HPE iLO ransomware virus is a new cyber threat, targeting Internet accessible HPE servers with management interfaces. HPE iLo, aka HPE Integrated Lights-Out, is a special processor, integrated into HP servers. It gives specialists the opportunity to remotely manage the device. The virus is said to encrypt hard drives. Iranian UBCERT researcher named M. Shahpasandi posted the screenshot of the ransom note, asking victims for two bitcoins. Currently, 2 bitcoins equal $18,417.15. There have been several reports from victims of HPE iLo crypto-malware.
HPE iLO crypto-virus is said to encrypt hard drives
In the ransom note, it is stated that victims’ hard disks are encrypted with RSA 2048 asymmetric encryption. In order to recover the encoded data, victims have to contact hackers by sending an email to [email protected] Surprisingly, hackers claim that they are doing this for a good cause, but this is only a deceptive trick to get victims to pay. Since crooks are stating that non-English speaking users should use Google Translate for the email letter, it could be said that people from various countries are targeting by the creators of this ransomware.
Researchers have also provided a step-by-step guide about how the attack of HPE iLO ransomware occurs. First of all, crooks take control over the iLo. Then, the hackers enable the Login Security Banner for the purpose of displaying the ransom note. After this, the crooks exploit the virtual media manager to install a remote ISO. Then, they reboot the server and then the encryption process begins. After the service is once again rebooted, their owners won’t be able to access them.
The creators of HPE iLO crypto-virus are presumed to be from Russia. This possibility derives from the fact that Russian victims can actually negotiate on the ransom they need to pay for the decryption key. In some cases, Russian hackers try to protect other Russians from their ransomware projects. If a payload of a virus arrives into a computer that has the Russian language set as a preference, the payload usually self-destructs. In the case of HPE iLO crypto-virus, Russian victims are only given the privilege of paying less for the decryption key.
Researchers state that connecting remote control tools is never recommended. Users of iLo 4 encouraged to update it to the latest version. If you fail to pay attention to these details, you might be the next victim of HPE iLO ransomware.
How can people avoid HPE iLO crypto-malware?
We have already enlisted a few recommendations. Always check the administrative accounts to figure out whether hackers have managed to get access to your remote control tool. For computer users, the guidelines for ransomware prevention remain the same. First of all, people should back up their data. In case the original versions are encrypted, you will be able to retrieve your files from storage.
At the moment, there is no way of decrypting hard drives for free. However, never lose hope that security researchers will find a way of helping ransomware victims. Until then, we are strongly encouraging victims of HPE iLO crypto-virus to get rid of the malware in their devices. Therefore, we recommend running a scan with an anti-malware tool: Malwarebytes and .
Ransomware infections are spread in many ways: spam emails, deceptive advertisements or rogue programs. In the case of HPE iLO ransomware, hackers are using the insecure VPN. If you want to protect yourself from this threat, make sure that your HPE iLO service is using a secure VPN. Take our suggestions into consideration and do not forget that paying the ransomware creators is never a good idea. They might abandon you and leave your files or hard drives encrypted.
Automatic Malware removal tools