Ransomware Decryption Tools
Decryptor for Hakbit Ransomware
Hakbit Ransomware
Ransomware
Ransomware Decryption Tools 2019-2020
Decryptor for Hakbit Ransomware
The Hakbit ransomware targets businesses and encrypts its victim's files using AES-256.
Hakbit encrypts its victims’ files using AES-256 and appends with the extension “ .crypted ”. On installation, Hakbit attempts to conceal its presence by randomly naming its executable to one of the following: lsass.exe, svchst.exe, crcss.exe, chrome32.exe, firefox.exe, calc.exe, mysqld.exe, dllhst.exe, opera32.exe, memop.exe, spoolcv.exe, ctfmom.exe, or SkypeApp.exe.
The ransom note "HELP_ME_RECOVER_MY_FILES.txt" contains the following text:
Atention! all your important files were encrypted!
to get your files back send 300 USD worth in Bitcoins and contact us with proof of
payment and your Unique Identifier Key.
We will send you a decryption tool with your personal decryption password.
 |
| Decryptor for Hakbit Ransomware |
How to decrypt your files
-Download the decryptor from the same site that provided this “How To” document.
-Run the decryptor as an administrator. The license terms will show up, which you must agree to by clicking the “Yes” button:
-After accepting the terms, select a ransom note by clicking the “Browse” button. Then click the “Start” button.
-The decryptor will display the reconstructed encryption details once the recovery process has finished. The display is purely informational to confirm that the required encryption details have been found:
-Once a key is found, click “OK” to open the primary decryptor user interface:
By default, the decryptor will pre-populate the locations to decrypt with the currently connected drives and network drives. Additional locations can be added using the “Add” button.
-Decryptors typically offer various options depending on the particular malware family. The available options are located in the Options tab and can be enabled or disabled there. You can find a detailed list of the available Options below.
-After you have added all the locations you want to decrypt to the list, click the “Decrypt” button to start the decryption process. The screen will switch to a status view, informing you about the current process and decryption status of your files:
-The decryptor will inform you once the decryption process is finished. If you require the report for your personal records, you can save it by clicking the “Save log” button. You can also copy it straight to your clipboard to paste it into emails or forum posts if you are asked to.
Available decryptor options
The decryptor currently implements the following options:
-Keep encrypted files
Since the ransomware does not save any information about the unencrypted files, the decryptor can’t guarantee that the decrypted data is identical to the one that was previously encrypted.
Therefore, the decryptor by default will opt on the side of caution and not remove any encrypted files after they have been decrypted. If you want the decryptor to remove any encrypted files after they have been processed, you can disable this option. Doing so may be necessary if your disk space is limited.
Please send us the questions you want to ask by writing in the comments below.
0 Comments