Haters Ransomware

The Haters Ransomware is an encryption Trojan that looks and behaves like the Cerber 3 Ransomware, but it has nothing to do with that particular form of crypto-threat. The Haters Ransomware Trojan is a copycat that uses the ransom note of Cerber 3 and similar cryptographic algorithms with the aim to fool users into believing that they have been compromised by one of the most efficient Trojans of last year. The Trojan aims to create the premise that there is only one way to recover access to your data when Cerber 3 is on your PC. However, the Haters Ransomware is a standalone project and malware researchers may be able to break its code and develop a decryption software.

At the time of writing, the first samples of Haters Ransomware have been collected and submitted for an in-depth analysis. Cyber security investigators were aware of the Haters Ransomware as far back as May 2nd, 2017 but there was no conclusive proof that it is not based on Cerber 3 until recently. Evidently, the Haters Ransomware is a standard crypto-threat, which is introduced to systems via spam emails and incorporates customized AES-256 and RSA-2048 ciphers. The threat is reported to run as 'CryptoCerber.exe' and 'Cerber3Ransomware.exe' on infected devices, as well as display the ransom note in a blank program window titled 'Form2.' Some researchers may refer to the Trojan at hand as FTSCoder Ransomware due to the string 'FTSCoder,' which was found in the code of the threat. We suspect that the work on the Haters Ransomware is not finished since there is no wallet address and payment instructions for users to refer to. However, the encryption engine inside the Haters Ransomware is fully operational. The name of the threat is derived from the marker placed on corrupted objects, which is a string of letters that says '.haters.' For example, 'Google Now Commands.pptx' is renamed to 'Google Now Commands.pptx.haters.' We have seen samples of the Haters Ransomware that are programmed to encipher data containers in the following formats:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The Haters Ransomware may be just an imitation of Cerber as the 'Suppteam01@india.com' Ransomware is to the CryptoLocker Ransomware, but it is just as effective. Computer users that are smart and fear threats like the Haters Ransomware can prepare for potential attacks by installing a backup manager, take advantage of services like Dropbox and run a reliable anti-malware shield. Unfortunately, it is impossible to regain access to the data that was corrupted by the Haters Ransomware unless the cyber extortionists provide you with the appropriate tool. It is best to make backups of your files regularly to avoid paying the ransom and ensure that you have clean files to revert to. AV scanners may alert users of objects associated with Haters Ransomware by showing the following tags:

• MSIL.Trojan-Ransom.FTSCoder.A
• Ransom.Cryptolocker
• Ransom_STUPFTS.C
• TR/FileCoder.qbumr
• Trojan ( 00500fdf1 )
• Trojan.GenericKD.4988558
• Win32.Trojan.Gen.Frt
• Win32:Malware-gen
• a variant of MSIL/Filecoder.DP