HPE iLO is a ransomware that targets HPE iLO 4 servers. It was discovered by M. Shahpasandi. It is aimed at English-speaking users.
HPE iLO is distributed by hacking through an insecure RDP configuration, using email spam and malicious attachments, fraudulent downloads, exploits, web injects, fake updates, repackaged and infected installers.
It encrypts data on HPE iLO 4 server systems using RSA. It then displays the following message:
Security Notice Hey. Your hard disk is encrypted using RSA 2048 asymmetric encryption. To decrypt files you need to obtain the private key. It means We are the only ones in the world to recover files back to you. Not even god can help you. Its all math and cryptography . If you want your files back, Please send an email to email@example.com. We don't know who are you, All what we need is some money and we are doing it for good cause. Don't panic if we don't answer you during 24 hours. It means that we didn't received your letter and write us again. You can use of that bitcoin exchangers for transfering bitcoin. https://localbitcoins.com https://www.kraken.com Please use english language in your letters. If you don't speak english then use https://translate.google.com to translate your letter on english language. Process: 1) Pay some BTC to our wallet address.(negotations almost impossible unless you are a russian citizen) 2) We will send you private key and instructions to decrypt your hard drive 3) Boom! You got your files back.