.happy Files Virus (Bad Rabbit) - How to Remove It

.happy Files Virus (Bad Rabbit) – How to Remove It

This article has been created to explain what is the HIT BY RANSOMWARE.txt virus and how you can remove it plus try to restore .happy encrypted files.

A new ransomware virus, called Bad Rabbit has been reported to menace users and encrypt the files on their computers. The ransomware aims to slither unnoticed via a variety of distribution methods and the use file encryption in order to render the files on the computers of victims to make them unable to be opened. Then, the ransomware drops the HIT BY RANSOMWARE.txt ransom note which asks victims to pay ransom to get their files back. If your computer has been infected by the .happy files virus, we would strongly suggest that you read the article underneath thoroughly.

Threat Summary

Name.happy Files Virus
TypeRansomware, Cryptovirus
Short DescriptionVariant of
What is BAD RABBIT ransomware virus and how does it encrypt your MBR? How to remove the BAD RABBIT virus and how to restore your files without paying ?
Bad Rabbit ransomware. Aims to extort victims by using file encryption as it’s main weapon.
SymptomsFiles cannot be opened and have the .happy extension added. A ransom note is dropped, called HIT BY RANSOMWARE.txt.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .happy Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .happy Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.happy Files Virus – Distribution Methods

In order for this ransomware virus to be replicated it may come to computers by being uploaded as an e-mail attachment. Such attachments often make it seem as the malicious files being spread are:

  • Invoices.
  • Receipts.
  • Important documents.
  • Banking statements.

Once victims download and open the file, infection with .happy Bad Rabbit is inevitable. In addition to this, the ransomware virus could aslo perform an infection through a malicious file that is uploaded on legitimate websites. Such sites can often turn out to be multiple different software providing sites, that may advertise viruses as:

  • Cracks.
  • Patches.
  • Keygens.
  • Activators.
  • Portable versions of software.
  • Freeware.
  • Hacktools.

Bad Rabbit .happy Ransomware – Analysis

Once your computer has been infected with the Bad Rabbit ransomware’s .happy file iteration, the ransomware may drop files in the following Windows directories:

  • %Desktop%
  • %User_folders%
  • %TEMP%
  • %System Drive%\VS-Projekte\T1\T1\obj\Release\T1.pdb
  • %Desktop%\HIT BY RANSOMWARE.txt

The main files that are dropped by BadRabbit ransomware could be the following:

→ T1.exe
.exe – randomly named executable
qqf85h6c.bmp – the picture with the note loaded on the service finndev.net

The ransomware also drops it’s ransom note, called HIT BY RANSOMWARE.txt which asks victims to pay around 0.05 BTC in order to get their files back and the ransomware may give around 48 hours time as a deadline. The ransom note text file has the following message to victims:

ln order to decrypt your files, you must decompile the ransomware
(which is easy) and find out the encryption method (easy aswell)
Next time, think before your execute. Your next ransomware could’nt be
that easy to crack and you would lost all your files :(

The main note of the .happy files virus is different than the text file and it may appear like the following:

Text from Image:

If you access this page your computer has been encrypted.
Time left before the price goes up:
Price for decryption:
-0.05 BTC
Enter your personal key or your bitcoin address.

For communication, the cyber-criminals may use the e-mail addresses [email protected] and [email protected]

Bad Rabbit .happy Ransomware – Encryption

The primary encryption activity of Bad Rabbit ransomware is conducted with the aid of AES (Advanced Encryption Standard). The ransomware virus aims to encrypt file types that belong to the following groups of often used files:

  • Documents.
  • Images.
  • Audio files.
  • Videos.
  • Archives.
  • Virtual drive type of files.

The files are added the .happy extension after their core file structure is scrambled, using the AES encryption. They appear like the following:

Remove Bad Rabbit Ransomware and Try Restoring .happy Files

If you want to remove nsomware from your computer, we would recommend that you follow the removal instructons that are underneath this article. They have been created with the main goal to assist you in removing this malware either manually by using the info in this article or automatically (reccomended). For automatic removal we would advise you what most cyber-security experts would and that is to download and run a scan of your PC using an advanced anti-malware software. This program aims to scan your computer in order to detect malicious files that belong to Bad Rabbit ransomware and remove them effecitvely, automatically and safely plus ensure that your computer stays protected against any infections that might occur in the future as well.

If you want to try and restore files, encrypted by the .happy variant of Bad Rabbit ransomware, we would suggest that you follow the “Try to restore” methods underneath. They are not a 100% guarantee to be able to help you restore all of your encrypted files, but with their aid, you might be able to retrieve at least some of your data.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share