AHP Ransomware Threat Intel Advisory

Published on October 1, 2020 | 18:30 PM IST

Share this Advisory:

AHP ransomware, a malicious program which is part of the Dharma ransomware family, was spotted in September 2020. It particularly infects Windows-based systems. The ransomware is designed to encrypt data and create a ransom note in exchange for decryption tools. The ransomware is delivered through thousands of phishing emails.

It is also spread via other infection vectors such as spam campaigns, illegal activation tools (“cracks”), fake updaters, and untrustworthy download sources.

When the ransomware encrypts the files, they are renamed in the following schema: original filename, a unique ID name given to the victims, cybercriminals’ email addresses, and the “.AHP” extension. For example, a file titled “one[.]jpg” once encrypted would appear like this: “one[.]jpg[.]id-C279F237.[[email protected]].AHP.” Further, ransom notes (fig.1) are made to show up on a pop-up window. The note states that the victim’s data is ‘locked’ and also instructs them to communicate with the cybercriminals behind the ransomware attack, via email. The text presented in the pop-up window provides slightly more information concerning the infection.

Fig.1 Ransom note pop-up window
Fig.1 Ransom note pop-up window

Indicators of Compromise 

  1. Encrypted Files Extension –

.AHP 

2. Cyber Criminal Contact –

[email protected][.]io 

[email protected][.]com

3. MD5 –

b94264963a9dd9ace614cef5668515da

4. SHA1 –

2f7bc3d3121074c7404e078e313bf6ba7d214f90

5. SHA256 – 

5560b7207f4864f73e4331e934d86a381d77a8848e2a7d22bf45e73ab2aa81b5

6. SSDEEP –

1536:mBwl+KXpsqN5vlwWYyhY9S4APmdP1/LutCA3J33fagQqk3DWd9S:Qw+asqN5aW/hLGPZLuV3x3fa48qd9

Preventive Measures

  1. Download applications from an authentic source.
  2. Create a backup for your most important files, on a regular basis.
  3. Personalize your anti-spam settings.
  4. Patch and update your software and system.
  5. Use proper antivirus, one that does not allow unwanted execution.
  6. Do not click on suspicious links.
  7. Spread awareness about such threats among users.

Be informed about threats in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.