A new ransomware virus, called Bad Rabbit has been reported to menace users and encrypt the files on their computers. The ransomware aims to slither unnoticed via a variety of distribution methods and the use file encryption in order to render the files on the computers of victims to make them unable to be opened. Then, the ransomware drops the HIT BY RANSOMWARE.txt ransom note which asks victims to pay ransom to get their files back. If your computer has been infected by the .happy files virus, we would strongly suggest that you read the article underneath thoroughly.
|Name||.happy Files Virus|
|Short Description||Variant ofBad Rabbit ransomware. Aims to extort victims by using file encryption as it’s main weapon.|
|Symptoms||Files cannot be opened and have the .happy extension added. A ransom note is dropped, called HIT BY RANSOMWARE.txt.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by .happy Files Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .happy Files Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.happy Files Virus – Distribution Methods
In order for this ransomware virus to be replicated it may come to computers by being uploaded as an e-mail attachment. Such attachments often make it seem as the malicious files being spread are:
- Important documents.
- Banking statements.
Once victims download and open the file, infection with .happy Bad Rabbit is inevitable. In addition to this, the ransomware virus could aslo perform an infection through a malicious file that is uploaded on legitimate websites. Such sites can often turn out to be multiple different software providing sites, that may advertise viruses as:
- Portable versions of software.
Bad Rabbit .happy Ransomware – Analysis
Once your computer has been infected with the Bad Rabbit ransomware’s .happy file iteration, the ransomware may drop files in the following Windows directories:
- %System Drive%\VS-Projekte\T1\T1\obj\Release\T1.pdb
- %Desktop%\HIT BY RANSOMWARE.txt
The main files that are dropped by BadRabbit ransomware could be the following:
qqf85h6c.bmp – the picture with the note loaded on the service finndev.net
The ransomware also drops it’s ransom note, called HIT BY RANSOMWARE.txt which asks victims to pay around 0.05 BTC in order to get their files back and the ransomware may give around 48 hours time as a deadline. The ransom note text file has the following message to victims:
—YOU’VE BEEN HIT BY A RANSOMWARE—
ln order to decrypt your files, you must decompile the ransomware
(which is easy) and find out the encryption method (easy aswell)
Next time, think before your execute. Your next ransomware could’nt be
that easy to crack and you would lost all your files :(
—YOU’VE BEEN HIT BY A RANSOMWARE—
The main note of the .happy files virus is different than the text file and it may appear like the following:
Text from Image:
If you access this page your computer has been encrypted.
Time left before the price goes up:
Price for decryption:
Enter your personal key or your bitcoin address.
Bad Rabbit .happy Ransomware – Encryption
The primary encryption activity of Bad Rabbit ransomware is conducted with the aid of AES (Advanced Encryption Standard). The ransomware virus aims to encrypt file types that belong to the following groups of often used files:
- Audio files.
- Virtual drive type of files.
The files are added the .happy extension after their core file structure is scrambled, using the AES encryption. They appear like the following:
Remove Bad Rabbit Ransomware and Try Restoring .happy Files
If you want to remove nsomware from your computer, we would recommend that you follow the removal instructons that are underneath this article. They have been created with the main goal to assist you in removing this malware either manually by using the info in this article or automatically (reccomended). For automatic removal we would advise you what most cyber-security experts would and that is to download and run a scan of your PC using an advanced anti-malware software. This program aims to scan your computer in order to detect malicious files that belong to Bad Rabbit ransomware and remove them effecitvely, automatically and safely plus ensure that your computer stays protected against any infections that might occur in the future as well.
If you want to try and restore files, encrypted by the .happy variant of Bad Rabbit ransomware, we would suggest that you follow the “Try to restore” methods underneath. They are not a 100% guarantee to be able to help you restore all of your encrypted files, but with their aid, you might be able to retrieve at least some of your data.