Happy Ransomware Description
At first glance, the Happy Ransomware may appear as a typical representative of that particular class of malware. The Happy Ransomware encrypts the files stored on the compromised computer and renders them both inaccessible and unusable. Each affected file will have its original name modified by having '.happy' appended to it. The threat will also generate a ransom note that will be dropped on the breached system in the form of a text file named 'HIT BY RANSOMWARE.txt.'
This is the point where the Happy Ransomware deviates from the expected ransomware behavior. Usually, the ransom notes contain instructions on how the victims can pay a ransom to the cybercriminals in exchange for receiving a decryption key or a software tool. The notes also provide one or more communication channels that the victims can use to reach the hackers. the Happy Ransomware's note, however, contains neither. It instructs affected users that to restore their locked files they will first have to decompile the threat and then discover the encryption method. The note also advises affected users to be more careful when executing files in the future.
The infosec community has indeed been able to crack the encryption used by the Happy Ransomware. All victims of the threat should search the Internet for the available free decryption software. Keep in mind that the Happy Ransomware must be removed with a reputable anti-malware solution from the computer beforehand as it could just encrypt the data all over again.
The full text of the note is:
'---YOU'VE BEEN HIT BY A RANSOMWARE---
In order to decrypt your files, you must decompile the ransomware (which is easy) and find out the encryption method (easy aswell)
Next time, think before your execute. Your next ransomware could'nt be that easy to crack and you would lost all your files 🙁
---YOU'VE BEEN HIT BY A RANSOMWARE---'