Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Decrypt Files Encrypted by HappyDayzz(BlackJoker) Virus

Article created to show you how to remove HappyDayzz ransomware and decrypt .happydayzz encrypted files without having to pay 0.5 BTC to the cyber-criminals.

A ransomware virus reported to be an iteration of the notorious Globe ransomware version 3 has been reported to be spread on a global scale. The ransomware infection has also been reported to drop a ransom note named How To Recover Encrypted Files.hta in which it points out that the victims must pay the sum of 0.5 BTC to decrypt the encrypted files. However, malware researchers have come up with a decryption software with which you can decode your files for free. If you want to get rid of the HappyDayzz threat and recover your files, we recommend that you read this article carefully.

HappyDayz Globe v3 Virus – More Information

This particular ransomware infection is believed to be widespread via multiple different methods on a global scale. One of those methods is e-mail spam of deceitful messages, containing malicious e-mail attachments, like the image below shows:

When victims open the malicious archive, it It, they can either discover a file that is a document and infects after you click on the “Enable Content” button or a file that is actually an executable type of file (.js, .exe, .dll, .tmp, .vbs) and can infect simply by being opened.

After the malicious file is opened, infection is immediate and done via malware obfuscator which actually hides the HappyDayzz ransomware’s malicious files while they are being downloaded. The files may be more than one and may be in various Windows folders under different names:

After the files are downloaded on the computer of the victim, the virus begins to change it’s settings. Among it’s activity is modifying Windows Registry entries and deleting shadow volume copies on the compromised machine. The virus also drops Globe ransomware’s ransom note, as shown by the image on the top of this article.

Then, HappyDayzz ransomware may employ encryption on the files of the victim PC. Among the encrypted files may be documents, images, database files, music, video files and archives as well. The files encrypted by the virus may look like the following image:

Fortunately, users do not have to pay a hefty ransom fee to get the files back. Instead, we have provided instructions on how to use the Emsisoft Globe decrypter and get your data back for free. We advise you to make sure to backup your files and remove the HappyDayzz virus before attempting the decryption instructions and read them carefully.

HappyDayzz Ransomware Removal Instructions

In order to remove this virus firstly, you can try either the Manual instructions or the Automatic ones in case you are not tech savvy. Be sure to know that reverse engineers and security experts always recommend scanning your computer with an advanced anti-malware software for maximum effectiveness during removal.

Manually delete HappyDayzz from your computer

Note! Substantial notification about the HappyDayzz threat: Manual removal of HappyDayzz requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove HappyDayzz files and objects
2.Find malicious files created by HappyDayzz on your PC

Automatically remove HappyDayzz by downloading an advanced anti-malware program

1. Remove HappyDayzz with SpyHunter Anti-Malware Tool and back up your data

HappyDayzz Ransomware Decryption Instructions

In order to successfully decrypt files enciphered by HappyDayzz ransomware you are going to need several details to begin with. First, you will need an original file and an encrypted file.

encrypted-file-original-file-globe-ransomware-sensorstechforum

In case you cannot find one, make sure to browse through the default wallpaper folder of the same version of your Windows OS. Here is an example of the location of the default folders for wallpapers for different Windows versions:

C:\Windows\Web\Wallpaper
C:\Users\UserProfile\Pictures
C:\Users\UserProfile\Sample Pictures

After having located an original and an encrypted file, make sure to download the decrypter by clicking on the download button below:

Download

Globe v3 Decrypter

Make sure to save the decrypter somewhere easy to find and open it. Then follow the steps below:

Step 1: Drag and drop the encrypted file and the original file together into the decrypter, like the animated image below demonstrates:

globe2-ransomware-drag-drop-filess

Step 2: The decrypter will begin a brute forcing sequence. Simply wait until your key has been discovered:

decrypt-globe2-instructions-bruteforcing-key-sensorstechforum

2-i-1-nemucod-key-found-globe2-sensorstechforum

Step 3: After this, click on OK and the main interface of the decrypter should appear. From it, choose Add Files to add all the files that you wish to be deciphered.

3-globe2-main-ninterface-sensorstechforum-1

Step 4: After you have added your files, click on the Decrypt button so that the decrypter can begin the deciphering operation.

6-globe2-decrypt-files-sensorstechforum

At this point you will begin to see on the live feed at the middle of the decrypter’s interface which files were successfully decoded:

4-decrypted-files-globe2-sensorstechfrum

HappyDayzz Ransomware – The Bottom Line

In case you have been infected by the .happydayzz variant of Globe and have decrypted the files successfully, we recommend focusing on protecting your computer in the future and avoiding such unfortunate turn of events from happening again to you.

We have prepared several simple tips that you can follow and stay safe in the future:

Tip 1: Make sure to read our general protection tips and try to make them your habit and educate others to do so as well.
Tip 2: Install an advanced anti-malware program that has an often updated real-time shield definitions and ransomware protection.

Tip 3: Seek out and download specific anti-ransomware software which is reliable.

Tip 4: Backup your files using one of the methods in this article.

Tip 5: Make sure to use a secure web browser while surfing the world wide web.

Tip 6: Learn how to protect yourself from malicious e-mails.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

  • luis

    Sorry, the extension of the files are .happydayzz with three “Z”, for this inconvenience I think this method does not work for me. Do you know any decrypter for .happydayzzz? (sorry for my English).

    Example file: [[email protected]] .FA80E5467292B179AAD3C0743D1E16D71E412C4F85.happydayzzz

    • Yes, i have written in the answer to Maravento with alternative link.

      • luis

        Sorry, I do not see any links. I have the original file and the encrypted file but I guess this method does not work because the encrypted files have the extension. .zzz (3z)

      • sorry. what link????. This method does not work because the file ends with .happydayzzz (not happydayzz) 3z

  • Wilfre

    https://uploads.disquscdn.com/images/b2d12595030da7cf6679e52ad750f4d1c362e8e5d51d0416bc5b46bd243f9a78.jpg I have the same problem, the encrypted files are with 3Z “.happydayzzz”, some option to help please, thank you very much

    • luis

      you found a some solution?… hablas español?

      • Wilfre

        Hola Luis: Aun No, solo nos queda aguardar y buscar otras alternativas (guarde por separado mis archivos encriptados) y bueno instale un nuevo antivirus para que este tipo de casos no vuelva a suceder.

        • luis

          lol, algo así hice… le puse otro HDD a mi laptop para seguir trabajando en ella, también usare un programa de recuperación de archivos eliminados (recuva, wondershare data recovery, etc) para recuperar los archivos eliminados por el ransomware en el disco infectado y bueno guardare ese HDD hasta encontrar una solución en el futuro para desencriptar todo(ojala cercano).

          Si encuentras algún método coméntalo por favor.

  • Muy buen artículo, pero tiene un solo problema. “Arrastrar y soltar el archivo cifrado y el archivo original junto al descifrador” (el archivo original no existe porque fue cifrado por el ransomware)

    • Hello, You can look for original files in multiple different Default Windows picture folders, for example in %Windows% or %System32%

      • thanks Vencislav. I’ll check it out

      • alej

        Sorry. The files does not exist and the ext is happyzzz (3z)

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.