Hhjk Ransomware
There is a new ransomware that has been recently spotted by researchers. It is called simply the Hhjk ransomware and analysis shows it belongs to the Djvu family of ransomware types.
Once the ransomware executes on an infected system, it will run its encryption process. Encrypted files retain their original filenames, but their extensions are appended with ".hhjk". In this way, if a file was originally called "picture.jpg", it will turn into "picture.jpg.hhjk" once it has been encrypted.
The ransom note dropped by the Hhjk ransomware is stored inside a file called "_readme.txt". The hackers operating the malware ask for payment amounting to nearly a thousand US dollars, promising to restore files for half that amount, if they are contacted within the first 72 hours following encryption. Of course, believing the promises of cybercriminals is never a good idea.
The decryption of a single file is offered as proof that the threat actor really has a decryption tool and can restore the files on the victim's system.
The full ransom note text goes as follows:
ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-PRDjRCeB3y
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
manager at time2mail dot ch
Reserve e-mail address to contact us:
supportsys at airmail dot cc
Your personal ID:
There is currently no known freely available decryption tool for the Hhjk ransomware.