Threat Database Ransomware T1Happy Ransomware

T1Happy Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 5
First Seen: January 31, 2019
Last Seen: November 3, 2020
OS(es) Affected: Windows

The T1Happy Ransomware is an encryption ransomware Trojan that is somewhat unusual because it leaves its source code on the victim's computer, challenging the victim to reverse the encryption routine themselves. The T1Happy Ransomware was first observed on January 23, 2019, and otherwise carries out a typical encryption ransomware Trojan attack. These attacks typically consist of taking the victims' files hostage and then demanding a ransom payment to restore access to the victim's data.

What are the Consequences of a T1Happy Ransomware Infection

The T1Happy Ransomware is delivered to the victims via phishing email messages and by taking advantage of poor security protection on the victim's computer. The T1Happy Ransomware is named after the file process it uses on the victim's computer, T1.exe, and because it marks the files it encrypts in its attack with the file extension '.happy,' added to the end of the file's name. The T1Happy Ransomware uses a strong encryption algorithm to encrypt the user-generated files, which may include files with the following extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The T1Happy Ransomware delivers its ransom note in the form of a text file named 'HIT BY RANSOMWARE.txt' and in a program window with the title 'BAD RABBIT,' which contains the following text:

In order to decrypt your files, you must decompile the ransomware
(which is easy) and find out the encryption method (easy aswell)
Next time, think before your execute. Your next ransomware could'nt be
that easy to crack and you would lost all your files 🙁

'If you access this page your computer has been encrypted/
Time left before the price goes up
[48 hour countdown timer]
Price for decryption:
Bitcoin - 0.05
Enter your personal key or your bitcoin address'

Recovering from a T1Happy Ransomware Attack

After a T1Happy Ransomware attack, it is possible to reverse engineer the decryption key, and PC security analysts may be able to help. However, the best protection against the T1Happy Ransomware is the same as with most other encryption ransomware Trojans: having backup copies of your files. If computer users have copies of their data stored on a secure location such as an unsynchronized cloud account or an external memory device, then they can simply recover from the attack without having to follow along with the criminals' demands. Apart from file backups, computer users need to make sure that their security software is fully up-to-date and their online accounts are protected with strong passwords to prevent attacks like the T1Happy Ransomware's.


Most Viewed