Emsisoft releases a new decryptor for Hakbit ransomware

Hakbit Decryptor

We just released a new free decryption tool for the Hakbit ransomware strain. Hakbit has multiple confirmed victims, including home users and businesses in the United States and Europe.

While ransom notes are usually text files, Hakbit demands are displayed by changing the victim’s desktop wallpaper. Possibly uniquely, the wallpaper includes a QR code that points to the attackers’ Bitcoin address.

Hakbit wallpaper with ransom note and QR code

Hakbit wallpaper with ransom note and QR code

You can download the FREE decryption tool linked below. A detailed guide is also included.

Download the Hakbit Decryptor here

Hakbit decryptor by Emsisoft

Hakbit decryptor by Emsisoft

Technical details

Hakbit encrypts its victims’ files using AES-256 and appends with the extension “.crypted”. On installation, Hakbit attempts to conceal its presence by randomly naming its executable to one of the following: lsass.exe, svchst.exe, crcss.exe, chrome32.exe, firefox.exe, calc.exe, mysqld.exe, dllhst.exe, opera32.exe, memop.exe, spoolcv.exe, ctfmom.exe, or SkypeApp.exe.

The ransom note reads:

Atention! all your important files were encrypted!
to get your files back send 300 USD worth in Bitcoins and contact us with proof of
payment and your Unique Identifier Key.
We will send you a decryption tool with your personal decryption password.

Where can you buy Bitcoins:

https://www.coinbase.com
https://localbitcoins.com

Contact: [email protected].

Bitcoin wallet to make the transfer to is: 12grtxACJZkgT2nGAvMesgoM4ADHJ6NTaW
Unique Identifier Key (must be sent to us together with proof of payment):
Number of files that you could have potentially lost forever can be as high as: 3396

 

Successful decryption of Hakbit encrypted files

Successful decryption of Hakbit encrypted files

Download the Hakbit Decryptor here

 

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Regardless of what the Hakbit ransom note might say, our decryption tool can help you recover your files for free. Support for this tool is provided by the experts at Bleeping Computer. If you need help using it, please post details of your problem here.

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next