Home Malware Programs Ransomware Hakbit Ransomware

Hakbit Ransomware

Posted: November 5, 2019

The Hakbit Ransomware is a file-locking Trojan that can block the media contents of your PC and hold it hostage. The Hakbit Ransomware also can conduct other functions related to this theme, such as changing the names of your files or removing some formats of backups. An appropriately comprehensive response to this Trojan includes having both backups for recovering and anti-malware software for removing the Hakbit Ransomware.

Trojans Hunting for a Little Bit of Bitcoin

With the overbearing nature of Ransomware-as-a-Service families and even freeware options like EDA2 and Hidden Tear, many users might forget that 'lone' Trojans are threatening, as well. The Hakbit Ransomware, one of the newest samples of a file-locking to make itself known, is testing out disguises involving Web browsers while it locks files. While its lock-and-extort philosophy is a RaaS classic, the Hakbit Ransomware isn't a known variation of any previous threat.

The Hakbit Ransomware is a Windows program running off of Microsoft's .NET Framework, with a typical, small file size smaller than a megabyte. While malware experts haven't examined its encryption algorithms, it does include encryption as its main feature for locking files and can do so for extorting money from the owners of documents, pictures, and other content of any value. It also tags each file with a 'crypted!' extension – readers should note that this is a generic string that they might find on unrelated Trojans, as well.

Less generically than that, the Hakbit Ransomware also provides a desktop wallpaper image, along with a text message. Both of them provide English ransom instructions with various grammar and spelling errors, an ID for the victim, and a Bitcoin link. Although its wallet is active, malware researchers find no transactions related to its current demands of 300 USD – but the threat actor may change the price.

Victims should try to avoid paying, since ransoms for unlocking services are, frequently, unreliable, and result in broken or no solutions for recovering digital media.

Avoiding the Risk of a Hack for Your Bits

Many versions of the Hakbit Ransomware are using random characters for their names, which complicates identifying them. However, some of them also use distinct disguises, such as by pretending that they're versions of Chrome or Firefox. Avoiding these fake browser updates or installers should be easy for any users who stick to reputable download resources and don't partake in torrents or illegal freeware sites.

Malware researchers also encourage multiple practices for preventing a file-locking Trojan like the Hakbit Ransomware from causing any undue problems:

  • Always reserve a backup on another device. Habkit Ransomware and most file-locker Trojans like it will erase the Restore Points that Windows has as a default backup.
  • Avoid inappropriate network or server administrative practices, such as using bad passwords or ignoring security patches to critical vulnerabilities.
  • Scan downloads with appropriate anti-malware analysis utilities before opening them. This precaution is especially relevant to e-mail attachments.

Although the first rates of identifying the Hakbit Ransomware were semi-low, they're only rising as AV vendors update their threat databases. Such anti-malware products remain preferable for uninstalling the Hakbit Ransomware, or, even better, catching its installer prematurely.

Squeezing in-between mammoths like Jigsaw Ransomware and the Scarab Ransomware family, the Hakbit Ransomware is a much smaller name in hostile encryption. Sometimes small packages, like bombs, are just as explosively detrimental as larger ones.

Loading...