HAHAHA Ransomware

HAHAHA Ransomware Description

The HAHAHA Ransomware is an encryption Trojan that is based on the open-source CryptoWire Ransomware, which was published on Github.com in September 2016. Since the release of CryptoWire, it was used for the development of various crypto-threats that include the Lomix Ransomware and the '_morf56@meta.ua_ File Extension' Ransomware. The HAHAHA Ransomware appears to be the work of a less skilled programmer who used CryptoWire to build a customized version that uses slightly modified ciphers and connects to private 'Command and Control' servers on the Open Web. The first sightings of the HAHAHA Ransomware were reported by users in Western Europe and the United States of America in the first week of March 2017. The distribution campaign for the HAHAHA Ransomware relies on spam messages that carry macro-enabled documents and trick users into allowing a bad macro script to install the HAHAHA Ransomware on the PC.

The Joker Who Created the HAHAHA Ransomware Uses Secure Encryption Algorithms

The HAHAHA Ransomware is named after the program window shown after the encoding process is completed. The program window is titled 'HAHAHAHAHAHAHA =D,' hence the HAHAHA Ransomware. The Trojan at hand functions the same way as most crypto-threats and uses a combination of the AES and RSA ciphers to alter the structure of your data. The HAHAHA Ransomware generates a unique 256-bit long key to lock your files, and it can affect data on the local disks, removable media and network shares. The HAHAHA Ransomware is programmed to encipher PDFs, images, audio, video, presentations, spreadsheets, databases and eBooks under 50 MB in size. The HAHAHA Ransomware does not append a custom extension, and you may be able to recognize the affected objects by the generic white icon associated with the files that were encrypted by the threat. The HAHAHA Ransomware uses an HTA program to show a list of encrypted files, a short text message and an invitation to pay a fee for the decryption key. The text on 'HAHAHA.hta' reads as follow:

'READ IT! otherwise you are FUCKED
Buy Bitcoins Decrypt Files [TEXT BOX FOR DECRYPTION KEY]
Your pdfs,photos,vIdeos,rar,doeuments etc.. are all ENCRYPTEDILIst of the encrypted files above...you can check by yourself but read all this first or you gonna regret!.To recover your files,send 500$ worth of bitcoins to this bitcoin address: [34 RANDOM CHARACTERS] Then send a email to hugoranl@gmx.com, I'll check the payment and release your files.
ATTENTION:if you close me or turn on the antivirus,i might be removed,BUT your files will still be encrypted!!,So for the good of your files leave me here and do not turn off the computer,IF you accidentaly close me, open the 'TEXT FILE' in your desktop, it have the address to send the bitcoins and email to warn me that you have paid,YOU HAVE 72 HOURS TO PAY OR THE FILES WILL BE DELETED.'

You Can Have the Last Laugh by Avoiding Making a Payment

Users are suggested by the HAHAHA Ransomware to pay 500 USD/464 EUR in the span of 72 hours using the Bitcoin digital currency. After you make the transfer, an email is to be sent to hugoran1@gmx.com, and it asks for the decryption key. The email you write to hugoran1@gmx.com is supposed to include your wallet address, and PC name to help the "support staff" send you the correct decryption key. Cyber security experts do not encourage users to pay the team on hugoran1@gmx.com because the HAHAHA Ransomware may add a backdoor to your system and it is safer to use backups for the recovery process. You may want to purge the HAHAHA Ransomware from your OS by installing a trusted anti-malware scanner. It is recommended that you use clean archives, backup images, and files from cloud storage services to rebuild your data structure, instead of paying the HAHAHA Ransomware.

Infected with HAHAHA Ransomware? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect HAHAHA Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 10 + 8 ?