Hackerman Ransomware

The Hackerman Ransomware is an encryption Trojan that supports a Spanish version and belongs to the Hidden tear family of ransomware. The Hackerman Ransomware is deployed to users by spam email with attached corrupted documents and malvertising campaigns. Internet users may be delivered messages that resemble payment notifications from online stores like Amazon and photos from social media like Instagram, which feature an attached PDF, DOCX and RAR file. These objects could be embedded with a corrupted JavaScript and macro that is designed to be run by Windows and result in the installation of the Hackerman Ransomware.

Avoid Spam Emails and Messages from Unknown Senders

Security researchers report that the Hackerman Ransomware is using open-source encryption resources that are modified to prevent detection by anti-malware shields. The Hackerman Ransomware features several layers of obfuscation, encryption, and packaging to hinder heuristics analysis as well. The Hackerman Ransomware is a common encryption Trojan that is programmed to target commonly used data containers for images, video, audio, text, presentations and databases. The Hackerman Ransomware can encode data stored locally and on thumb drives that are connected to the PC and remain plugged-in while the encryption is underway. The Hackerman Ransomware is likely to encode most of you data in the following folders:

• %UserProfile%\Desktop
• %UserProfile%\Downloads
• %UserProfile%\Documents
• %UserProfile%\Pictures
• %UserProfile%\Music
• %UserProfile%\Videos

The '.Locked' File Marker is Appended to Objects that are Corrupted by the Hackerman Ransomware

Additionally, the creator of the Hackerman Ransomware designed the Trojan at hand to append the '.locked' extension to corrupted files. For example, 'Ghibli's Hayao Miyazaki.docx' is transcoded by the Hackerman Ransomware to 'Ghibli's Hayao Miyazaki.docx.locked' and no office suit will be able to load the data inside. Users would still be bale to move, delete and copy the '.locked' files but that is the extent of the operations they would be able to perform. The ransom note is delivered to the desktop and appears as 'Leeme Por Favor.txt,' which is Spanish for 'Read Me Please.txt.' Reports suggest that the managers of the operators behind the Hackerman Ransomware may require from 0.5 Bitcoin to 1 Bitcoin to release the proper decryptor.

Paying the Ransom and Trusting Threat Creators are Two Things You Should not Do

Security experts advise against paying the ransom since you are not a customer for a legitimate service and should not trust extortionists. Instead, you could use backup images and archives to recover your data. Malware analysts may be able to help you decipher the encrypted files in the future when a decryptor is released on the Internet. Do not forget that removing the Hackerman Ransomware will require a credible anti-malware scanner and services like Google Drive and Mega could help you restore your data structure relatively fast. Some AV vendors may detect executable used by Hackerman Ransomware as:

• MSIL/Filecoder.Y!tr
• Malware/Win32.Generic.C1020407
• Ransom.HiddenTear
• Ransom.Ryzerlo.S4
• Ransom_CRYPTEAR.SM
• Ransomware-FTD!F2A41F855A6E
• Troj/HTRansom-B