One of the users, attacked by the malicious HC7 Planetary ransomware, has contacted Bleeping Computer asking for help and reporting that the ransoware encrypts users' files and adds the PLANETARY extension to the filename.
Mainly, the attackers demand Bitcoin or Monero as payment, as, for example, Cerber ransomware, which was capable of stealing from Bitcoin wallets; or BadRabbit, which attacked different institutions in five countries, demanding Bitcoin.
Planetary Ransomware victim's screenshot
There is little known about HC7 Planetary ransomware, but what is known so far is that ransomware developer hacks into networks using remote desktop and manually installs the ransomware on all computers which are accessible to them.
HC7 Planetary Ransomware encrypted files
Once having encrypted the files, ransomware demans the victim to pay $700 worth Bitcoin, Monero or Ethereum for decryption on one computer or $5000 for all the attacked network, and asks to include a sample encrypted file for proof of decrypt.
Considering the Ethereum's rapidly rising value, it is not surprising that ransomware creators start turning to this currency. Moreover, Ethereum's smart contract feature can make ransomware payment processing more efficient, as a victim can guarantee payment if the developer really decrypts the files.
At the moment of press, these are the main market parameters of Ethereum:
- Average Price: $1 343,56
- Market Cap: $130 176 860 817
- 24h Volume: $9 785 200 000