Html Ransomware

The Html Ransomware is a file-locking Trojan that can encrypt your media, change their extensions, and create pop-ups and text messages asking for Bitcoins for unlocking your files. The Html Ransomware belongs to a family that can wipe some formats of backups and creates fake UI elements for distracting victims, such as an anti-virus scanner or security software installation prompts. You should let your anti-malware services remove the Html Ransomware when they find it and preserve non-local backups as a standard precaution.

A 'Web Page' that Just Wants to Get Paid

The reasoning behind criminals' choosing one brand-name or another for a Trojan attack isn't always transparent, and confusion may arise either intentionally or by coincidence. Although some threat actors use names disingenuously, such as by pretending that their threatening software has the endorsement of Adobe or Microsoft, others, seemingly, choose the names of their works at random. The Html Ransomware seems like the latter case, even though it's part of the long-lived tradition of Ransomware-as-a-Service.

The Html Ransomware is a recently-collected sample of the Dharma Ransomware, which is, itself, just a branch, albeit the dominant one, of the Crysis Ransomware's family. Threat actors renting its toolkit for creating Trojans for themselves have been targeting the public at large with its encryption-based payload for years, with Windows users and weakly-secured business servers being the most typical victims. The attacks that the Html Ransomware leverages on behalf of this RaaS business include AES and RSA encryption for blocking files, deleting the Shadow Volume Copy backups, and creating ransom-soliciting pop-up alerts.

In the above respects, the Html Ransomware is no different from relatives like the Zoh Ransomware, the LDPR Ransomware, the qbx Ransomware or the Aa1 Ransomware. It is, however, different from most of its familial members in at least one way: using a preexisting extension for flagging files. The act of appending new extensions onto an encrypted file's filename is a tradition among file-locker Trojans, but the Html Ransomware is rare for choosing one that already exists and refers to the 'hyper text markup language' Web page format.

Programs such as browsers that associate themselves with HTML files, by default, may try to open the locked content. However, since the internal data's encryption remains intact, it doesn't bring the victims any closer to reattaining their lost work.

Ridding Your Computer of the Wrong Web Page

The Html Ransomware bears the most resemblance to another Dharma variation by the name of '.com File Extension' Ransomware, which pretends that it's an update for hiding from PC users that read the executable's filename. Fake updates are only one of several ways that file-locker Trojans proliferate, with others including brute-force attacks against login credentials, exploiting open RDP settings or using exploits like EternalBlue. In rarer cases, malware experts also see threats of this type using torrents by pretending that they're cracks for games.

The Html Ransomware can remove the data that Windows uses as the backbone of its Restore Points, which are the only restoration method that unprepared users can depend on for getting their files back for free. Because of this recurring issue, PC users should back their work up to other devices and avoid sharing removable drives or using the shared login credentials for cloud services. Anti-malware products from most vendors are, however, finding and removing the Html Ransomware at very high rates.

The real 'HTML' is part of the foundation of the worldwide Web and a massive monument in computer technology's history. Ransomware-as-a-Service Trojans like the Html Ransomware don't loom nearly so large but can be just big enough to bully Bitcoins out of the weak and ill-prepared.