HPE iLO is a ransomware that targets HPE iLO 4 servers. It was discovered by M. Shahpasandi. It is aimed at English-speaking users.



HPE iLO is distributed by hacking through an insecure RDP configuration, using email spam and malicious attachments, fraudulent downloads, exploits, web injects, fake updates, repackaged and infected installers.


It encrypts data on HPE iLO 4 server systems using RSA. It then displays the following message:

Security Notice

Hey. Your hard disk is encrypted using RSA 2048 asymmetric encryption. To 
decrypt files you need to obtain the private key.
It means We are the only ones in the world to recover files back to you. 
Not even god can help you. Its all math and cryptography .
If you want your files back, Please send an email to
We don't know who are you, All what we need is some money and we are 
doing it for good cause.
Don't panic if we don't answer you during 24 hours. It means that we 
didn't received your letter and write us again.
You can use of that bitcoin exchangers for transfering bitcoin.
Please use english language in your letters. If you don't speak english 
then use to translate your letter on english 

1) Pay some BTC to our wallet address.(negotations almost impossible 
unless you are a russian citizen)
2) We will send you private key and instructions to decrypt your hard 
3) Boom! You got your files back.
Community content is available under CC-BY-SA unless otherwise noted.