Quote:

We just released a new free decryption tool for the Hakbit ransomware strain. Hakbit has multiple confirmed victims, including home users and businesses in the United States and Europe.

While ransom notes are usually text files, Hakbit demands are displayed by changing the victim’s desktop wallpaper. Possibly uniquely, the wallpaper includes a QR code that points to the attackers’ Bitcoin address.

You can download the FREE decryption tool linked below. A detailed guide is also included.

Download the Hakbit Decryptor here

Technical details

Hakbit encrypts its victims’ files using AES-256 and appends with the extension “.crypted”. On installation, Hakbit attempts to conceal its presence by randomly naming its executable to one of the following: lsass.exe, svchst.exe, crcss.exe, chrome32.exe, firefox.exe, calc.exe, mysqld.exe, dllhst.exe, opera32.exe, memop.exe, spoolcv.exe, ctfmom.exe, or SkypeApp.exe.

The ransom note reads:

Quote:Atention! all your important files were encrypted!
to get your files back send 300 USD worth in Bitcoins and contact us with proof of
payment and your Unique Identifier Key.
We will send you a decryption tool with your personal decryption password.

Where can you buy Bitcoins:

https://www.coinbase.com
https://localbitcoins.com

Contact: hakbit@protonmail.com.

Bitcoin wallet to make the transfer to is: 12grtxACJZkgT2nGAvMesgoM4ADHJ6NTaW
Unique Identifier Key (must be sent to us together with proof of payment):
Number of files that you could have potentially lost forever can be as high as: 3396

...