HUSTONWEHAVEAPROBLEM Ransomware

HUSTONWEHAVEAPROBLEM Ransomware can cause a real devastation on your system if it can slither onto your system. This severe threat is also known as Matroska Ransomware as other malware researchers may refer to it. We have found that this vicious program is a new variant built on the famous Hidden Tear Ransomware that was originally created for educational purposes and hence the open source code. We have seen a number of variants in the past months, including $ucyLocker Ransomware, Fabsyscrypto Ransomware, and Uyari Ransomware. This infection can encrypt your files and you may not be able to decrypt them since there is no free tool on the web yet. If you have no backup of your files, it is quite possible that you will lose them in this malicious attack. We recommend that you remove HUSTONWEHAVEAPROBLEM Ransomware the moment you realize that you have been hit. But before we reveal our solution for that, let us share with you what we have found out about this dangerous threat.

If this ransomware ended up on your computer, it is quite likely that you have opened a spam e-mail recently and you also viewed its attachment. This malware infection can spread on the web as a malicious attached file in spam e-mails. This file can look like an image, a video, or a text document but it is obviously disguised to deceive you. It is quite possible that this attachment will have a fake extension and a matching file type icon as well. So you may see such an attachment as “invoice2017_01012213.jpg.exe” and you would not even think that this is actually an executable file even though it has to keep the real extension to be able to run as soon as you save it and execute it. The problem is that this spam can be rather convincing and thus it can mislead even more experienced users as well. It is possible that it refers to an unpaid invoices or fines, credit card issues, problems with your bank or Internet provider, and similar issues that could relate to anyone really. Please note that the moment you click to view the attached file is when you initiate this attack. When you delete HUSTONWEHAVEAPROBLEM Ransomware, it does not mean that your files will be decrypted and become usable. Unfortunately, once they have been encrypted, it is most likely that you will not be able to use them again.

It is also possible that these cyber criminals attack you via unprotected remote desktop software. If there is such a program on your computer (e.g., TeamViewer) and your password is quite weak, cyber crooks may find a way to crack it and gain access to your system. Once they break in, they can copy this beast and let it loose on your computer. You will not see this coming for sure. This is why you should always use strong passwords and proper defense for your PC.

Once you initiate this attack or your attackers activate it manually, a fake Windows Defender application window opens. This GUI basically has two types of buttons. You can see a Send Key button at the top, which does not seem to work at all, and some Start buttons. Unsuspecting victims may believe that there has been an issue on their system and now they need to run the defender. So automatically they would click on one of the Start buttons. Unfortunately, this is what starts encrypting your personal files in the given directories. Obviously, this and most of other ransomware as well target your most precious files so that you would be more willing to pay the ransom fee to recover your files. These include your photos, videos, audios, documents, archives, and other third-party program files. The encrypted files get a new “.HUSTONWEHAVEAPROBLEM@KEEMAIL.ME” extension, which clearly shows you which files have been affected. This infection drops a text file in all the folders where files have been encrypted. This file is called “HOW_TO_RECOVER_ENCRYPTED_FILES.txt” and it is the ransom note.

After the encryption is done, this infection does not block your screen or your system processes, and neither does it display the ransom note right away. In fact, you either open this text file yourself or when you restart your computer, it will be displayed automatically. This ransom note informs you that your files have been encrypted and that you have to pay in Bitcoins to be able to decrypt your files. The amount of the fee is not revealed in this ransom note because you have to write an e-mail to “HUSTONWEHAVEAPROBLEM@KEEMAIL.ME” to receive further details. We do not encourage you to contact these criminals or to send them any money either. This usually ends badly for the victims. It is quite possible that you will not get any decryption key or tool at all, or you may get another malicious program instead. We recommend that you remove HUSTONWEHAVEAPROBLEM Ransomware right away.

If you follow our guide below, you can easily eliminate this dangerous threat; however, remember that this will not give your files back. Unfortunately, if you do not have a recently saved backup copy, you may have to say goodbye to all your important files. If you do not want this to ever happen to you again, you should make sure that no malware infection can penetrate your system. For that, we advise you to invest in a decent anti-malware program like SpyHunter.

How to remove HUSTONWEHAVEAPROBLEM Ransomware from Windows

1. Press Win+E.
2. Locate the suspicious executable file you may have downloaded recently and delete it.
3. Search your system for the “HOW_TO_RECOVER_ENCRYPTED_FILES.txt” text files and delete them all, including the ones in these folders:
   %ALLUSERSPROFILE%\Start Menu\Programs\Startup
   %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
4. Empty your Recycle Bin.
5. Restart your computer.