FANDOM


HPE iLO is a ransomware that targets HPE iLO 4 servers. It was discovered by M. Shahpasandi. It is aimed at English-speaking users.

Payload

Transmission

HPE iLO is distributed by hacking through an insecure RDP configuration, using email spam and malicious attachments, fraudulent downloads, exploits, web injects, fake updates, repackaged and infected installers.

Infection

It encrypts data on HPE iLO 4 server systems using RSA. It then displays the following message:

Security Notice

Hey. Your hard disk is encrypted using RSA 2048 asymmetric encryption. To 
decrypt files you need to obtain the private key.
It means We are the only ones in the world to recover files back to you. 
Not even god can help you. Its all math and cryptography .
If you want your files back, Please send an email to 
15fd9ngtetwjtdc@yopmail.com.
We don't know who are you, All what we need is some money and we are 
doing it for good cause.
Don't panic if we don't answer you during 24 hours. It means that we 
didn't received your letter and write us again.
You can use of that bitcoin exchangers for transfering bitcoin.
https://localbitcoins.com
https://www.kraken.com
Please use english language in your letters. If you don't speak english 
then use https://translate.google.com to translate your letter on english 
language.

Process:
1) Pay some BTC to our wallet address.(negotations almost impossible 
unless you are a russian citizen)
2) We will send you private key and instructions to decrypt your hard 
drive
3) Boom! You got your files back.
Community content is available under CC-BY-SA unless otherwise noted.