When this type of malware infects a computer, it automatically hijacks (encrypts) all the user’s data and, subsequently, requests the payment of a ransom, in the form of a cryptocurrency, in exchange for the encryption key. Generally, the most used coins for the ransom payment are Bitcoin and Monero, although it seems that there is a new currency that is starting to get the attention of the users: Ethereum. In recent months we have seen how hackers have been leaving a little aside to ransomware and have been focusing on other types of computer threats, such as malware that uses the victim’s PC to mine cryptocurrencies. However, this does not mean that the ransomware is finished, far from it. Every so often we can see how hackers update malware by implementing new security measures, such as more complex and difficult to break encryption algorithms or new techniques to avoid being detected by antivirus. A few hours ago, security companies have just found a new ransomware, a variant of HC7 Planetary, which is the first to include Ethereum as the payment currency for the rescue or ransom. While the majority of ransomware uses Bitcoin, and some Monero variants, Ethereum’s huge growth in value (which is now around $1,200) has meant that the hackers responsible for this malware have implemented this currency as a possibility of payment, despite the fact that other alternatives, such as Verge, offer greater privacy. It is very likely that other computer threats follow the steps of this and begin to bet on currency alternatives to Bitcoin, both Ethereum if it continues to grow, and others that offer a much higher privacy to the BTC, such as Monero and Verge.

How the HC7 Planetary ransomware works

Unlike other ransomware, which usually arrives through web pages or SPAM emails, HC7 is characterized by infecting computers through remote access sessions that hackers establish through different techniques. When they manage to access the system, they manually execute the ransomware, which begins to encrypt the files and then ask for their ransom. All the files encrypted by this ransomware have the extension “.PLANETARY” and, to decrypt the data, ask for 500 dollars in cryptocurrencies for a single computer or 5000 dollars for all computers in a local network. The first variants of this ransomware could be deciphered with a memory dump, since it stored the key, however, the most modern variants do not allow this, so if this ransomware infects us we only have to pay (and have lucky to receive the key and not lose the money too) or give the data for lost. So, what do you think about this new ransomware? Simply share all your views and thoughts in the comment section below.