Hceem, a cryptovirus is the recent menacing threat that is rendering user’s files ciphered & demanding ransom in Bitcoins in order to retrieve the encrypted data.
Hceem Ransomware holds its origin from the kin of Ransomware Trojans, the Snatch Ransomware. This malicious file-encoding software marches into the system when a user clicks on suspicious e-mail attachments or malware-laden ads. Accidental downloads of app or software from treacherous websites & fake software updates can also invite Hceem Ransomware on the system.
Following the successful contamination of user’s system, the Ransomware begins to encrypt stored files. The victims will find the files renamed & appended with .hceem extension.
In addition to that, Hceem Ransomware creates a text file named containing the ransom note & leaves a copy of the same in every folder.
In case you find your documents are encrypted with .hceem extension, read below to find tips to remove hceem Ransomware from your system.
Hceem Ransomware is a reincarnated variant of the Snatch Ransomware family & invading a large number of systems across the world.
It infects a computer when the user visits torrent sites, adult content sites, malware loaded sites or clicks on tainted e-mail attachments, doubtful pop-ups, adverts or banners. Fake software updates & third party download sources can also be the source behind the Ransomware Installation without user’s consent.
Fake software updaters are one of the common methods implemented by the threat actors to propagate malware infection. Fake updates either exploit the obsolete software or download/install other malware on to the system & activate paid software for free. By opting for free software updates, users typically end up vitiating their systems with malware like Hceem Virus.
Once the system has been compromised, Hceem Ransomware runs a complete scan of the drive to search for targeted file types. On finding the preferred file types, Hceem encrypts them & affixes .hceem extension to them. The victim will not be able to access the encoded files.
Here is a list of file extensions encrypted by Hceem Crypto-virus:
.sql, .mp4, .rar, .m4a, .avi, .wmv, .txt, .css, .png, .jpeg, .jpg, .pptm, .ppt, .xlsb, .xlsm, .xlsx, .xls, .docm, .doc, .map, .mov, .bar, .litemod, .asset, .raw, .orf, .dcr, .big, .wallet, .xxx, .desc, .m3u, .flv
An attempt to access the files will be followed by a ransom note that will cover the system screen. The Ransom Note is basically a text file named as – RESTORE_HCEEM_DATA.txt. It contains encryption details & prompts the victims to visit the Ransomware Website.
The victim is further asked to install Tor Browser (https://www.torproject.org) in order to visit the website. In case, victim is finding it arduous to visit the website, they may reach out the hackers for help on – firstname.lastname@example.org.
The main motive behind encrypting the files is to extort money from the victims in Bitcoins in order to restore their ciphered files.
The ransom Note for Hceem Ransomware reads as follows:
Do not rename the ciphered files
Do not try to decrypt your data of the third-party software, it can cause constant data loss
You do not joke with files
To restore your files visit *********** website. This website is safe
If this website is not available use reserve website ************* in a TOR network. This website is safe. For visit of this website it is necessary to install Tor browser (https://www.torproject.org)
Your login: xxxx
Your password: xxxx
Your BTC address: xxxx
If all websites are not available write to us on email of email@example.com
You keep this information in secret
Cyber Threats & invasion of Ransomware, Trojans & Browser Hijackers is common now-a-days. Therefore, computer users need to stay vigilant about the content they click on & the sites they visit. They should develop secure browsing habits & take repressive measures to keep their systems away from such threats.
The cybercriminals use various strategies for malware distribution which include –
Targeted Operating System: Windows
Symptoms: User’s files are inaccessible & encrypted with .hceem extension. A ransom note named – RESTORE_HCEEM_DATA.txt demanding a ransom in bitcoin(s) prompts on the screen.
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.