Hyena Locker Ransomware

The Hyena Locker Ransomware is an encryption ransomware Trojan that was first observed on July 11, 2018. The Hyena Locker Ransomware is a variant on preexisting ransomware threats, and there is little to differentiate the Hyena Locker Ransomware from the many other, similar threats active currently. The Hyena Locker Ransomware is mainly spread using corrupted email attachments and attacks that will prevent the victims from accessing their files and then it demands a ransom payment to restore access to the affected data.

Like Its Fellow Mammal the Hyena Locker Ransomware can be Frightening

The email messages delivering the Hyena Locker Ransomware will use damaged macro scripts to download and install the Hyena Locker Ransomware onto the victim's computer. Once the Hyena Locker Ransomware has been installed, the Hyena Locker Ransomware will use the AES and RSA encryptions to make the victim's files inaccessible. The Hyena Locker Ransomware will target a variety of the user-generated files in its attack, which may include numerous media files, documents, databases, backups, configuration files and many others. The following are examples of the files that threats like the Hyena Locker Ransomware may target in their attacks:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The Hyena Locker Ransomware will mark the files it encrypts with the file extension '[hyena@rape.lol].HYENA', which it will include to the file's name after the attack has been carried out. The Hyena Locker Ransomware delivers its ransom note in the form of a text file named '!_HOW_RECOVERY_FILES_!.txt.' which the victims could see on the computers' desktop. The text of this ransom note is:

'>>>> HYENA LOCKER <<<< HELLO, DEAR FRIEND! 1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ] Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the decryption program. 2. [ HOW TO RECOVERY FILES? ] To receive the decryption program write on our e-mail: hyena@rape.lol or hyena@cock.lu And in subject write your ID: ID-[redacted 6 hex] We send you full instruction how to decrypt all your files. 3. [ FREE DECRYPTION! ] Free decryption as guarantee. We guarantee the receipt of the decryption program after payment. To believe, you can give us up to 3 files that we decrypt for free. Files should not be important to you! (databases, backups, large excel sheets, etc.) >>>> HYENA LOCKER <<<<'

Dealing with the Hyena Locker Ransomware Infection

Malware experts advise computer users to avoid contacting the criminals responsible for the Hyena Locker Ransomware. Instead, precautions should be taken to limit the extent of the damage caused by these threats. The best insurance is to have file backups stored on the cloud or an external memory device. A combination of file backups and an updated security program can help protect from the Hyena Locker Ransomware and similar threats.