AHP ransomware, a malicious program which is part of the Dharma ransomware family, was spotted in September 2020. It particularly infects Windows-based systems. The ransomware is designed to encrypt data and create a ransom note in exchange for decryption tools. The ransomware is delivered through thousands of phishing emails.
It is also spread via other infection vectors such as spam campaigns, illegal activation tools (“cracks”), fake updaters, and untrustworthy download sources.
When the ransomware encrypts the files, they are renamed in the following schema: original filename, a unique ID name given to the victims, cybercriminals’ email addresses, and the “.AHP” extension. For example, a file titled “one[.]jpg” once encrypted would appear like this: “one[.]jpg[.]id-C279F237.[[email protected]].AHP.” Further, ransom notes (fig.1) are made to show up on a pop-up window. The note states that the victim’s data is ‘locked’ and also instructs them to communicate with the cybercriminals behind the ransomware attack, via email. The text presented in the pop-up window provides slightly more information concerning the infection.