Home Malware Programs Ransomware '.leenapidx@snakebite.com.hrhr File Extension' Ransomware

'.leenapidx@snakebite.com.hrhr File Extension' Ransomware

Posted: February 28, 2018

The '.leenapidx@snakebite.com.hrhr File Extension' Ransomware is a file-locking Trojan and a possible variant of the Yyto Ransomware. An alternative name that may be used to describe this file-locker is ‘HrHr Ransomware.’ The Trojan generates a 'client' ID for the victim, blocks their files with an encryption routine, and creates a ransom note demanding that they pay for a decryption solution. These attacks never should be rewarded by paying the ransom, and malware experts advise having backups and anti-malware tools for preserving your media and deleting the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware, respectively.

The Program's Bite that Poisons Your Files

A Trojan campaign is just initializing with the evident intent of locking files in exchange for money, although the currency of the ransom remains theoretical. The Trojan's admins are supporting their threat, the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware, with a customized, anonymous website infrastructure, and offering free samples of their unlocking solution for any victims. Malware analysts have yet to receive any word on how the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware is in circulation, although e-mail and brute force infection vectors are particularly likely.

The '.leenapidx@snakebite.com.hrhr File Extension' Ransomware uses an encryption method that may include any of several algorithms, such as AES, RSA, or XOR, for enciphering the documents, pictures, and other media on the infected PC. Samples of threats similar to the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware particularly also imply that this Trojan is concealing its executable as Svchost, which is a default component of the Windows OS. When it completes its file-locking routine, the Trojan adds a string to the names of these files for displaying both an e-mail address and the '.hrhr' extension.

Unusually, the contact method that the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware delivers via that feature doesn't match the one in its separate ransom message, which uses a TOR-protected address. Other details malware experts are noting in this 'help.txt' file include a limited demonstration of the unlocking software and a link to a TOR website for further ransom-related activities.

Curing a Media-Killing Toxin

Although the decryption solution for the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware may be real, paying doesn't force them to give the victims any access to it necessarily. Malware researchers recommend attempting free solutions for unlocking your files beforehand, which include free-to-download decryptors and restoring from your last backup. File-locker Trojans habitually delete Shadow Copies that Windows uses for default, file-recovering purposes, although the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware isn't verifiable as having that function, for now.

Some of the archetypal infection strategies in vogue with threats of this category include:

  • E-mail attachments often include macros and related exploits that can install Trojans with little or no consent.
  • Networks with unsafe password management are vulnerable to brute-force utilities that 'guess' login combinations, which provides a threat actor with manual access.
  • A File-sharing network may distribute the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware with a disguise, such as being a crack for games like Minecraft or Call of Duty.
  • Websites with unsafe content can deliver drive-by-download attacks for infecting your PC through various exploits, many of which are preventable by installing appropriate security patches.

Most anti-malware software includes different means of detecting file-locking Trojans like the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware and preventing their attacks from damaging your data without your consent. Due to this Trojan's likelihood of pretending to be a part of Windows, deleting the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware should use automated anti-malware equipment whenever you disinfect your computer.

Although the right security tools can disinfect a PC, unlocking an encrypted file is more arduous than that, and sometimes an impossibility. Dodging a bite from the '.leenapidx@snakebite.com.hrhr File Extension' Ransomware is the best-case scenario for any PC users who want to keep their files healthy.

Loading...