T1Happy Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 5 |
| First Seen: | January 31, 2019 |
| Last Seen: | November 3, 2020 |
| OS(es) Affected: | Windows |
The T1Happy Ransomware is an encryption ransomware Trojan that is somewhat unusual because it leaves its source code on the victim's computer, challenging the victim to reverse the encryption routine themselves. The T1Happy Ransomware was first observed on January 23, 2019, and otherwise carries out a typical encryption ransomware Trojan attack. These attacks typically consist of taking the victims' files hostage and then demanding a ransom payment to restore access to the victim's data.
What are the Consequences of a T1Happy Ransomware Infection
The T1Happy Ransomware is delivered to the victims via phishing email messages and by taking advantage of poor security protection on the victim's computer. The T1Happy Ransomware is named after the file process it uses on the victim's computer, T1.exe, and because it marks the files it encrypts in its attack with the file extension '.happy,' added to the end of the file's name. The T1Happy Ransomware uses a strong encryption algorithm to encrypt the user-generated files, which may include files with the following extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The T1Happy Ransomware delivers its ransom note in the form of a text file named 'HIT BY RANSOMWARE.txt' and in a program window with the title 'BAD RABBIT,' which contains the following text:
'HIT_BY_RANSOMWARE
---YOU'VE BEEN HIT BY A RANSOMWARE---
In order to decrypt your files, you must decompile the ransomware
(which is easy) and find out the encryption method (easy aswell)
Next time, think before your execute. Your next ransomware could'nt be
that easy to crack and you would lost all your files 🙁
---YOU'VE BEEN HIT BY A RANSOMWARE---'
'If you access this page your computer has been encrypted/
Time left before the price goes up
[48 hour countdown timer]
Price for decryption:
Bitcoin - 0.05
Enter your personal key or your bitcoin address'
Recovering from a T1Happy Ransomware Attack
After a T1Happy Ransomware attack, it is possible to reverse engineer the decryption key, and PC security analysts may be able to help. However, the best protection against the T1Happy Ransomware is the same as with most other encryption ransomware Trojans: having backup copies of your files. If computer users have copies of their data stored on a secure location such as an unsynchronized cloud account or an external memory device, then they can simply recover from the attack without having to follow along with the criminals' demands. Apart from file backups, computer users need to make sure that their security software is fully up-to-date and their online accounts are protected with strong passwords to prevent attacks like the T1Happy Ransomware's.
