Hucky Ransomware Virus Uses the .Locky File Extension - How to, Technology and PC Security Forum | SensorsTechForum.com

Hucky Ransomware Virus Uses the .Locky File Extension

01A virus meant to infect Hungarian users, dubbed Hucky by the malware researcher Jakub Kroustek has been identified to be based on Microsoft Visual basic. The virus is very particular in it’s actions and it pretends very cleverly to be Locky ransomware, however in reality it is completely different animal. The Hucky virus even uses Locky’s ransomware message along with a padlock picture and he Locky name beneath it and even appends the .locky file extension to the encrypted files. Anyone who has been infected by this virus should know that it may not be as sophisticated and undecryptable as the original Locky virus and soon a decryptor may be released for it. In the mean time we advise reading this article to learn more about Hucky ransomware and learn how to remove the virus and try to restore your files using alternative methods.

Threat Summary

Name

Hucky

TypeRansomware
Short DescriptionBased on Microsoft Visual Basic, the malware encrypts users files using a encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.
SymptomsThe user may witness ransom notes and “instructions” and a sound message all linking to a web page and a decryptor. The file-extension .locky has been added to the encrypted files.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Hucky

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Hucky Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Hucky Virus – How It Infects

Since Hucky aims to profit primarily from Hungarian users, by taking advantage of how famous Locky ransomware has become, they may be using similar tactics to distribute the malware as well. This includes the usage of combined tools like malware obfuscators, tools that help spam the malicious infection file as well as tools that assist in masking the file as if it was legitimate.

The e-mail messages may contain convincing statements to open the attachments, such pretending to be an e-mail from a bank, an online store or even a message with no topic or body, just containing the attachment. At the moment it is not confirmed but an Exploit Kit or a JavaScript type of attack may have been used to conduct a successful and non-detected infection and download the payload of Hucky virus from it’s command and control (C&C) servers most likely based in Hungary.

Hucky Virus – More Information

There are several key differences between Hucky and the original Locky virus it is aiming to imitate. When researchers executed the virus, they have successfully managed to establish the similarity in the wallpaper it uses to the original Locky wallpaper:

hucky-ransomware-sensorstechforum-ransom-notes-comparison-locky

The similarity is the same with a ransom note it leaves on a text file that can be opened in notepad and is named “_Adatork_visszaalitasahos_utasitasok”. What is different between Hucky virus and Locky, however is that Hucky claims to use a combination of RSA-3092 and AES-128 which may or may not be true.

Furthermore, when Hucky’s payload is dropped on an infected computer, it begins to encrypt pictures, PDF files. Microsoft Office documents and audio files and many other types of files adding the .Locky file extension to them, for example:

picture-locky-sensorstechforum-encrypted-hucky-ransomware

Hucky Ransomware – Conclusion, Removal and File Decryption

In brief the Hucky ransomware is most likely a low-quality imitation of the Locky ransomware virus, because it’s ransom instructions do not lead users to tor based pages and instead request victims to contact the e-mail address [email protected] Anyone who has been infected by this ransomware virus are strongly advised to take the necessary actions that are recommended which are to remove the virus and while waiting for decryptor to attempt other file restoration methods.

First, if you want to remove Hucky yourself, we advise you to not do it manually because it involves interference with all the Hucky’s registry values created in different subkeys as well as its malicious files and this may be risky for your files in some situations. This is why experts recommend using an advanced anti-malware software which will automatically ensure the full removal of all Hucky associated objects and detect other malware if present. Whatever your choice for removal may be, automatic or manual, we advise using our instructions below for both.

If you want to restore your files, we have also provided in step “2. Restore Files Encrypted by Hucky” alternative variants to solve this issue yourself. Bear in mind that you should try them solely at your own risk and they are not 100% guarantee to work.

Manually delete Hucky from your computer

Note! Substantial notification about the Hucky threat: Manual removal of Hucky requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Hucky files and objects
2.Find malicious files created by Hucky on your PC

Automatically remove Hucky by downloading an advanced anti-malware program

1. Remove Hucky with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Hucky
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...