HAHAHA Ransomware

HAHAHA Ransomware Description

The HAHAHA Ransomware is an encryption Trojan that is based on the open-source CryptoWire Ransomware, which was published on Github.com in September 2016. Since the release of CryptoWire, it was used for the development of various crypto-threats that include the Lomix Ransomware and the '_morf56@meta.ua_ File Extension' Ransomware. The HAHAHA Ransomware appears to be the work of a less skilled programmer who used CryptoWire to build a customized version that uses slightly modified ciphers and connects to private 'Command and Control' servers on the Open Web. The first sightings of the HAHAHA Ransomware were reported by users in Western Europe and the United States of America in the first week of March 2017. The distribution campaign for the HAHAHA Ransomware relies on spam messages that carry macro-enabled documents and trick users into allowing a bad macro script to install the HAHAHA Ransomware on the PC.

The Joker Who Created the HAHAHA Ransomware Uses Secure Encryption Algorithms

The HAHAHA Ransomware is an encryption ransomware Trojan responsible for various, recent attacks. The HAHAHA Ransomware is a variant of CryptoWire, a well-known open source ransomware Trojan that was first observed on GitHub in September 2016. Since the release of CryptoWire, various ransomware Trojans based on its cod have been observed. The HAHAHA Ransomware is just one of these variants. PC security researchers suspect that the people responsible for the HAHAHA Ransomware are not knowledgeable particularly since the HAHAHA Ransomware infection itself is not very sophisticated and only modifies the original CryptoWire code very lightly. The first HAHAHA Ransomware attacks observed in the wild took place in the United States and Europe in early March of 2017. The HAHAHA Ransomware, like many other ransomware Trojans, is being distributed through corrupted email spam attachments, which use documents that leverage corrupted macros to install the HAHAHA Ransomware on the victim's computer.

How the HAHAHA Ransomware Locks Its Victims' Files

Unfortunately, despite that the HAHAHA Ransomware is not particularly sophisticated, it does carry out an effective ransomware attack. Like other ransomware Trojans, the HAHAHA Ransomware is designed to encrypt its victims' files to then demand the payment of a ransom in exchange for the decryption key. The HAHAHA Ransomware uses a combination of the RSA and AES encryption to make the victim's data inaccessible completely. The HAHAHA Ransomware will encrypt the files on all drives detected on the victim's computer, as well as on directories shared on the infected computer's network. The HAHAHA Ransomware targets a wide variety of files, including PDF files, media files, databases, and numerous others. The HAHAHA Ransomware only encrypts files smaller than 50 MB in size, probably to ensure that the attack is carried out fast enough to cause lasting damage on the victim's computer. Unlike other, similar infections, the HAHAHA Ransomware does not change the infected files' extension, making it impossible to recognize the files that have been encrypted until the victim attempts to open them or view them on the Windows Explorer. After encrypting the victim's files, the HAHAHA Ransomware displays a ransom note that is contained in the HTA file 'HAHAHA.hta.' The HAHAHA Ransomware's ransom note reads as follows:

'READ IT! otherwise you are FUCKED
[LIST OF ENCRYPTED FILES]
Buy Bitcoins Decrypt Files [TEXT BOX FOR DECRYPTION KEY]
Your pdfs,photos,vIdeos,rar,doeuments etc.. are all ENCRYPTEDILIst of the encrypted files above...you can check by yourself but read all this first or you gonna regret!.To recover your files,send 500$ worth of bitcoins to this bitcoin address: [34 RANDOM CHARACTERS] Then send a email to hugoranl@gmx.com, I'll check the payment and release your files.
ATTENTION:if you close me or turn on the antivirus,i might be removed,BUT your files will still be encrypted!!,So for the good of your files leave me here and do not turn off the computer,IF you accidentaly close me, open the 'TEXT FILE' in your desktop, it have the address to send the bitcoins and email to warn me that you have paid,YOU HAVE 72 HOURS TO PAY OR THE FILES WILL BE DELETED.'

Dealing with the HAHAHA Ransomware

PC security researchers strongly advise computer users to avoid paying the HAHAHA Ransomware ransom. It is equally likely that the people responsible for the HAHAHA Ransomware will simply ignore the payment or ask the victim to pay even more money. Instead of paying the HAHAHA Ransomware ransom, malware analysts advise computer users to remove the HAHAHA Ransomware completely with the help of a reliable security program that is fully up-to-date. The files affected by the HAHAHA Ransomware should be deleted and then replaced with backup copies. Having backup copies of all files is the best way to ensure that your data is protected from threats like the HAHAHA Ransomware, allowing quick recovery and removing all the power from the people responsible for the attack.

Infected with HAHAHA Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect HAHAHA Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 4 + 10 ?