We just released a new free decryption tool for the Hakbit ransomware strain. Hakbit has multiple confirmed victims, including home users and businesses in the United States and Europe.
While ransom notes are usually text files, Hakbit demands are displayed by changing the victim’s desktop wallpaper. Possibly uniquely, the wallpaper includes a QR code that points to the attackers’ Bitcoin address.
You can download the FREE decryption tool linked below. A detailed guide is also included.
Download the Hakbit Decryptor here
Technical details
Hakbit encrypts its victims’ files using AES-256 and appends with the extension “.crypted”. On installation, Hakbit attempts to conceal its presence by randomly naming its executable to one of the following: lsass.exe, svchst.exe, crcss.exe, chrome32.exe, firefox.exe, calc.exe, mysqld.exe, dllhst.exe, opera32.exe, memop.exe, spoolcv.exe, ctfmom.exe, or SkypeApp.exe.
The ransom note reads:
Atention! all your important files were encrypted!
to get your files back send 300 USD worth in Bitcoins and contact us with proof of
payment and your Unique Identifier Key.
We will send you a decryption tool with your personal decryption password.
Where can you buy Bitcoins:
https://www.coinbase.com
https://localbitcoins.com
Contact: hakbit@protonmail.com.
Bitcoin wallet to make the transfer to is: 12grtxACJZkgT2nGAvMesgoM4ADHJ6NTaW
Unique Identifier Key (must be sent to us together with proof of payment):
Number of files that you could have potentially lost forever can be as high as: 3396
Download the Hakbit Decryptor here
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialRegardless of what the Hakbit ransom note might say, our decryption tool can help you recover your files for free. Support for this tool is provided by the experts at Bleeping Computer. If you need help using it, please post details of your problem here.