HC6 Ransomware decryption: All you need to know about this malware

The HC6 Ransomware was recently discovered and typically requires victims to pay ransoms of up to $2500 before their files can be decrypted. It is commonly called the .fucku ransomware or virus because it renames files to end with the .fucku extension after a system is infected and files are encrypted.

This malware was first discovered on November 8th, 2017 and has continued to gain popularity since then. It uses a combination of the AES 256 CBC and SHA 256 encryption algorithms in encrypting victims’ files. This is followed by a marking of the encrypted files with a .fucku extension.

This article provides details regarding all you need to know about the HC6 Malware (.fucku ransomware) including useful tips on how to avoid getting affected and decrypting any infected files in the unfortunate event of an infection.

Are you looking raid data recovery ? Our service can help you.

How does the .fucku Ransomware work?

Most malware usually tap into existing vulnerabilities in computers and the HC6 Ransomware is no different. In the wake of an infection, this malware is programmed to encrypt all files that end with specific extensions. Security experts have so far recorded that several dozens of file extensions are immediately affected. Some of these extensions include .rar, .3gp, .pdf, .ppt, .doc, .SQLITE, SQLITEDB, .exe, and .fpk.

Once the files are encrypted with the .fucku file extension, the following ransom note is delivered in a text file. The text file which is named recover_your_fies.txt usually has the following message enclosed.
ALL YOUR FILES WERE incript.
ORDER, TO RESTORE THIS FILE, YOU MUST SEND AT THIS ADDRESS
FOR $ 2500 BTC FOR ALL NETWORK
[BTC WALLET] AFTER PAYMENT SENT EMAIL nullforwarding@qualityservice.com
FOR INSTALLATION FOR DECRIPT
NOT TO TURN OFF YOUR COMPUTER, UNLESS IT WILL BREAK”

Note that there is no guarantee that your files will be decrypted if you pay the ransom. You should ideally consult experts like SALVAGEDATA® to discuss your data recovery and Ransomware removal options.

How does the HC6 Ransomware spread?

The .fucku Ransomware spreads by initially hacking into unsecured networks and then downloading itself onto a computer for replication. The usual targets are Remote Desktop services that show signs of being unsecured and poor. Once the hackers gain access to the network, the .fucku malicious payload is downloaded to a computer within the network. This malicious payload is consequently installed before the attack commences.

How to remove the .fucku extension and recover data

The biggest challenge in removing the HC6 Ransomware is that unless you can locate and delete its core files, it will continue replicating. Sometimes, it may be tempting to just let go of some files and salvage whatever data’s left. This move is usually futile as more files will continue to be encrypted. You can essentially remove the .fucku Ransomware are by either locating its core files, or by using Malware removal tools.

The first option is to manually locate the HC6 Ransomware’s core files and deleting them to prevent further spread. The downside to this option is that it might be difficult for you to locate all of them. They are usually stored in different locations and also have no obvious file names. You should ideally contact security experts such as SALVAGEDATA to assist you with your data recovery and .fucku removal.

Note that if you feel comfortable doing it yourself, there’s an easy to use tool designed specifically to help you remove the malware from your computer and also aid data recovery.

As promised in our last post, we have included the free and useful Ransomware removal tool below. This is useful for removing the .fucku Ransomware from your computer and decrypting the affected files for effective data recovery. Click here to download this tool.

After downloading the tool you’ll need to install it on the affected computer. Once installed, you should be able to select the affected directories and decrypt the affected files as shown in the screenshot above. Once you click on the decrypt button, all the filed that were encrypted with the .fucku extension should be instantly decrypted and released.

Tips for preventing future attacks

In a digital world where hacker sophistication is ever increasing, it has become clear that both individuals and corporations are constantly under threat from cyberattacks. You can however stay safe by following the following tips.

• Keep systems updated: You’ll need to ensure all vital systems are kept updated from your computer to server operating systems. This will ensure that your security parameters are up to date and reduce the likelihood of a successful HC6 attack.
• Be vigilant against phishing: Avoid opening or downloading files from suspicious emails. If there are suspicious attachments to an email, investigate what it might be before downloading it.
• Use an anti-malware: You’ll need to ensure that your computer is running an up to date version of a reputable antivirus/anti malware program.
• Use trustworthy download sources: You should avoid downloading software from unofficial sources to reduce the likelihood of downloading an infected file to your computer.

Have you been affected by the HC6 Ransomware?

If you’ve been infected by the .fucku Ransomware and lost access to your files, there’s no need to fret. You can get in touch with SALVAGEDATA for a practical consultation on how to get rid of the HC6 Ransomware and also your data recovery options. SALVAGEDATA guarantees your data recovery through years of expertise and experience.

PS: In our next post, you can expect to find some vital tips for staying safe online in 2018. Until we meet again, remain vigilant and stay cyber-safe.