RUHAPPY Description

A newly emerging hacking group from North Korea has been making the headlines recently. This group is known as APT37 (Advanced Persistent Threat) or ScarCruft. The APT37 group appears to be employed by the North Korean government and used as their cyber-attack-dogs alongside the infamous Lazarus hacking group. The majority of the the ScarCruft hacking group targets are prone to be located in South Korea, but there have been some notable campaigns against targets in the Middle East too. The APT37 group has a preference for stealth, and they design their tools to operate silently and remain under the radar of their victims for as long as possible. This way, the ScarCruft group can collect more information about its targets.

Can Render a System Inoperable

Despite the fact that most of the hacking tools in the APT37 arsenal are tailored towards stealth, they also have more destructive threats like the RUHAPPY wiper. Researchers have determined that the RUHAPPY wiper has been used in campaigns in unison with another one of the ScarCruft group hacking tools – the DOGCALL malware. The latter threat is used for collecting information about the infected system and then delivering and planting an additional harmful payload. When the RUHAPPY wiper is planted as a second-stage payload onto the compromised host, it has a rather destructive task at hand. The purpose of the RUHAPPY threat is to overwrite the MBR (Master Boot Record) of the hard disk. It is likely that if the RUHAPPY wiper is successful in its task, the users systems may be damaged permanently. If the victims attempt to restart their computers, the RUHAPPY wiper will present them with a ‘Are you Happy?’ message on their screen.

Luckily, since 2017, we have not heard of any new activity linked to the RUHAPPY wiper so that there may be a chance that the ScarCruft group may have retired this hacking tool. However, the APT37 group is doing the bidding of the North Korean government clearly, seeing that there have been reports of infection with the RUHAPPY wiper from various military and government bodies located in South Korea.

Do You Suspect Your PC May Be Infected with RUHAPPY & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like RUHAPPY as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.