HACKED Ransomware

The HACKED Ransomware is an encryption ransomware Trojan that is related to the Jigsaw Ransomware, a family of ransomware Trojans that first started making waves in December 2016. PC security analysts have noticed various versions of the threats in this family released in 2017. Some other variants in the same family as the HACKED Ransomware include such ransomware as the Payransom Ransomware, the CryptoHitman Ransomware, and the Payms Ransomware. The HACKED Ransomware receives its name because the files it encrypts will have the file extension '.hacked added to their names. The HACKED Ransomware is being distributed using spam email attachments currently. It also is likely that the HACKED Ransomware could spread through corrupted advertisements and links on low-quality Web pages or another shady online content. Spam email messages used to spread the HACKED Ransomware will use social engineering tactics to trick computer users into opening a corrupted attached file that, when opened, downloads and installs the HACKED Ransomware on the victim's computer frequently.

The HACKED Ransomware Mimics a Windows Update in Its Attack

Apart from typical ransomware delivery methods, the HACKED Ransomware impersonates a Windows Update to carry out its attack. The HACKED Ransomware will display a screen designed to mimic a legitimate Windows Update screen to make victims believe that an update is being downloaded instead of the ransomware attack being carried out. Since the HACKED Ransomware only mimics the Windows Update screen for Windows 7, it seems that this is the only version of the Windows operating system that the HACKED Ransomware attacks (unlike most other encryption ransomware Trojans that seem to target most versions of the Windows operating system).

What are the Effects of a HACKED Ransomware's Infection

The creators of the HACKED Ransomware use AutoIt, a Windows scripting tool, to obfuscate the HACKED Ransomware infection. There are several versions of the HACKED Ransomware, each using a different lock screen and graphical user interface. The two ransom notes that have been observed in two different versions of the HACKED Ransomware attack are:

'Your computer has been encrypted
You must pay .25 Bitcoins within 24 hours
Or .35 after 24 hours
To get your files back
After 48 hour your computer will be destroyed if you have not paid
HACKED
Your Bitcoin payment address is:
[Bitcoin_payment_address]'

and

'All of your files were protected by a strong encryption with RSA4096
What happened to my files ?
Decrypting of your files is only possible with the help of private key and decryp
How can i get my files back ?
the only way to restore your files ...
So, there are two ways you can choose
1- wait for a miracle and get your price doubled
2- or restore your data easy way if you have really valuable data you better not waste your time, because there is no other way to get your files, except make a payment
What should i do next ? Buy decryption key
1. Buy Bitcoin (https://blockchain.info)
2. Send amount of 0.5 BTC to address: 131mixvnmnijg1lDP3ZrTTakx3qJLpb675o
3. Transaction will take about 15-30 minutes to confirm.
4. When transaction is confirmed, send email to us at payment.hkdecrypt@mail.ru
5. Write subject of your mail with : HACKED
6. Write content of your mail with : - Restore my files Bitcoin payment : (YOUR BITCOIN TRANSACTION ID)'

The HACKED Ransomware displays its ransom note in several languages. PC security researchers have observed variants of the HACKED Ransomware ransom note with the following file names: readme_English.txt, Leggimi_decrypt_Italian.txt, Readme_Spanish.txt and How_to_decrypt_files.txt. Like most encryption ransomware Trojans, the main mission of the HACKED Ransomware attack is to encrypt the victim’s files by using a robust encryption algorithm and then demands a ransom payment from the victim. Because of this, the file backups are the best prevention against these attacks.