Click on screenshot to zoom
Danger level 6
Type: Trojans

HCK Ransomware

You might have been tricked into letting HCK Ransomware into your own Windows operating system. Do you remember that happening? Cybercriminals could have used a clever spam email or a malicious downloader to introduce you to the infection’s launcher. Unfortunately, not much effort is required on the attackers’ part to execute malware, and that is why it is thriving. All kinds of threats can be observed, including trojans, info-stealers, keyloggers, adware, and so on, but it appears that the malware of today is ransomware. It is easy to build and easy to proliferate, and if it attacks files successfully, it can make victims do silly things. Unfortunately, this malware is able to encrypt all personal files, and since they are likely to be important for you, you are likely to be trying everything to get them back. That is what the attackers are hoping from you. Of course, we do not recommend doing anything that the attackers instruct you to do. Instead, we recommend figuring out how to remove HCK Ransomware.

Did you know that HCK Ransomware is part of the Crysis/Dharma Ransomware? This malware was built several years ago now, but its code is alive and well, and different cybercriminals keep reusing it to build their own versions of the ransomware. A few other threats from the same family include CLUB Ransomware, LCK Ransomware, 8800 Ransomware, and ROGER Ransomware. They are meant to invade your system silently, and if it succeeds – which is only possible if anti-malware software does not exist to catch and delete the infection – the encryption of your personal files begins. Once the data within your files is encrypted, they cannot be read, and the “.ID-{*}.[cavefat@tuta.io].HCK” extension should be attached to their names. So, if you see a file with a blank icon and this extension appended to the original name, there is no doubt that it was corrupted by HCK Ransomware. So, what can you do to get your files back? Well, ransomware is designed in a way that it would be impossible to decrypt files manually, but security experts have built their own Crysis/Dharma Ransomware decryptor – Rakhni Decryptor. We cannot know if you will employ it successfully, but why not give it a chance?

If you do not learn about the free decryptor in time, or if this tool does not work for you – which easily could be the case – the attackers behind HCK Ransomware might trick you into doing several risky things. A file named “FILES ENCRYPTED.txt” is dropped, and the infection also launches a window. The file and the window are meant to introduce you to a message, according to which you need to contact the attackers immediately by sending an email to cavefat@tuta.io or ripntfs@protonmail.com. Sending cybercriminals a message is a very risky move because that could grant them the opportunity to flood you with all kinds of emails. Of course, the initial reason behind this communication is to convince you to pay for a decryptor that the attackers behind HCK Ransomware are offering. So, would you get a decryptor if you paid the ransom? Highly unlikely, which is why we believe that paying the ransom is another risky move. Hopefully, you can keep your money to yourself because the free decryptor works, and if it does not work, perhaps you have backup copies of the corrupted files, and you can use them as replacements.

Even if a miracle happened, and all of your files got decrypted, you would still need to delete HCK Ransomware from your operating system. Have you tried everything, but your files remain encrypted? If that is the case, you need to remove HCK Ransomware anyway. Obviously, when it comes to any kind of malware, the sooner you get rid of it, the better. We recommend implementing anti-malware software in this situation because it can automatically delete malicious threats, and because it also can secure your operating system. As long as your system is secured, and your files’ copies are stored in a secure location, you will not need to worry about ransomware again. If you are still interested in manual removal, note that the infection’s launcher could be anywhere, and so you have to know how to track and identify malware components before you can proceed.

HCK Ransomware Removal

  1. Delete the ransom note file named FILES ENCRYPTED.txt.
  2. Identify the {unknown name}.exe file that launched the infection.
  3. Right-click the launcher file and choose Delete.
  4. Empty Recycle Bin and then quickly install a trusted malware scanner.
  5. Run a system scan to make sure that no leftovers remain.
Download Spyware Removal Tool to Remove* HCK Ransomware
  • Quick & tested solution for HCK Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.