HAT Ransomware

Posted by Lisa Blanc on August 19, 2020

What is HAT Ransomware?

If your Windows operating system is not currently secured against malware, fix this problem ASAP because HAT Ransomware could invade through various different security cracks. Such cracks can be opened by spam emails, unpatched vulnerabilities, malvertising scams, unreliable downloaders, and so on. It does not take much for cybercriminals to find a victim, and if they are successful, all files found on the attacked system are encrypted. What does that entail? When files are encrypted, reading them normally is impossible. According to the researchers at Anti-Spyware-101.com, a tool called ‘Rakhni Decryptor’ exists (created by ransomware researchers), but we cannot know for sure that you will be able to decrypt all of your files using it. Hopefully, that is the case, but even if you cannot recover files, you should not pay attention to the cybercriminals’ demands. Instead, you should focus on deleting HAT Ransomware.testtest

How does HAT Ransomware work?

HAT Ransomware is pretty much identical to CLUB Ransomware, NCOV Ransomware, WCH Ransomware, and a ton of other file-encrypting threats. All of them were built using the malware code that derives from the Crysis Ransomware/Dharma Ransomware (both names represent the same threat); however, different attackers could stand behind different variants. That is something we have to consider because when this malware invades and presents a ransom note – which is always the same – the included email addresses are often unique. Just like its clones, HAT Ransomware uses “Info.hta” and “FILES ENCRYPTED.txt” to present messages from the attacker. The .HTA file opens a window entitled “Zagrec@protonmail.com,” and the .TXT file opens a text message. Both inform that the encrypted files can be decrypted, and that the process starts with victims emailing Zagrec@protonmail.com and bitrequest@tutanota.com. Should you email the attackers? You absolutely should not, and we advise deleting the ransom note files without hesitation. However, users who cannot use a free decryptor or replace the corrupted files might consider following the attackers’ demands before performing the removal of the threat.

Many think that sending a simple email cannot harm anyone. Well, cybercriminals are unpredictable, and they could send you all kinds of messages, including those that are designed to scam you or trick you into downloading malicious files. On top of that, malicious emails could keep flooding your inbox long after you remove HAT Ransomware. So, if you are desperate to contact the attackers, at least use a new email account for the purpose, and then delete it afterward. Hopefully, there is no need for you to contact the attackers because you are not worried about the encrypted files with the “.id-{unique ID code}.[Zagrec@protonmail.com].HAT” extension attached to them. You should not be worried if you know that you can replace the encrypted files with backup copies (it is best to store them online or on external drives, or both) or use the free decryptor. Needless to say, if you do not want to worry about losing files to malware in the future, storing copies in a secure virtual or external drive is very important.

How to delete HAT Ransomware

Hopefully, you can figure out how to decrypt files or replace the corrupted files, but what about the removal of HAT Ransomware? At this moment, that is the most important thing, and you should take care of it first and foremost. We have created a guide with the help of our malware experts that, hopefully, will help delete HAT Ransomware manually. However, we do not believe that this is the best option that there is. We believe that most people should take the automated removal option instead. Once a trusted anti-malware program is installed, there is no need to tackle the detection and removal of malware and the security of the operating system individually. The program can do all of that automatically. Of course, even if you have your system secured completely, creating copies of personal files cannot hurt. If anything poses questions still, or you want to keep discussing the threat, use the comments section.

Removal Instructions

  1. Launch File Explorer, which you can do by tapping Win+E keys.
  2. Enter the following pathsinto the quick access field one at a time:
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %APPDATA%
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %WINDIR%\System32\
  3. Delete the Info.hta file and the {unknown name}.exe file if you find it.
  4. Launch Run by tapping Win+R keys and enter regedit to access Registry Editor.
  5. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  6. Delete three values with random names that are linked to files in step 3.
  7. Finally, Delete the ransom note file named FILES ENCRYPTED.txt (unknown location).
  8. Empty Recycle Bin and quickly install a trusted malware scanner.
  9. Run a system scan and quickly delete any leftovers that might be found. 100% FREE spyware scan and
    tested removal of HAT Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *