Hunt Ransomware Locks Victim Systems

During an examination of new file samples, our research team identified a malicious software named Hunt, which belongs to the Dharma ransomware group. This software is crafted to encrypt both local and network-shared files, aiming to extort payment in exchange for decryption.

In our assessment on a testing platform, Hunt encrypted files and altered their filenames. The original filenames were appended with a distinct identifier, the email address of the cybercriminals, and a ".hunt" extension. For instance, a file named "1.jpg" was transformed into "1.jpg.id-9ECFA84E.[bughunt@keemail.me].hunt".

Following the encryption procedure, the ransomware presented a ransom note via a pop-up window and a text file labeled "info-hunt.txt". The text file merely notifies the victim about the encryption of their files and advises them to contact the perpetrators for recovery. Meanwhile, the pop-up window furnishes more details regarding the ransomware infection, implying that payment of a ransom is necessary for data restoration.

Prior to complying with these demands, the victim is allowed to test decryption on a maximum of three files not exceeding 5 MB in size and lacking critical or valuable content. This notice also elaborates on the risks associated with seeking assistance from third parties.

Hunt Ransom Note in Full

The complete text of the ransom note produced by Hunt reads as follows:

All your files have been encrypted!

Don't worry, you can return all your files!
If you want to restore them, write to the mail: bughunt@keemail.me YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:bughunt@airmail.cc

We strongly recommend that you do not use the services of intermediaries and first check the prices and conditions directly with us
The use of intermediaries may involve risks such as:
Overcharging: Intermediaries may charge inflated prices, resulting in improper additional costs to you.

Unjustified debit: There is a risk that your money may be stolen by intermediaries for personal use and they may claim that we did it.

Rejection of the transaction and termination of communication: Intermediaries may refuse to cooperate for personal reasons, which may result in termination of communication and make it difficult to resolve issues.

We understand that data loss can be a critical issue, and we are proud to provide you with encrypted data recovery services. We strive to provide you with the highest level of confidence in our abilities and offer the following guarantees:
Recovery demo: We provide the ability to decrypt up to three files up to 5 MB in size on a demo basis.

Please note that these files should not contain important and critical data.

Demo recovery is intended to demonstrate our skills and capabilities.

Guaranteed Quality: We promise that when we undertake your data recovery, we will work with the utmost professionalism and attention to detail to ensure the best possible results.

We use advanced technology and techniques to maximize the likelihood of a successful recovery.

Transparent communication: Our team is always available to answer your questions and provide you with up-to-date information about the data recovery process.

We appreciate your participation and feedback.

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

How Can You Proactively Protect Your Data from Ransomware?

You can take several proactive steps to protect your data from ransomware:

Regularly Update Software: Ensure that all your operating systems, applications, and security software are up to date with the latest patches and updates. Vulnerabilities in outdated software are often exploited by ransomware attackers.

Use Antivirus and Antimalware Software: Install reputable antivirus and antimalware programs on all your devices and keep them updated. These tools can detect and prevent ransomware infections.

Implement Security Best Practices: Enforce strong password policies, enable multi-factor authentication where possible, and restrict user permissions to only what is necessary. Additionally, consider implementing network segmentation to limit the spread of ransomware across your network.

Backup Your Data Regularly: Regularly back up your important files and data to an external storage device or a cloud-based backup service. Ensure that your backups are kept offline and disconnected from your network to prevent them from being encrypted by ransomware.

Implement Email and Web Filtering: Use email and web filtering solutions to block malicious attachments, links, and websites that may contain ransomware or other malware.

Monitor Network Traffic: Monitor your network traffic for unusual activity that may indicate a ransomware infection. Intrusion detection and prevention systems can help detect and block ransomware before it can cause damage.