.HakunaMatata Files Virus (Restore Files)

.HakunaMatata Files Virus (Restore Files)

.HakunaMatata file virus, also known as HakunaMatata ransomware, is a ransomware infection that encrypts the victim’s files and appends the .HakunaMatata extension once the encryption is finalized. The cryptovirus will then display a ransom note containing instructions on the payment process. As usual, the ransom is demanded in Bitcoin, and this time it is reported to be 0.5 Bitcoin.

Threat Summary

Name.HakunaMatata File Virus
TypeRansomware, File Virus
Short DescriptionThe file virus encrypts files on a victim’s computer likely using RSA-2048 and AES-256 bit encryption.
SymptomsThe file virus will encrypt the targeted files and append the .HakunaMatata extension on each of them once the encryption process is finished.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .HakunaMatata File Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .HakunaMatata File Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.HakunaMatata File Virus Distribution

The file virus can infect a victim’s computer relying on various methods. The payload file which has the malicious script is highly likely spread online. The payload dropper may be scattered on social media websites and file-sharing networks. It could also be “bundled” within freeware packages. For the security of your own files, it’s highly recommended that you don’t open unknown files, including email attachments.

.HakunaMatata File Virus Technical Description

Keep in mind that the .HakunaMatata file virus could alter the Windows Registry so that it becomes persistent. New registry entries may be added that will launch the file virus automatically upon every reboot of the system.

Once the encryption process has finished, the ransomware virus will display a ransom note on the desktop stating its demands such as amount of ransom and means of payment. Security research shows that the ransom note is located in a file dubbed Recover files yako.html. The “yako” word means “yours” in Swahili.

This is the text from the ransom note:

Encrypted files!
All your files are encrypted.Using AES256-bit encryption and RSA-2048-bit encryption.
Making it impossible to recover files without the correct private key.
If you are interested in getting is the key and recover your files
You should proceed with the following steps.

To get in touch you should use the Bitmessage system,
You can download the Bitmessage software at https://bitmessage.org/
After installation you should send a message to the address
Bitmsg: BM-2cWcp***
If you prefer you can send your Bitmenssages from a web browser
Through the webpage https://bitmsg.me this is certainly the most practical method!
Below is a tutorial on how to send bitmessage via web browser: https://bitmsg.me/
1 B° Open in your browser the link
Make the registration by entering name email and password.
2 B° You must confirm the registration, return to your email and follow the instructions that were sent.
3 B° Return to site sign in
4 B° Click the Create Random address button.
5 B° Click the New massage button
6 B° Sending message
To: Enter address: BM-2cWcp***
Subject: Enter your key: afe299***
Menssage: Describe what you think necessary
Click the Send message button.
Your message will be received and answered as soon as possible!.
Send message to: BM-2cWcp***
Your Key: afe299***

The ransom demanded by the operators of .HakunaMatata file virus is 0.5 Bitcoin. Supposedly, cybercriminals would send the decryption key for the encrypted files so that the victim can restore them. Unfortunately, more often than not, cybercriminals accepts the payments and never send the decryption key. That is why security researchers never recommend paying the ransom. Instead, alternative recovery methods can be attempted.

Regarding the file extensions the file virus targets, no information is available yet. What is known is that targeted files are encrypted with the .HakunaMatata extension. According to the ransom note, the encryption algorithm applied by the virus is a combination of 2048-bit RSA and 256-bit AES.

Lastly, recent ransomware infections tend to delete the Shadow Volume Copies by using the this command in the Command Prompt:

→vssadmin.exe delete shadows /all /Quiet

.HakunaMatata File Virus Removal and File Restoration

If you are an experienced user, you may try and remove the file virus by following the manual instructions given below. In any other case, using an anti-malware program is preferable.


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share