Haka Ransomware
There are more and more new ransomware threats popping up daily as this is seen as an easy method of making a quick buck by cybercriminals. One of the newest data-locking Trojans is the Haka Ransomware. When malware researchers inspected the Haka Ransomware, they found out that this ransomware threat may be a variant of the Planetary Ransomware.
Propagation and Encryption
It has not been determined what propagation method are the creators of the Haka Ransomware employing to spread their file-encrypting Trojans. Cybersecurity researchers speculate that the cybercriminals may be using some of the most common methods - spam emails that contain infected attachments, bogus application updates, and corrupted pirated software. Once the Haka Ransomware gets onto your system, it will begin a swift scan. The point of the scan is to locate the files, which the Haka Ransomware was programmed to go after. Then, the encryption process is triggered, and all the targeted files get locked using an encryption algorithm. The newly locked files will have their names altered. The Haka Ransomware adds a ‘.haka’ extension to the filenames. This means that if you had named a photo ‘summer-holiday-2019.jpeg’ its name will be changed to ‘summer-holiday-2019.jpeg.haka.’
The Ransom Note
The next step is the dropping of the ransom note. The Haka Ransomware’s ransom note is named ‘!!!READ_ME_FIRST!!!.txt.’ Cybercriminals that create ransomware threats often name their notes using all caps and other attention-grabbing symbols like exclamation points so that the user does not somehow overlook the note and miss the message that the cyber crooks are trying to get across. The note states:
’Don't worry, all your files under strong protection!
>>> Contacts:
mydataback@cock.li
datahelper@protonmail.com
>>> What should I include in my message?
1. Your country and city
2. This TXT file
3. Some files for free decryption
>>> Free decryption as guarantee!
Before paying you send us up to 2 files for free decryption.
Send pictures, text files. (files no more than 1mb)
If you upload the database, your price will be doubled
>>> ATTENTION!
1. Do not rename encrypted files.
2. Do not try to decrypt your data using third party software, it may cause permanent data loss.
3. Decryption of your files with the help of third parties may cause increased price (they add their fee to
our) or you can become a victim of a scam.
Your personal ID: ---‘
The authors do not mention how much the ransom fee is. They offer the users to send them two files, which they will decrypt free of if they are no bigger than 1MB in size. The attackers give out two email addresses where they demand the user contacts them – ‘mydataback@cock.li’ and ‘datahelper@protonmail.com.’
It is never recommended to contact cybercriminals or pay them. They are not to be trusted and will likely never deliver on their end of the bargain. A better option is to look into obtaining a reputable anti-virus software suite, which will clear your system of the Haka Ransomware and make sure you do not end up in a similar situation in the future.
