HydraCrypt is a new ransomware recently discovered by McAfee. Like some previous ransomware variants, HydraCrypt is distributed using the Angler exploit kit. HydraCrypt encrypts a victim’s files and appends the filenames with the extension “hydracrypt_ID_<8 random characters>”.
The malware also drops one plain-text file on the victim’s machine and opens a red window displaying the ransom screen with instructions on how to pay the ransom, then decrypt the files. If the victim fails to take the required action within 72 hours, HydraCrypt threatens to sell the documents and files on the dark market.
ThreatSTOP customers are protected from HydraCrypt.