.HakunaMatata Files Virus (restaurar arquivos)

.HakunaMatata Files Virus (restaurar arquivos)

.HakunaMatata file virus, também conhecido como HakunaMatata ransomware, is a ransomware infection that encrypts the victim’s files and appends the .HakunaMatata extension once the encryption is finalized. The cryptovirus will then display a ransom note containing instructions on the payment process. As usual, the ransom is demanded in Bitcoin, and this time it is reported to be 0.5 Bitcoin.

Resumo ameaça

Nome.HakunaMatata File Virus
Tiporansomware, vírus de arquivo
Pequena descriçãoThe file virus encrypts files on a victim’s computer likely using RSA-2048 and AES-256 bit encryption.
Os sintomasThe file virus will encrypt the targeted files and append the .HakunaMatata extension on each of them once the encryption process is finished.
distribuição MétodoOs e-mails de spam, Anexos de e-mail
Ferramenta de detecção See If Your System Has Been Affected by .HakunaMatata File Virus


Remoção de Malware Ferramenta

Experiência de usuárioParticipe do nosso Fórum to Discuss .HakunaMatata File Virus.
Ferramenta de recuperação de dadosWindows Data Recovery por Stellar Phoenix Aviso prévio! Este produto verifica seus setores de unidade para recuperar arquivos perdidos e não pode recuperar 100% dos arquivos criptografados, mas apenas alguns deles, dependendo da situação e se você tem ou não reformatado a unidade.

.HakunaMatata File Virus Distribution

The file virus can infect a victim’s computer relying on various methods. The payload file which has the malicious script is highly likely spread online. The payload dropper may be scattered on social media websites and file-sharing networks. It could also be “bundled” within freeware packages. For the security of your own files, it’s highly recommended that you don’t open unknown files, including email attachments.

.HakunaMatata File Virus Technical Description

Keep in mind that the .HakunaMatata file virus could alter the Windows Registry so that it becomes persistent. New registry entries may be added that will launch the file virus automatically upon every reboot of the system.

Once the encryption process has finished, the ransomware virus will display a ransom note on the desktop stating its demands such as amount of ransom and means of payment. Security research shows that the ransom note is located in a file dubbed Recover files yako.html. The “yako” word means “yours” in Swahili.

This is the text from the ransom note:

Encrypted files!
All your files are encrypted.Using AES256-bit encryption and RSA-2048-bit encryption.
Making it impossible to recover files without the correct private key.
If you are interested in getting is the key and recover your files
You should proceed with the following steps.
To get in touch you should use the Bitmessage system,
You can download the Bitmessage software at https://bitmessage.org/
After installation you should send a message to the address
Bitmsg: BM-2cWcp***
If you prefer you can send your Bitmenssages from a web browser
Through the webpage https://bitmsg.me this is certainly the most practical method!
Abaixo está um tutorial sobre como enviar bitmessage via navegador web: https://bitmsg.me/
1 B° Open in your browser the link
Make the registration by entering name email and password.
2 B° You must confirm the registration, return to your email and follow the instructions that were sent.
3 B° Return to site sign in
4 B° Click the Create Random address button.
5 B° Click the New massage button
6 B° Sending message
Para: Insira o endereço: BM-2cWcp***
Sujeito: Enter your key: afe299***
Menssage: Descreva o que você acha necessário
Click the Send message button.
Your message will be received and answered as soon as possible!.
Send message to: BM-2cWcp***
Your Key: afe299***

The ransom demanded by the operators of .HakunaMatata file virus is 0.5 Bitcoin. Supostamente, cybercriminals would send the decryption key for the encrypted files so that the victim can restore them. Infelizmente, Mais frequentemente do que não, cybercriminals accepts the payments and never send the decryption key. That is why security researchers never recommend paying the ransom. Em vez de, alternative recovery methods can be attempted.

Regarding the file extensions the file virus targets, no information is available yet. What is known is that targeted files are encrypted with the .HakunaMatata extension. De acordo com a nota de resgate, the encryption algorithm applied by the virus is a combination of 2048-bit RSA and 256-bit AES.

por fim, recent ransomware infections tend to delete the Shadow Volume Copies by using the this command in the Command Prompt:

→vssadmin.exe delete shadows /all /Quiet

.HakunaMatata File Virus Removal and File Restoration

If you are an experienced user, you may try and remove the file virus by following the manual instructions given below. In any other case, using an anti-malware program is preferable.


Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum para 4 anos. Gosta de ‘Sr.. Robot’e medos‘1984’. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar