Avast Decryption Tool for HomuWitch 1.0.0.724
Avast Decryption Tool for HomuWitch lets you recover encrypted files held by the HomuWitch ransomware strain. All the Avast Decryption Tools are available in one zip here.
HomuWitch is a ransomware strain that emerged in July 2023. Unlike most current ransomware strains, HomuWitch targets individual end-users rather than institutions and companies. Its prevalence isn't substantial, and the requested ransom amount is not high, allowing the strain to remain relatively under the radar.
The HomuWitch ransomware is coded in C# .NET. It gets its name from the binary file's version information. Typically, victims get infected through a SmokeLoader backdoor disguised as pirated software. This backdoor then installs a harmful dropper that runs the HomuWitch ransomware.
Once it starts running, it scans all drive letters and identifies the ones with less than 3,500 MB capacity. It also looks for the user's Pictures, Downloads, and Documents folders. After that, it selects only the files with specific file extensions and a size of less than 55 MB for encryption.
The list of the extensions contains the following:
.doc
.docx
.ppt
.pptx
.xls
.py
.rar
.zip
.7z
.txt
.mp4
.JPG
.PNG
.HEIC
.csv
.bbbbbbbbb
HomuWitch locks files by using a combination of the Deflate algorithm for compression and the AES-CBC algorithm for encryption. It adds a .homuencrypted extension to the filename.HomuWitch ransomware not only encrypts files but also compresses them, reducing their size. After encryption, a ransom note (example in screenshot # 1) is obtained from the command and control (CnC) server or stored in the sample resources after encryption. The ransom amount typically ranges from $25 to $70, and payment is demanded in Monero cryptocurrency.
Similar:
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus
What's the Best Antivirus and Is Windows Defender Good Enough?
How to Manage Windows Defender Antivirus Found Threats
What to Do When Your Norton or McAfee Antivirus Expire
Avast Decryption Tool for HomuWitch 1.0.0.724
Avast Decryption Tool for HomuWitch lets you recover encrypted files held by the HomuWitch ransomware strain. All the Avast Decryption Tools are available in one zip here.
