Blue Hexagon Blog

Ransomware Families – 8lock8

8lock8, a ransomware based on HiddenTear was discovered in 2016.

Delivered through emails using malicious Microsoft Word documents with macros and PDF documents with exploits, 

8lock8 uses AES-256 to encrypt files and appends .8lock8 to the end of encrypted files.

(Sample Ransomware Note)

‘Files have been encrypted!Файлы были зашифрованы
It uses cryptographically strong algorithm!Используется криптостойкий алгоритм
contact by e-mail: d1d81238@tuta.io or d1d81238@india.com
to identify, use lower hash!для идентификации используйте нижний хэш
{Random hash}’

8lock8 is decryptable using the HiddenTear decrypter.  

If you are interested in learning about other Ransomware families that we have published research reports on you can read more here