HUNTER Ransomware Encrypts System Contents

ransomware

During our examination of malware samples, we discovered HUNTER, a variant of ransomware belonging to the Phobos family. This malware encrypts files, modifies their filenames, and presents two ransom notes labeled "info.txt" and "info.hta." Furthermore, HUNTER ransomware appends the victim's ID, an email address, and the ".HUNTER" extension to filenames.

For instance, it transforms "1.jpg" into "1.jpg.id[9ECFA84E-3335].[Hunter-X@tuta.io].HUNTER," and "2.png" into "2.png.id[9ECFA84E-3335].[Hunter-X@tuta.io].HUNTER," and so on. The ransom note tells the victim about the encryption of their files due to a security issue on their PC. It provides an email address (hunter-x@tuta.io) for communication with the attackers and advises including a specific ID in the email subject line. In the absence of a response within 24 hours, the victim is directed to contact the attackers through a Telegram account (@Online7_365).

The note demands payment in Bitcoins for decryption, with the amount varying based on how promptly the victim contacts the attackers. As a guarantee, it offers free decryption of up to three files, provided they are under 4 MB and lack valuable information.

Furthermore, the victim is cautioned against renaming encrypted files or attempting decryption using third-party software to avoid permanent data loss or falling prey to scams.

HUNTER Ransom Note in Full

The complete text of the ransom note generated by HUNTER in the pop-up window and info.hta file reads as follows:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail Hunter-X@tuta.io
Write this ID in the title of your message -
If you do not receive a response within 24 hours, please contact us by Telegram.org account: @Online7_365
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

How Can Ransomware Similar to HUNTER Infect Your System?

Ransomware similar to HUNTER can infect your system through various methods, including:

Phishing Emails: One common method is through phishing emails containing malicious attachments or links. These emails may appear legitimate and often employ social engineering tactics to trick users into opening attachments or clicking on links, which then download and execute the ransomware onto the system.

Malicious Websites: Visiting compromised or malicious websites can also lead to ransomware infections. These websites may exploit vulnerabilities in web browsers or plugins to silently download and install ransomware onto the victim's system without their knowledge or consent.

Exploiting Software Vulnerabilities: Ransomware can exploit vulnerabilities in software, such as operating systems, web browsers, or plugins, to gain unauthorized access to a system. Attackers can exploit known vulnerabilities for which patches or updates have not been applied, allowing the ransomware to infiltrate the system.

Remote Desktop Protocol (RDP) Attacks: Ransomware attackers may target systems with exposed or weakly secured Remote Desktop Protocol (RDP) connections. They can use brute-force attacks or obtain stolen credentials to gain unauthorized access to the system and deploy ransomware.

Malicious Downloads: Users may inadvertently download ransomware by clicking on malicious advertisements, downloading pirated software or content from untrustworthy sources, or installing fake software updates or applications from dubious websites.

Malvertising: Malicious advertisements, or malvertising, can redirect users to websites hosting exploit kits that deliver ransomware payloads. These ads may appear on legitimate websites and can infect users' systems without their interaction or knowledge.

Drive-by Downloads: Ransomware can also be delivered through drive-by downloads, where malware is automatically downloaded and executed when a user visits a compromised website or interacts with malicious content embedded in web pages.

By Zaib
March 29, 2024
Ransomware
English
March 29, 2024
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Ransomware

Cyber Ransomware Encrypts Files

The malicious program called Cyber is a form of the Chaos ransomware that our researchers discovered during their analysis of new ransomware samples. Once the Cyber ransomware is executed on a test system, it will... Read more

March 14, 2023
Ransomware

Snick Ransomware Encrypts Several Files

Snick Ransomware is a dangerous malware threat that comes from the Makop family of malware threats. The actions of Snick Ransomware start with seeking out certain files, encrypting them, and then appending the .snick... Read more

March 3, 2022
Ransomware

Uudjvu Ransomware Encrypts Files

The Uudjvu ransomware presents a unique cyber threat through its file encryption process, which appends the .uudjvu file marker to locked data, rendering it unreadable. Unlike typical ransomware infections that lock... Read more

June 27, 2023
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.