Hacked Ransomware

If your operating system was invaded by Hacked Ransomware, you should find most of your personal files encrypted. All you need to do is find your personal files, and if they have the “.hacked” extension appended to their names, there is no doubt that you are facing this malicious ransomware. You can also figure that out when the ransom note window pops up. This window is entitled “All of your files were protected by a strong encryption with RSA4096,” but that might change depending on the language you use. Our research team has found that the ransom note can be displayed in Italian, Spanish, and Turkish languages as well. The interface of this ransom note is somewhat reminiscent of the one used by the infamous WannaCrypt Ransomware. The main portion of the window is taken over by the ransom note that we discuss further in the report. At the bottom, you are introduced to a Bitcoin Address to which you are expected to make the transaction for an alleged decryptor. On the left, you are shown a lock icon, as well as a timer that shows how much time you have until your files are “lost.” Unfortunately, you cannot recover files by removing Hacked Ransomware, but, of course, this threat must be deleted.

The creator of Hacked Ransomware could use several backdoors to spread this malicious threat, but it is most likely to be distributed using spam emails or by exploiting vulnerable RDP connections. Once the threat is in, it immediately starts encrypting files, and it is suggested that the RSA 4096 encryption algorithm is used for the encryption process. This key is introduced to users via a ransom note window that we already discussed, as well as two different TXT files, “How_to_decrypt_files.txt” and “@readme_English.txt”. Both of them should be created on the Desktop, and they represent the same message as you see in the “All of your files were protected by a strong encryption with RSA4096” window. At the end, you will need to delete these files as well. According to the ransom note, only a special “private key” can decrypt your files – which, unfortunately, is the truth – and that you need to pay for it. The interface of Hacked Ransomware suggests that the price for this key is $2000, and that you need to purchase Bitcoins that are worth this sum and then transfer them to 131mixVnmnijg1DPJZrTTakX3qJLpb675o, which is a Bitcoin Address listed right below. At the moment, 2000 USD converts to around 0.5 BTC. Needless to say, this is a huge ransom fee, and it is unlikely that every victim will be able to pay it. The fact is that no one should. Instead of paying the humongous ransom, you should focus on removing the ransomware.

The main ransomware window also displays the “Decrypt” button. If you click it, you are shown a warning suggesting that if you entered the wrong decryption key, your files would be destroyed. That is something that might push users into buying bitcoins, transferring them to a Bitcoin Address, and then contacting the creator of Hacked Ransomware via payment.hkdecrypt@mail.ru. That is not something we recommended doing because cyber criminals are unlikely to give you a decryptor in return, in which case, you would be losing both files and your savings. Unfortunately, that is the reality that victims of most ransomware infections face. Some of the latest ones include Nulltica Ransomware, Apollolocker Ransomware, and Shiva Ransomware, and you can find their removal guides on this website as well.

Hopefully, you know exactly where the launcher of Hacked Ransomware is. If you do, you should remove it as soon as possible. Of course, your files might be lost for good, but that is not something that should force you into paying the ransomware that is requested in return of an alleged decryption key. At the time of research, a free file decryptor did not exist for this particular threat, but that is something worth looking into. If you cannot recover files, and backups do not exist, you can place them in a separate folder and wait for a decryptor to become available. We cannot promise you that a decryptor would become available, but that is always a possibility. When it comes to the removal, if you cannot delete Hacked Ransomware manually, we strongly recommend installing anti-malware software. Besides getting rid of malware, it will also ensure full-time protection, which, of course, is very important.

Hacked Ransomware Removal

1. Delete any recently downloaded suspicious files.
2. Delete the ransom note file named How_to_decrypt_files.txt.
3. Delete the ransom note file named @readme_English.txt.
4. Empty Recycle Bin.
5. Perform a full system scan to check for any malicious leftovers.