Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Hackerman Ransomware

Hackerman Ransomware appears to be another malicious program based on software called HiddenTear Ransomware. So far there is not much information about the threat since researchers cannot find a properly working sample. However, we are almost one hundred percent sure that the infection is targeted at Spanish-speaking users, as the displayed ransom note is in Spanish only. It demands users to pay a particular sum in exchange for decryption tools, but it does not say how the malicious application’s creators could deliver it. Therefore, we advise you not to risk your money for a product which may not exist at all. Instead, we would encourage you to get rid of the application and keep reading the article not only to find out more details about the infection but also learn about possible ways to recover the encrypted data.

Firstly, our specialists did research on how this threat could be spread. Apparently, the malware’s developers might be distributing it through malicious email attachments. Thus, Hackerman Ransomware should infect user’s computer after launching a suspicious file, most likely received with Spam emails. If you did not know this already, opening such data is often considered risky, especially if it is sent by someone you are not familiar with or recognized as spam. Another way to protect the system would be to scan suspicious email attachments with a reliable antimalware tool. If you do not use it already, it might be the right moment to consider such option.

While our specialists were testing Hackerman Ransomware, they noticed that the malware is using the AES cryptosystem and it should encipher only personal files, e.g. text or other documents, images, photos, videos, etc. After the encryption, these files could be marked with an additional .locked extension. For example, if you had an image called nature.jpg before the encryption, afterward it should look like nature.jpg.locked. Needless to say that the affected data becomes useless, as there it is impossible to open it.

Eventually, the malicious program should display a random note that could appear in the form of a text document, image, and so on. As we mentioned in the begging, the note contains a message in Spanish. To be more precise, there should be a single sentence demanding to pay the ransom. Strangely, the cyber criminals do not give any email address to contact them or more detailed instructions on how to pay the ransom. Also, the message does not say how the user would receive his purchased decryption tools.

Clearly, paying the ransom would be a huge risk as there are no guarantees at all. It is doubtful that Hackerman Ransomware’s creators care about your files and no one can be certain that they can decrypt the enciphered data. If you think this could be a waste of money too, we advise you to erase the malware instead of paying the ransom.

You should also know that the threat was based on a malicious application created for educational purposes called HiddenTear Ransomware. Therefore, there is a chance that the decryption tool for the mentioned threat could work on files enciphered by Hackerman Ransomware, so if your data is irreplaceable, it might be worth to look for such tools on the Internet. Another way to recover enciphered files is to replace them with copies if you have any on external hard drive or other storages that were not infected by the malware.

Removing the infection manually might be a difficult task since you would have to find a malicious executable file with a random name. If you recall downloading any suspicious email attachments or other files, you should suspect them first, because it probably was the file you had launched before the malware appeared. Users could check the instructions provided below as they might be useful. Nonetheless, users who cannot find the malicious file themselves, could acquire a reliable antimalware tool and use its scanning feature to locate Hackerman Ransomware. Once the tool finishes scanning the system, it should display a deletion button. Just click the button, and all detections will be eliminated.

Remove Hackerman Ransomware

  1. Open the File Explorer by pressing Win+E combination.
  2. Navigate to the Downloads, Temporary Files, or Desktop directory and look for the malicious file.
  3. Select the infected file, right-click it and press Delete.
  4. To remove it completely empty the Recycle Bin.
Download Spyware Removal Tool to Remove* Hackerman Ransomware
  • Quick & tested solution for Hackerman Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.