Hello ransomware – another version of Xorist – bathes in the glory of WannaCry

Hello virus defines the new threat which is capable of encrypting users’ data. Despite its clumsy WannaCry ransom rip-off message, the malware[1] is actually another version the well-known Xorist malware.
It operates via iji.exe file. After infiltrating the system, the malware looks for possibly important files and encodes them. You can identify them by .hello file extension. Later on, the virus opens HOW TO DECRYPT FILES.txt file, where it informs its victims about the misdeed. Alternatively, the same text is displayed in the error message.
As common for this type of this threat, the perpetrators urge victims to transmit the money within 12 hours. Otherwise, the amount of ransom is doubled. In case victims fail to send the money within 24 hours, the files are said to be permanently deleted.
They supposedly claim that they will return the files, However, they do not grant any extra free file decryption service to fortify their claims. Nurturing hopes for data might be futile. What is more, there is no record whether Xorist developers have kept their word. Thus, proceed to Hello crypto-virus removal.
Developers keep updating older ransomware
This case of threat is not the only one. While the virtual community’s attention has been diverted to WannaCry and Petya attacks, developers of less-known threats still continue improving their viruses. The best illustrating example is the ever-expanding CryptoMix virus family.
Xorist developers also flicker among the malware headlines. You might recall already several existing Team Xrat variations. Their latest creation, Hello ransomware, seems to be inspired by WannaCry as the ransom note is written in almost identical manner. In relation to the virus, fortunately, the infection is no so intricate as the former infection. The majority of cyber security tools are able to detect the threat. Thus, make haste to remove Hello virus. FortectIntego or MalwarebytesMalwarebytes will come in handy in the elimination process.
Ransomware distribution tendencies
As common for crypto-malware, this virus may target users in torrent and peer-to-peer domains. Do not forget the common transmission method – spam emails.[2] Though it is the preferred method among the developers of more elaborate threats, less-known threats might take advantage of this method as well.
If you receive email which is supposedly sent by the FBI or another official institution, there is no need to rush and recklessly open the attachments. Look for grammar mistakes, typos and other details which give out the true origin of the message.
Note that Hello hijack is delivered by Trojan-Ransom.Win32.Xorist!O, so it might be disguised in gaming or movies streaming sites. Note that cyber criminals have developed a scheme how to hack into extension developers’ account and corrupt their app source code.
In order to limit the risk of encountering ransomware in the future, make sure you do not only protect your computer with efficient software but remain cautious while installing new applications and enabling browser extensions.
Eliminate Hello malware
Since this threat is the version of Xorist virus, you should not delay Hello virus removal. This time manual elimination hardly is effective unless you are a cyber security specialist. Install an anti-spyware tool and run the scan. In case you cannot run, reboot the device into Safe Mode. More information is delivered below.
After you remove Hello virus, you can take a look at some of our suggested data recovery options. Note that the virus is likely to spread in the North America, Europe, specifically the UK[3].
Was this guide helpful?
Be the first to comment