Hitobito Ransomware

Cybersecurity researchers have identified a new ransomware threat named Hitobito. This threatening software encrypts files on the infected devices, rendering them inaccessible to the user. Subsequently, the attackers demand payment from the victims in exchange for the supposed decryption of the affected data. Upon activation, Hitobito adds the '.hitobito' extension to the original filenames of encrypted files. For instance, a file named '1.png' would appear as '1.jpg.hitobito,' and '2.pdf' as '2.pdf.hitobito,' and so on for all locked files.

Following the encryption process, Hitobito displays a ransom note in a pop-up window and generates another in a text file titled 'KageNoHitobito_ReadMe.txt.' Both messages contain identical content. Significantly, it has been determined that the version of the Hitobito Ransomware discovered is decryptable without requiring victims to engage with the attackers.

Hitobito Tries to Extort Its Victims by Taking Data Hostage

Hitobito's ransom notes serve to inform victims that their data has been encrypted, prompting them to engage with the attackers through a chat on a Tor network website to negotiate the decryption price. However, there is a silver lining for those affected by Hitobito – this ransomware is decryptable. The decryption password, or key, is 'Password123' (without the quotation marks).

However, while Hitobito may currently be decryptable, future iterations of this malware could come with different recovery keys. Ransomware typically employs robust cryptographic algorithms and unique keys, making decryption without the involvement of the attackers a rarity.

Furthermore, victims may not always receive the promised recovery keys or software even after meeting the ransom demands. This underscores the risk associated with paying the ransom, as it not only fails to guarantee file decryption but also supports criminal activities.

To prevent further encryption of data by ransomware like Hitobito, it's essential to remove the malware from the operating system. However, it's crucial to understand that removal of the ransomware will not restore files that have already been compromised.

Security Measures to Help You Better Protect Your Data and Devices Against Ransomware Threats

Implementing a multi-layered security approach is essential to better protect data and devices against ransomware threats. Here are some key security measures:

• Consistent Software Updates and Patch Management: Ensure that all operating systems, software applications, and security programs are systematically updated with the newest security patches. Outdated software possessing vulnerabilities can be exploited by ransomware attackers.
•  Use of Anti-Malware Software: Install reputable anti-malware software on all devices and keep them updated. These applications can help detect and prevent ransomware infections before they can cause damage.
•  Firewall Protection: Enable firewalls on all devices and networks to monitor and control incoming and outgoing traffic. Firewalls can help block ransomware from accessing devices and spreading across networks.
•  Employee Training and Awareness: Educate employees about the risks of ransomware and teach them how to identify suspicious emails, links and attachments. Conduct regular security awareness training to promote safe computing practices.
•  Access Controls and Least Privilege: Limit user privileges and access rights to only those necessary for their roles. Reinforce the principle of least privilege to minimize the impact of ransomware attacks by restricting access to sensitive data and critical systems.
•  Data Backup: Regularly back up data to offline or cloud-based backup solutions. Ensure that backups are encrypted, regularly tested for reliability, and stored securely.
•  Network Segmentation: Segment networks to set apart critical systems and private data from other parts of the network. This can help to stop the spread of ransomware and limit the damage caused by an infection.

By implementing these security measures, organizations can better protect their data and devices against ransomware threats and pare down the risk of falling victim to these damaging attacks.

The ransom demand delivered to the victims of the Hitobito Ransomware reads:

'Ooops, your files have been encrypted by Kage No Hitobito Group!

All your important files and documents have been encrypted by us.

Step 1:
On your current desktop, open up your default browser.
Search for Tor Browser or visit hxxps://www.torproject.org/
If you cannot access Tor then use a VPN to get it instead.
Then download to the Tor Browser and follow Step 2.

Step 2:
Navigate to the group chat and select 'Hitobito' from the username list.
Message with your situation and the price you are willing to pay for your files.
hxxp://notbumpz34bgbz4yfdigxvd6vzwtxc3zpt5imukgl6bvip2nikdmdaad.onion/chat/
If you do not know how to private messasge, ask the chat, they are usually friendly.
Though we advise you not to click links or follow any discussion they talk of.

Step 3: This is the important part, the one where you restore your computer quickly.
If you negotiate correctly and pay our ransom, we will send you a decryptor.
Reminder that 'Hitobito' can be impersonated or be one of several group members.'