Threat Database Ransomware HAHAHA Ransomware

HAHAHA Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 2
First Seen: March 20, 2017
Last Seen: November 28, 2019
OS(es) Affected: Windows

The HAHAHA Ransomware is an encryption Trojan that is based on the open-source CryptoWire Ransomware, which was published on Github.com in September 2016. Since the release of CryptoWire, it was used for the development of various crypto-threats that include the Lomix Ransomware and the '_morf56@meta.ua_ File Extension' Ransomware. The HAHAHA Ransomware appears to be the work of a less skilled programmer who used CryptoWire to build a customized version that uses slightly modified ciphers and connects to private 'Command and Control' servers on the Open Web. The first sightings of the HAHAHA Ransomware were reported by users in Western Europe and the United States of America in the first week of March 2017. The distribution campaign for the HAHAHA Ransomware relies on spam messages that carry macro-enabled documents and trick users into allowing a bad macro script to install the HAHAHA Ransomware on the PC.

The Joker Who Created the HAHAHA Ransomware Uses Secure Encryption Algorithms

The HAHAHA Ransomware is an encryption ransomware Trojan responsible for various, recent attacks. The HAHAHA Ransomware is a variant of CryptoWire, a well-known open source ransomware Trojan that was first observed on GitHub in September 2016. Since the release of CryptoWire, various ransomware Trojans based on its cod have been observed. The HAHAHA Ransomware is just one of these variants. PC security researchers suspect that the people responsible for the HAHAHA Ransomware are not knowledgeable particularly since the HAHAHA Ransomware infection itself is not very sophisticated and only modifies the original CryptoWire code very lightly. The first HAHAHA Ransomware attacks observed in the wild took place in the United States and Europe in early March of 2017. The HAHAHA Ransomware, like many other ransomware Trojans, is being distributed through corrupted email spam attachments, which use documents that leverage corrupted macros to install the HAHAHA Ransomware on the victim's computer.

How the HAHAHA Ransomware Locks Its Victims’ Files

Unfortunately, despite that the HAHAHA Ransomware is not particularly sophisticated, it does carry out an effective ransomware attack. Like other ransomware Trojans, the HAHAHA Ransomware is designed to encrypt its victims' files to then demand the payment of a ransom in exchange for the decryption key. The HAHAHA Ransomware uses a combination of the RSA and AES encryption to make the victim's data inaccessible completely. The HAHAHA Ransomware will encrypt the files on all drives detected on the victim's computer, as well as on directories shared on the infected computer's network. The HAHAHA Ransomware targets a wide variety of files, including PDF files, media files, databases, and numerous others. The HAHAHA Ransomware only encrypts files smaller than 50 MB in size, probably to ensure that the attack is carried out fast enough to cause lasting damage on the victim's computer. Unlike other, similar infections, the HAHAHA Ransomware does not change the infected files' extension, making it impossible to recognize the files that have been encrypted until the victim attempts to open them or view them on the Windows Explorer. After encrypting the victim's files, the HAHAHA Ransomware displays a ransom note that is contained in the HTA file 'HAHAHA.hta.' The HAHAHA Ransomware's ransom note reads as follows:

'READ IT! otherwise you are FUCKED
[LIST OF ENCRYPTED FILES]
Buy Bitcoins Decrypt Files [TEXT BOX FOR DECRYPTION KEY]
Your pdfs,photos,vIdeos,rar,doeuments etc.. are all ENCRYPTEDILIst of the encrypted files above...you can check by yourself but read all this first or you gonna regret!.To recover your files,send 500$ worth of bitcoins to this bitcoin address: [34 RANDOM CHARACTERS] Then send a email to hugoranl@gmx.com, I'll check the payment and release your files.
ATTENTION:if you close me or turn on the antivirus,i might be removed,BUT your files will still be encrypted!!,So for the good of your files leave me here and do not turn off the computer,IF you accidentaly close me, open the 'TEXT FILE' in your desktop, it have the address to send the bitcoins and email to warn me that you have paid,YOU HAVE 72 HOURS TO PAY OR THE FILES WILL BE DELETED.'

Dealing with the HAHAHA Ransomware

PC security researchers strongly advise computer users to avoid paying the HAHAHA Ransomware ransom. It is equally likely that the people responsible for the HAHAHA Ransomware will simply ignore the payment or ask the victim to pay even more money. Instead of paying the HAHAHA Ransomware ransom, malware analysts advise computer users to remove the HAHAHA Ransomware completely with the help of a reliable security program that is fully up-to-date. The files affected by the HAHAHA Ransomware should be deleted and then replaced with backup copies. Having backup copies of all files is the best way to ensure that your data is protected from threats like the HAHAHA Ransomware, allowing quick recovery and removing all the power from the people responsible for the attack.

Trending

Most Viewed

Loading...