.Hacked Files Virus – Remove and Restore Your Data - How to, Technology and PC Security Forum | SensorsTechForum.com

.Hacked Files Virus – Remove and Restore Your Data

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article’s purpose is to show you how to fully and safely remove the new Hacked ransomware virus and how to restore files encrypted with the .hacked file extension appended to them.

A new ransomware infection, similar to WannaCry ransomware virus has been detected by security experts. The ransomware adds the .hacked file extension to the files encrypted by it after which drops a ransom note in the form of a program with a padlock image, asking victims to pay 0.5 BTC in order to get their encrypted files decrypted and working again. If you are one of the victims of this virus, it is advisable to read the article below.

Threat Summary

Name.Hacked Virus
TypeRansomware, Cryptovirus
Short Description Encrypts the files on the infected computer and then asks victims to pay a hefty ransom fee in order to have them decrypt the data.
SymptomsAppends the .hacked file extension and a ransom note with instructions appears as a pop-up program on the desktop.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .Hacked Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .Hacked Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Hacked Ransomware – How Did I Get Infected With It

The primary infection method of Hacked ransomware is via spammed e-mail messages. Such may include deceitful claims in them that money has been drawn from your bank account, for example, only to get you to open the malicious e-mail attachments within them. They are usually files of the following file types:

.docx, .vbs, .js, .wsf, .exe

If the files are Microsoft Word document they have a message in them that usually may ask you to click on the “Enable Content” button which directly causes the infection via malicious macros.

Besides those, other methods of infection with Hacked ransomware ,may include uploading the infection file on torrent websites from hacked accounts. The file may pose as a fake setup or other type of fake file.

Analysis of Hacked Ransomware

On first glance, the ransom note of Hacked ransomware looks very similar to WannaCry ransomware, only it is in blue color. This may suggest that it is one of the many WannaCry ransomware copycats that started pouring out 1 month after the outbreak of the virus.

The ransom note of the virus gives a deadline of 3 days for the ransom to be paid. It is one of the multiple files which the Hacked virus drops on your computer after infecting it. The ransomware may drop files in the following Windows folders:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Windows%

The virus then, may pretend to configure updates on your computer, while In fact it is performing the malicious activities it is set to do after initial infection:

The main of those activities may be to heavily modify the Windows Registry Editor and add custom value strings in the following sub-keys:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In addition to this, the Hacked virus may also delete the shadow volume copies of the infected computer, making it impossible to use the shadow volume service to restore them. The commands it may enter for this could be embedded in a .bat (batch) file which the virus may execute as an administrator and run in the background without the user seeing anything. The commands in this script may be the following:

vssadmin.exe Delete Shadows /All /Quiet
bcdedit /set {default} recoveryenabled No
bcdedit /set {default} bootstatuspolicy ignoreallfailures

After this has been conducted, the virus may begin the encryption process.

Hacked Ransomware’s Encryption

In order to encrypt files on the compromised computers by it, Hacked ransomware may be pre-configured to scan those files first. The virus looks for file extensions which are associated with often used files, like:

  • Documents.
  • Audio files.
  • Music files.
  • Videos.
  • Virtual Drives.
  • Archives.

After the Hacked ransomware detects those files, the ransomware immediately replaces enough data from those files to make them seem corrupt and no longer able to be opened. The ransomware then appends the .hacked file suffix to the encrypted files by it, making them appear like the following image:

Remove Hacked Ransomware and Restore .hacked Encrypted Files

In order to delete this ransomware virus, you can follow the instructions for removal below. However if you feel uncertain that manual removal will delete all the files of Hacked ransomware, it is strongly advisable to use a ransomware-specific removal tool to perform the removal automatically.

To restore files, encrypted by the .hacked file virus, we recommend following the alternative methods we have suggested in step “2. Restore files encrypted by .Hacked Virus” below. They may not be 100% effective in restoring all your data, but they may recover some to most of your important files, depending on your situation.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share