Home News Victim of Hakbit Ransomware? Don’t Pay for it

Victim of Hakbit Ransomware? Don’t Pay for it

Ransomware, supply chain and ransomware

Are your files infected by Hakbit Ransomware? Yes. But don’t worry. Emsisoft, a specialized cybersecurity company has released a decryptor for your assistance.

As per Emsisoft, Hakbit Ransomware encrypts its victims’ files using AES-256 (AES stands for Advanced Encryption Standard) and appends the encrypted files with the extension “.crypted”. AES is a symmetric key cipher. This means the same secret key is used for both encryption and decryption, and both the sender and receiver of the data need a copy of the key. The advantage of symmetric systems like AES is their speed. Because a symmetric key algorithm requires less computational power than an asymmetric one, it’s faster and more efficient to run.

Once installed, Hakbit hides itself by randomly naming its executable to one of the following: lsass.exe, svchst.exe, crcss.exe, chrome32.exe, firefox.exe, calc.exe, mysqld.exe, dllhst.exe, opera32.exe, memop.exe, spoolcv.exe, ctfmom.exe, or SkypeApp.exe.

Hakbit has a distinguishing feature that has not been seen in any ransomware until now. Once the files are encrypted, the victim’s desktop image is replaced with a ransom note that also includes a QR code, leading the victim to the bitcoin wallet address, where the ransom is to be deposited. We would like to believe that truly this is a first of its kind and the victim’s convenience has been given top priority.

Emsisoft’s Hakbit Ransomware Decryptor Tool

Although breaking AES-256 encryption is a difficult and tedious process, Emsisoft has found a solution to the Hakbit Ransomware attack. They have created a decryptor tool which is available for free on Emsisoft’s official website. Emisoft says, “Regardless of what the Hakbit ransom note might say, our decryption tool can help you recover your files for free. Support for this tool is provided by the experts at Bleeping Computer.”

Ransomware attacks have seen a steep rise in the recent past. Attackers have started targeting government organizations and larger companies having bigger clusters of networks and computers rather than individual machines.

Very recently, the Louisiana state government fell victim to a ransomware attack that took down its IT systems and websites. Governor John Bel Edwards confirmed the damages of the attack by tweeting,” The attack impacted the public state government’s email, website, and other online applications.”

The ransomware attacks are not just limited to the U.S. government. In another incidence, the Government of Nunavut fell victim to a sophisticated ransomware attack. “All government services requiring access to electronic information stored on the Government of Nunavut (GN) network are impacted, except Qulliq Energy Corporation,” said the Premier of Nunavut, Joe Savikataaq.