The STOP/Djvu Ransomware Family Continues to Grow with HKGT Ransomware
HKGT Ransomware is another file-encrypting ransomware that belongs to the STOP/Djvu Ransomware family. It targets many file types, including documents, videos, databases, and photos. Once launched, the encryption algorithm does not damage system files. This is because the hackers need your system to work so you could transfer the ransom payment.
Files encrypted by HKGT Ransomware receive the telltale ‘.HKGT’ extension at the end of their names, and victims soon find a ransom note left by the hackers on their desktop. The ransom note is titled “_readme.txt.” It instructs victims to contact the hackers via restorealldata@firemail.cc and gorentos@bitmessage.ch or through the Telegram account @datarestore.
The note also tells the victims to pay either $980 or $490 in Bitcoin. The lower ransom amount applies if the initial contact with the hackers is made within the first 72 hours after infection. The HKGT Ransomware operators will also offer users one free file decryption to prove they can provide a permanent fix for all affected files.
Unfortunately, a free or online decryption tool, that could restore files encrypted by HKGT Ransomware, is not available at the moment. The only reliable way to recover infected files is to restore them from a backup. It is also possible to use alternative data recovery options, yet, there’s no guarantee that alternative data recovery tools can unlock all the encrypted files. Although it may seem that the easiest path to file restoration is by cooperating with the hackers, we never recommend dealing with them. It’s possible that you may never receive a decryption key even if you pay them.
How Do I Remove HKGT Ransomware?
You can scan for and remove elements associated with HKGT Ransomware by using a reputable malware remediation application. To protect your files from similar attacks in the future, you should back up your critical files on a cloud or external hard drive.