HACK Ransomware

HACK Ransomware is an infection that is part of the Dharma Ransomware family. We cannot say whether this program was created by the same attackers who are responsible for paydra@cock.li Ransomware, basecrypt@aol.com Ransomware, bestdecoding@cock.li Ransomware, and many other infections from this family. It is more likely that the attackers have used a code that is already built. That gives an opportunity to amateurs and less experienced cyber attackers. Due to this, it is possible that different distribution methods could be employed as well. Some infections from this family could be distributed using malicious downloaders, others could be spread with the help of malware-dropping Trojans, and spam emails could be used in some cases too. Unfortunately, after a successful invasion, most of these infections encrypt files, which means that they can no longer be read. After that, HACK Ransomware deletes itself, but that does not mean that removal is no longer an issue.

You must have found the “.id-[code].[mr.hacker@tutanota.com].HACK” extension appended to the files that this malicious infection has encrypted. This infection includes a unique ID code that every victim is provided with, an email address that you can use to reach cyber criminals, as well as the word “HACK.” This word has no particular meaning, and it is simply added for affect. That being said, with thousands of file-encrypting threats in the world, it is important to identify them somehow, and this unique extension is where the name of HACK Ransomware comes from as well. Some victims and malware researchers, however, might identify it as “mr.hacker@tutanota.com Ransomware” as well. This email address is even presented as the title of the window that this infection launches. According to the message inside, victims have seven days to contact the attackers and pay a ransom fee to get their files decrypted. After seven days, the so-called “secret key” is meant to be destroyed. Well, since you cannot restore files by removing HACK Ransomware or removing the added extension, this might seem like an option.

A file named “RETURN FILES.txt” is created as well, and it also instructs to email mr.hacker@tutanota.com. By the way, both messages introduce mrhacker@cock.li as an alternate email address. If you contacted the attackers behind HACK Ransomware, you would expose yourself to them, which is why you need to think long and hard before getting involved. Once you decide that you do want to send a message to the attackers, create an email account that you will not use ever again. This will protect you from the possibility of getting scammed in the future. When the attackers respond, do not fulfill the demands immediately. The attackers want you to pay the ransom, but you do not know if it exists, if it will be sent to you, and if a malicious infection will be sent in its place. These are all real risks you would face by contacting the creator of HACK Ransomware. If you weigh all the pros and cons and decide that you want to take the risk, go ahead, but remember that our research team does not recommend it. Before you take any risks, check your external and online backups. Maybe you have copies and backups of your most important files already, and you do not need to waste your savings on a decryptor that might not even exist.

As we mentioned earlier, HACK Ransomware should delete itself after encryption. Why do infections self-destruct? That is because the launcher file serves no purpose beyond that. That might make the overall removal easier, but you must not just assume that the threat is gone. Malware can be unpredictable, and so it is wise to install a reliable malware scanner to check if your system is clean. We hope that it is and that you can go back to normal, day-to-day activities in no time; especially if you use your computer for work or studies. While we cannot help you restore the files corrupted by the infection, we hope that backups exist and that you can use them to replace the encrypted files. Whether or not that is how things work out, do not postpone the removal of HACK Ransomware (if it remains active), and also do not forget to secure your operating system. We advise employing reliable anti-malware software.

HACK Ransomware Removal

1. Delete every single copy of the RETURN FILES.txt file.
2. Install a legitimate malware scanner.
3. Scan your operating system to check for the {random name}.exe launcher file.
4. If the launcher or other threats are found, eliminate them immediately.