Haxerboi Ransomware

The Haxerboi Ransomware is an encryption ransomware Trojan that was first observed on March 26, 2018. The Haxerboi Ransomware seems to have been created by an amateur or a group of amateurs and seems to be unfinished. The Haxerboi Ransomware references the infamous WannaCry Ransomware Trojan to attempt to make it seem as if it is a high-profile ransomware Trojan, but it seems that the Haxerboi Ransomware is a very basic ransomware Trojan with few, if any, advanced features. The Haxerboi Ransomware is a variant of HiddenTear, an open source ransomware Trojan engine that is responsible for countless variants being used in attacks today.

How the Haxerboi Ransomware Attack will Affect Your Data

The Haxerboi Ransomware has been linked to a threat building platform named 'HaxerBoi malware builder V 0.1,' which the cybercrooks can use to release multiple versions of the Haxerboi Ransomware to carry out short-term attacks quickly. The Haxerboi Ransomware delivers a ransom note in English and attempts to encrypt the victim's files to demand a ransom payment. The Haxerboi Ransomware will target the victim's user-generated files, including things like images, music, Office documents, and numerous other file types. The Haxerboi Ransomware will use the AES 256 encryption to make the files inaccessible, and will mark the encrypted files by adding the file extension '.haxerboi' to the files' names. The Haxerboi Ransomware will deliver a ransom note to the victim, which will demand the payment of a ransom in exchange for the instrument needed to recover the affected files after encrypting the victim's files. The following are some of the file types that are commonly targeted in attacks like the Haxerboi Ransomware:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Haxerboi Ransomware’s Ransom Demands

The Haxerboi Ransomware will deliver a ransom note, where it specifies its demands. The Haxerboi Ransomware runs on the infected computer using an executable file named 'hackerBoi.exe,' which runs the Haxerboi Ransomware encryption mechanism and displays a program window with the title 'OOPS YOUR FILES HAVE BEEN ENCRYPTED.' This window demands the payment of 10 USD using Bitcoin, which the victim is asked to transfer to the cybercrooks' Bitcoin wallet address. Since there is no contact email address for the con artists or ID for the victims, it is very unlikely that paying the Haxerboi Ransomware ransom will result in restoring the affected files, small as the ransom is. The cybercrooks have no way of knowing whether a victim has made a payment or which computer was infected, making it clear that they have no intention of following up with any victims that pay the Haxerboi Ransomware ransom. Because of this, as with any other ransomware Trojans, you shouldn't pay the Haxerboi Ransomware ransom amount or contact the extortionists in any way.

Dealing with the Haxerboi Ransomware Infection

The best protection against the Haxerboi Ransomware and similar threats is to have file backups. Having the ability to restore the files after a Haxerboi Ransomware attack is quite important, and will thwart these attacks completely. A security product that is fully up-to-date can prevent the Haxerboi Ransomware from being installed initially.