Threat Database Ransomware HappyCrypter Ransomware

HappyCrypter Ransomware

By GoldSparrow in Ransomware

The HappyCrypter Ransomware is an encryption ransomware Trojan that was first observed on September 12, 2017. The HappyCrypter Ransomware was observed on an online anti-virus platform, which is often used by the con artists to test their threat creations and find out if anti-virus programs are able of detecting them. There are several variants of the HappyCrypter Ransomware uploaded on these platforms. The purpose of the HappyCrypter Ransomware and similar threats like most encryption ransomware Trojans is to compromise the victims' files and then demand the payment of a ransom in exchange for the decryption key necessary to restore files affected by the attack.

Some Details about a HappyCrypter Ransomware Infection

The HappyCrypter Ransomware seems to be an independent threat, and not part of a larger family of ransomware like EDA2 or HiddenTear. It also does not appear that the HappyCrypter Ransomware is part of a RaaS (Ransomware as a Service). The HappyCrypter Ransomware runs as an executable file named 'HappyCrypter.exe' on the infected computers. The HappyCrypter Ransomware is nearly identical to a wide variety of other encryption ransomware Trojans that are active currently. The HappyCrypter Ransomware displays a ransom message on the victims' computers over a bright read, alarming background. The HappyCrypter Ransomware also will change the infected computer's desktop image into a ransom note demanding the payment of a ransom. The HappyCrypter Ransomware will target the user-generated files in its attack, while avoiding native Windows files that would be necessary for the Windows operating system to function properly. This allows the victim's computer to continue to be available so that the victim can make a ransom payment and read the ransom note, but it will not be usable since all the victim's data will be gone. Examples of the file types that are typically targeted in these kinds of attacks include:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg, .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The Short and Direct Ransom Note Displayed by the HappyCrypter Ransomware

Although the HappyCrypter Ransomware seems to be a standalone threat, it is clear that large portions of its code are based on HiddenTear and other well-known ransomware Trojans that are active currently. The HappyCrypter Ransomware will display a ransom message on the victim's computer, which reads:

'Oh no!
All your personal files have been locked.
You will be unable to access them until the payment has been recived. Any new files you create will be encrypted. If you attempt to uninstall or tamper with this virus then all your files will be deleted permantly. You need to pay 0.9 bitcoin to have your files restored. Please pay into account bitcoin.com/account/[RANDOM CHARACTERS]'

Due to the current price of Bitcoin, the HappyCrypter Ransomware's ransom demand is close to 3500 USD at the current exchange rate. Computer users should avoid paying this ransom amount. Instead, computer users should take steps to protect their computers preemptively.

Protecting Your Data from the HappyCrypter Ransomware

The best protection against ransomware Trojans like the HappyCrypter Ransomware is to use a reliable backup method. Having file backups of your data means that these people cannot extort you by taking away your data since you can simply regain access to your files by copying them over from a backup copy. Computer users also should use a good security program that is fully up-to-date to protect their data from these threats.

Trending

Most Viewed

Loading...