Hgjzitlxe Ransomware Targets Businesses

During our analysis of malware samples, we discovered Hgjzitlxe, a type of ransomware associated with the Snatch family. Our investigation revealed that Hgjzitlxe encrypts files and adds its own extension (".hgjzitlxe") to the original filenames. To further intimidate victims, it creates a ransom note called "HOW TO RESTORE YOUR HGJZITLXE FILES.TXT".

As an example of its file modification behavior, Hgjzitlxe replaces "1.jpg" with "1.jpg.hgjzitlxe", and "2.png" with "2.png.hgjzitlxe", and so on.

The ransom note informs victims that their network has undergone a penetration test, leading to the encryption of their files. The attackers claim to have downloaded over 100GB of data, including personal information, marketing data, confidential documents, accounting records, SQL databases, and copies of email archives.

Victims are strongly discouraged from attempting to decrypt the files themselves or using third-party tools, as the note emphasizes that only their specific decryptor can effectively restore the files. To prevent potential deception by intermediaries, the note advises direct communication with the threat actors.

To gather evidence, explore potential solutions, and request the decryptor, victims are instructed to contact the cybercriminals through the provided email addresses: candice.wood@post.cz or candice.wood@swisscows.email. An alternative method of communication is suggested via Tox chat.

The ransom note concludes with a warning that if no response is received within three days, the cybercriminals will make the encrypted files public.

Hgjzitlxe Ransom Note Indicates Hackers Target Businesses

The full text of the ransom note reads as follows:

THE ENTIRE NETWORK IS ENCRYPTED YOUR BUSINESS IS LOSING MONEY!

Dear Management! We inform you that your network has undergone a penetration test, during which we encrypted
your files and downloaded more than 100GB of your data

Personal data
Marketing data
Confidentional documents
Accounting
SQL Databases
Copy of some mailboxes

Important! Do not try to decrypt the files yourself or using third-party utilities.
The only program that can decrypt them is our decryptor, which you can request from the contacts below.
Any other program will only damage files in such a way that it will be impossible to restore them.
Write to us directly, without resorting to intermediaries, they will deceive you.

You can get all the necessary evidence, discuss with us possible solutions to this problem and request a decryptor
by using the contacts below.
Please be advised that if we don't receive a response from you within 3 days, we reserve the right to publish files to the public.

Contact us:
candice.wood@post.cz or candice.wood@swisscows.email

Additional ways to communicate in tox chat
tox id:
(alphanumeric string)

How Can Ransomware Like Hgjzitlxe Infiltrate Your System?

Ransomware like Hgjzitlxe can infiltrate your system through various methods. Here are some common ways in which ransomware can find its way into your system:

  • Phishing Emails: One of the most prevalent methods is through phishing emails. You may receive an email that appears to be legitimate, but it contains a malicious attachment or a link that, when clicked, downloads the ransomware onto your system.
  • Malicious Downloads: Ransomware can also be downloaded unknowingly when you visit compromised websites or click on malicious advertisements. These downloads may be disguised as legitimate software or files, tricking you into executing them and infecting your system.
  • Exploiting Vulnerabilities: Ransomware can exploit vulnerabilities in your operating system, software, or applications. Cybercriminals actively search for security weaknesses that they can exploit to gain unauthorized access and deploy ransomware onto your system.
  • Malicious Websites and Malvertising: Visiting compromised or malicious websites can lead to the automatic download and installation of ransomware without your knowledge. Similarly, malvertising (malicious advertising) can deliver ransomware by embedding it in online ads.
  • Remote Desktop Protocol (RDP) Attacks: If you have Remote Desktop Protocol enabled and poorly configured, attackers can exploit weak or default credentials to gain remote access to your system and deploy ransomware.
  • Drive-by Downloads: Ransomware can be silently downloaded and installed when you visit compromised websites that have been injected with malicious code. This happens without any user interaction or knowledge.
  • Exploiting Network Vulnerabilities: Ransomware can spread within a network by exploiting vulnerabilities in network protocols or unpatched systems. Once inside a network, it can rapidly propagate and infect other devices.
By Zaib
July 7, 2023
Ransomware
English
July 7, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

N3TW0RM Ransomware Targets Israeli Businesses

A new ransomware family is being used to carry attacks against vulnerable systems. The threat, dubbed N3TW0RM Ransomware, has so far been used exclusively against Israel-based companies and users. The malicious... Read more

May 4, 2021
Ransomware

Yanluowang Ransomware, new Gang Targets Businesses

Cybersecurity experts have identified a new ransomware gang, which appears to go under the name Yanluowang. Their product, the so-called Yanluowang Ransomware, is being deployed through a multi-stage attack process.... Read more

October 21, 2021
Ransomware

RURansom Ransomware Targets Russian Users

Ukrainian cyber activists appear to have a released a file-encryption Trojan called RURansom Ransomware. According to the ransom message it uses, the malware was created in response to Russia's invasion of Ukraine.... Read more

March 11, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.