Hjutm Ransomware Displays Ransom Note Written in Russian

Hjutm is a type of ransomware from the Xorist family, and it was discovered during an analysis of malicious file samples. Hjutm is specifically designed to encrypt files, alter their filenames by adding the ".hjutm" extension, present an error message window, and create a file named "КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt" that contains a ransom note.

Hjutm changes the names of files using this pattern: for example, "1.jpg" becomes "1.jpg.hjutm," "2.png" turns into "2.png.hjutm," and so on.

In the ransom note, written in Russian, victims are told that their files have been encrypted and will only be decrypted upon payment. The note instructs victims to contact the perpetrators via the email address msy85689@rambler.ru and emphasizes the urgency of the situation by requiring a response on the same day.

Furthermore, the note warns that failing to comply with the demands will result in the permanent deletion of the decryption keys. It also explains that a specialist will be responsible for unlocking the files, using either AnyDesk or RDP, both of which are remote desktop access tools. The specified ransom amount is 5,500 rubles.

The note also mentions that the ransomers have sent emails to victims from the address goldenapple120pere@gmail.com. It is important to note that victims who do not have the Russian language installed on their computers will encounter scrambled, unintelligible text when viewing the ransom note.

Hjutm Ransom Note Comes in Russian

The full text of the Hjutm ransom note reads as follows:

Ваши файлы были зашифрованны. Для того что бы расшифровать свои файлы, Вам необходимо написать нам, на адрес почты, который указан ниже.

msy85689@rambler.ru

Ждем ответа сегодня, если не получим ответа, удаляем ключи расшифровки Ваших файлов.

Расшифровка файлов производиться нашим специалистом через AnyDesk или RDP

Расшифровка файлов будет стоить 5500 руб.
В письме укажите цену.

Мы Вам написали:
goldenapple120pere@gmail.com

How Can You Safeguard Your Files from Ransomware Like Hjutm?

Protecting your files from ransomware like Hjutm involves a combination of proactive measures and best practices to minimize the risk of infection and data loss. Here are some steps you can take to safeguard your files:

Regular Backups:
Maintain up-to-date backups of your important files on external devices or cloud storage.
Ensure your backups are stored offline or in a location not directly accessible from your network to prevent ransomware from infecting them.

Use Reliable Security Software:
Install reputable antivirus and anti-malware software and keep it up to date.
Enable real-time scanning to detect and block ransomware before it can encrypt your files.

Keep Your Operating System and Software Updated:
Regularly update your operating system and software applications to patch vulnerabilities that ransomware can exploit.

Use Strong, Unique Passwords:
Utilize strong, unique passwords for all your online accounts, especially those related to email and remote desktop access.
Consider using a password manager to generate and store complex passwords.

Multi-Factor Authentication (MFA):
Enable MFA on your online accounts whenever possible. This provides an additional layer of security, making it more difficult for cybercriminals to gain unauthorized access.

Patch and Update Software:
Keep your operating system, software, and all applications updated with the latest security patches and updates.

Disconnect from the Internet:
If you suspect a ransomware infection, disconnect your device from the internet immediately to prevent it from communicating with the attacker's servers.