Hydrox Ransomware - More Wiper Malware Than Ransomware


Hydrox ransomware is the name of a newly discovered strain of file-decrypting malware. That description is particularly fitting in this case, as Hydrox is not a typical ransomware strain.

The first part of a Hydrox attack goes as you would expect with any ransomware variant - the malware encrypts files, makes them unreadable and appends the ".hydrox" extension to encrypted files. Files affected by the encryption process include almost every media, document, database and archive file type.

Once encryption ends and the ransom note is deposited inside a file named "Hydrox Ransomware.txt" and the ransomware changes the system's wallpaper, things take a sudden turn into strange territory.

The ransom note of Hydrox goes as follows:

Woops,all your files have been encrypted!

All your important files,like documents,photo,mp4,video and other important stuff are now encrypted by Hydrox Ransomware.

Can i recover my files?

You don’t need to pay to decrypt your files,hydrox doesn’t have a password or a tool  for decryption,so don’t try to search the password or crack it 😀

Have fun trying to decrypt your files!

There is no contact email here, no ransom demand, nothing. The hackers operating Hydrox flat-out tell their victims that there is no decryption tool for it, even if the victim was willing to pay or negotiate.

This makes Hydrox more of a destructive malware and a file wiper than an actual ransomware, because that's just now how ransomware works. Hydrox looks like it's the weekend project of a script kiddie and not an actual tool intended to use for illegal profit, but that doesn't make it any less dangerous, on the contrary - all files encrypted with Hydrox seem irreversibly damaged.

August 3, 2022