HandShake Ransomware

The HandShake Ransomware has so far not been classified as belonging to any of the already established ransomware families. However, the HandShake Ransomware operates as a typical malware of this type. It aims to infect the user's devices and then encrypt the files stored there with a strong cryptographic algorithm. To restore access to their locked data users will be instructed to pay a ransom to the hackers.

While most ransomware threats modify the names of the files they encrypt, HandShake forgoes this step and leaves the names intact. As for the ransom note with instructions, it is displayed as a pop-up window on the system's screen. The pop-up window shows a list of all encrypted files on the device and their total number. To unlock the data, users will have to enter the correct password into the corresponding field. However, the actual instructions are extremely short and lack any meaningful details besides an email address - no-reply@forgetit.com, that victims can use to contact the cybercriminals.

Generally, it is not recommended to enter into negotiations with ransomware operators, no matter how dire the situation may seem. Not only will users potentially expose themselves to additional security risks, but there are absolutely no guarantees that the hackers will be able to restore all of the encrypted data, and that is if they send the required password at all.

The ransom note shown by HandShake is:

'HandShake v1.0
All your files belong to us!
** files have been encrypted

Your files can only be retrived by entering the correct password.
In order to get the password please send a mail to
no-reply@forgetit.com.'