Hucky Ransomware
Posted: October 26, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | October 26, 2016 |
|---|---|
| Last Seen: | February 6, 2020 |
| OS(es) Affected: | Windows |
The Hucky Ransomware is a Trojan that conducts file-encoding and extortion attacks in an attempted imitation of the '.locky File Extension' Ransomware. Although it's unrelated to that threat, the Hucky Ransomware does show many symptoms in common with it, including using encryption to block your files. PC owners, particularly those of Hungarian residence, should continue protecting their data with backups and anti-malware tools, the latter of which should uninstall the Hucky Ransomware.
The Sincerest Form of Flattery for Older Trojans
As much as pre-established families of Trojans dominate the current business models of illegal file encryption, some threats have just as much to benefit from claiming to be more closely related to old threats than they are, in reality. Some tactics among file encrypting Trojan campaigns use false claims of affiliation with extremely well-known, difficult-to-crack, or harmful Trojans. In cases like the Hucky Ransomware, the disguise even can extend to components of the attack such as the ransom message's format.
The Hucky Ransomware is a blatant attempt to imitate the '.locky File Extension' Ransomware, but has no code in common with that family and uses a different language (VisualBasic instead of C++). The Trojan encrypts a smaller list of files than the '.locky File Extension' Ransomware, although hundreds of separate formats are at risk, including new ones, such as content related to popular gaming software like Minecraft. After encrypting your files, the Hucky Ransomware adds the '.locky' extension to the end of each one.
This threat's payload also includes text and desktop image-based ransom messages, both of which limit themselves to Hungarian and use a slightly different method of demanding payment for decrypting your data. Malware experts also found the Hucky Ransomware being capable of conducting its attacks without network access to a C&C server and restarting the system automatically, most likely to remove evidence that could facilitate free decryption attempts.
Alleviating the Real Damages an Imitation Trojan can Cause
Although it bears many marks of being coded by a Hungarian threat actor for targeting victims of the same nationality, the Hucky Ransomware is likely to conceal its identity from most PC users unfamiliar with it. The extortion message shows only minor differences from those of the '.locky File Extension' Ransomware and all of its other symptoms are similar to those of that family, which is known for having multiple variations, displays. Since the Hucky Ransomware does take the usual step of implement AES encryption protected by a second layer of RSA encryption, free data decoding may be difficult or even impossible.
Since the Hucky Ransomware's payload includes loading a Word document to distract the PC's owner from its payload, malware experts endorse avoiding Hungary-based links to documents that you don't trust fully particularly. E-mail is the most popularly-used (but not sole) vector for infection. Average anti-malware products should be capable of protecting your PC from this threat or deleting the Hucky Ransomware, and backups can help you recover any data after disinfecting a successful attack.
Looks can be deceptive in any business industry, and that is just as applicable to the threat 'marketplace' as anywhere else. Threats like the Hucky Ransomware have everything to gain from claiming to be more famous than they are, and nothing to lose.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.