows users on any modern version of the OS are at risk from the Hex911 Ransomware, its encryptio and the costly 'solution' that it proffers.
Although malware experts have yet to examine the Hex911 Ransomware's encryption method, it blocks files using the traditional attack of encrypting each file's internal data, securing it with a key, and appending extensions onto otherwise-unaltered filenames. Besides the 'hex911' extension, from which the Hex911 Ransomware takes its name, malware experts also find some variants using 'bot' extensions – which imply, possibly falsely, the existence of a botnet-style C&C infrastructure.
The Hex911 Ransomware creates both text files and, unusually, dialog boxes or message boxes for its ransoming demands. These alerts ask for over one thousand USD in Bitcoins for their file-unlocking help and offer an upfront wallet address with a four-day deadline before the cost increases. The pop-up feature isn't the usual format for a Ransomware-as-a-Service but doesn't alter the fundamentals of the ransoming deal. At this time, malware experts, thankfully, see no victims paying into the criminals' wallet.
Shaking Off Bad Magic without Incurring a Price
Usually, the ransoms of random PC users are within several hundred dollars ranges – or, at least, under one thousand. In the Hex911 Ransomware's case, its campaign's decryption costs suggest that the Trojan is propagating with attacks against businesses that could pay semi-high fees. Malware researchers further confirm this possibility through the Hex911 Ransomware's filenames. The first hides the Trojan's processes as a fake database component, and a second one uses the business-friendly disguise of a 'document instructions' file for the infiltration.
Users of any workplace environment should have regularly-updated backups on other devices for recovering from attacks of this nature, whether or not a decryption solution is possible or available. More preventatively, victims can defend themselves in multiple ways before the infection occurs. They can monitor e-mails for phishing exploits like corrupted attachments, install server software updates, disable RDP and use high-strength passwords.
Most good Windows anti-malware programs also will delete the Hex911 Ransomware, with many vendors flagging the Trojan as a possible variant of the Xorist Ransomware.
A thousand and a half dollar fee isn't anything that most businesses can laugh at, but the Hex911 Ransomware wouldn't set such an expectation without reasonable belief in getting its payment. Companies that take Internet communications on work machines for granted are begging to be taken advantage of effectively, with a high cost, to boot.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.