A new variant of Hc6 Ransomware has been spotted. It has been given a name Hc7 Ransomware. Despite the new name it has, it is basically the same ransomware infection because our specialists could not identify many differences between these two malicious applications. As has been observed during the analysis, both versions have been developed using Python, a widely-used programming language. Also, they both open the CMD window when the encryption of files starts. Finally, they both make it impossible to access pictures, videos, music, documents, and a bunch of other files on compromised machines. Just like all other ransomware infections developed by cyber criminals, they have been programmed to lock files on affected computers so that it would be easier for crooks to extract money from users. You should never send money to malicious software developers because you will give them the reason to continue developing malicious applications. Also, you do not know whether you could really unlock your files after you make a payment, so you should try to find another way to decrypt your files after you erase Hc7 Ransomware fully from your system. This infection does not have any additional files. You will not find any new registry keys in the system registry as well. Because of this, we do not think that its removal will be very complicated either. Unfortunately, we cannot say the same about the decryption of files.
No doubt Hc7 Ransomware has already infiltrated your computer if you can no longer open your files and they have .gotya or .GOTYA appended at the end. Another symptom showing that the entrance of this malicious application was successful is a ransom note (RECOVERY.TXT) on Desktop. It has been observed that there are two versions of the ransom note. They slightly differ from each other. The first version demands 500 USD from users while the second one asks users to pay 700 USD if they want to get their files back. The considerably higher price ($5000) is set for those who want to decrypt all network files. Once the payment is made, users need to send an email to firstname.lastname@example.org. We know you need your files back, but we cannot let you pay money for the decryption of files because it is unclear whether you could decrypt them once you transfer the required money. If you are not going to pay money to crooks, your files will stay encrypted, but it does not mean that you cannot fix them. All these encrypted files can be restored from a backup. Unfortunately, there is no other way to do that.
We need to talk about the distribution of Hc7 Ransomware too so that some users could still prevent it from entering their computers. According to researchers working at 411-spyware.com, this infection is one of many threats that are spread as attachments in spam emails. It is not the only distribution method that might be used to spread it for sure. Specialists say that this infection might also easily infiltrate users’ PCs if they use unsafe RDP credentials. Last but not least, you should be careful with your downloads because you might download ransomware infections and other harmful threats from the web yourself. We cannot promise that you could prevent all bad applications from entering your PC alone because it is not a very easy job. It does not mean that there is no other more effective way to prevent untrustworthy software from slithering onto your computer. You will not allow new threats to show up on your system illegally by simply installing security software on your computer. As long as it stays, malware could not enter your system and your personal files will be safe.
You need to erase Hc7 Ransomware from your system today. This should not be a hard job because this infection does not drop any additional files, you will not find its entry in the registry key, and you will not find your screen locked after its infiltration. Actually, there is only one thing you need to do to disable it – delete all suspicious files you have downloaded/opened recently from directories that are likely to contain the launcher of this ransomware infection, e.g. %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %TEMP%. You can also delete this infection more quickly with an automated malware remover.