When executed on a breached device, the Honkai Ransomware will encrypt the files stored there and alter their names by adding a unique victim ID, the attackers' email address and the '.honkai' extension. The original filename, '1.jpg,' for example, will be changed to '1.jpg[id-f48tSVGB].[firstname.lastname@example.org].honkai.' After the encryption process, the ransomware creates a ransom note named '#DECRYPT MY FILES#.html' on the desktop of the system. The Honkai Ransomware threat is part of the Paradise malware family.
Honkai Ransomware's Demands
The ransom message informs the victims that their files have been encrypted by cybercriminals and decryption will cost a yet-to-be-specified amount that will escalate if the victim delays contacting the perpetrators. Payment is expected to be made in Bitcoin. The victim is given the opportunity to test the decryption of three files, within certain restrictions, at no cost. The message warns that attempting to alter the files encrypted by the Honkai Ransomware, using external decryption tools, executing anti-malware software, or removing the ransomware itself may result in permanent data loss. The ransom message also states that the decryption keys of other victims will not work, as each attack is carried out using unique encryption keys.
Decryption is often impossible without the involvement of the cybercriminals. However, it is common for victims who pay the ransom not to receive the promised decryption keys or tools. Therefore, it is not recommended to pay the ransom, as it supports illegal activities.
Ways to Prevent Attacks from Threats Like the Honkai Ransomware
Regularly backing up critical data to an external device or cloud service can help prevent data loss in case of a ransomware attack. This way, if the attack occurs, the victim can restore the backed-up data without having to pay the ransom. In addition, keeping all software and operating systems up-to-date can help prevent attacks, as many updates contain security patches to fix vulnerabilities.
Users also should learn about safe computing practices, which can greatly diminish the risk of an attack. This includes being cautious of suspicious emails and attachments, avoiding visiting untrusted websites, and not clicking on pop-up advertisements. Additionally, implementing strong passwords, using reputable security software, and disabling macros in office documents can further improve the overall security posture and help prevent ransomware attacks.
The full text of Honkai Ransomware's ransom note is:
'Your files are encrypted!
Paradise Ransomware Team!
Your personal ID
Your personal KEY
Your important files produced on this computer have been encrypted due a security problem.
If you want to restore them, write to us by email.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
FREE DECRYPTION AS GUARANTEE!
Before payment you can send us 1-3 files for free decryption.
Please note that files must NOT contain valuable information.
The file size should not exceed 1MB.
As evidence, we can decrypt one file
HOW TO OBTAIN BITCOINS!
Our Bitcoin Address: 392vKrpVxMF7Ld55TXyXpJ1FUE8dgKhFiv
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price
Also you can find other places to buy Bitcoins and beginners guide here:
write to Google how to buy Bitcoin in your country?
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
You are guaranteed to get the decryptor after payment
As evidence, we can decrypt one file
Do not attempt to use the antivirus or uninstall the program
This will lead to your data loss and unrecoverable
Decoders of other users is not suitable to decrypt your files - encryption key is unique'