Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HappyDayzz ([blackjockercrypter@gmail.com].hex.happydayzz Ransomware Help topic


  • Please log in to reply
9 replies to this topic

#1 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:37 PM

Posted 20 March 2017 - 02:34 PM

A new ransomware was discovered that encrypts files and renames files in the format of "[blackjockercrypter@gmail.com].hex.happydayzz" to the filename. An example encrypted file may be renamed to "[blackjockercrypter@gmail.com].5A47567A6133527663433570626D6B3D0D0A.happydayzz".
 
It also drops a ransom note called How To Recover Encrypted Files.hta which looks like this:
 
Ransom note is shown as:
42bc46d1df0ce73f7a3969e4aaa40661.png

Any suspicious files, or the malware file can be submitted here.


Edited by xXToffeeXx, 20 March 2017 - 02:37 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


BC AdBot (Login to Remove)

 


m

#2 Amigo-A

Amigo-A

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:10:37 PM

Posted 20 March 2017 - 03:26 PM

Demonslay335 signed this HappyDayzz as Globe v.3 (1 month ago)
 
Globe v3 Ransomware
Extension: .happydayzz
Ransom Note: How To Recover Encrypted Files.hta
Email: happydayz@india.com
Examples of encrypted files:
rg7NM6UunexeWIsYtbJBRM.happydayzz
mKCX9v4Cv1qT0Q3JoeQlLw.happydayzz
FiHsMKD11BWhz02w5QQ25g.happydayzz
1bO01x-m-a8mU2-nea9sc5nspuRsTN5UoU6JKptCEUU.happydayzz
qKOU0HzYmu33+EAQBfjpqD+C+TeMAXU7jHdE30a-Ix0.happydayzz

Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:37 PM

Posted 20 March 2017 - 03:43 PM

 

Demonslay335 signed this HappyDayzz as Globe v.3 (1 month ago)
 
Globe v3 Ransomware
Extension: .happydayzz
Ransom Note: How To Recover Encrypted Files.hta
Email: happydayz@india.com
Examples of encrypted files:
rg7NM6UunexeWIsYtbJBRM.happydayzz
mKCX9v4Cv1qT0Q3JoeQlLw.happydayzz
FiHsMKD11BWhz02w5QQ25g.happydayzz
1bO01x-m-a8mU2-nea9sc5nspuRsTN5UoU6JKptCEUU.happydayzz
qKOU0HzYmu33+EAQBfjpqD+C+TeMAXU7jHdE30a-Ix0.happydayzz

 

This is not Globe, this is new.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 josevm

josevm

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 20 March 2017 - 08:32 PM

I have this ransomware and I do not know how to recover my documents. Already try with several decryptors but none fixes it. If you know any way to tell me. Thank you



#5 Amigo-A

Amigo-A

  • Members
  • 220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:10:37 PM

Posted 23 March 2017 - 01:21 PM

josevm

You can not just try different decryption tools.

First, you need to create a reserve copy of the encrypted files. Otherwise, the files may be damaged.


Edited by Amigo-A, 23 March 2017 - 01:21 PM.

Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:37 PM

Posted 23 March 2017 - 05:28 PM

Yes...before attempting any decryption when a decrypter is available, it is recommended to back up the original encrypted files first and perform a test decryption on sample copies of the encrypted files in case something goes awry. If the files become damaged or corrupted, you will have a back up to try again. If in an enterprise environment, disconnect from the network first. There is no way of knowing what kind of decryption program the criminals are sending you...if it will work or if it may be coded with additional malware.
 


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 josevm

josevm

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 23 March 2017 - 05:51 PM

If all the tests I did with each descriptor I did with copies of some documents. I'm taking all possible precaution.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:37 PM

Posted 23 March 2017 - 06:05 PM

When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 josevm

josevm

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 23 March 2017 - 06:23 PM

thank you very much


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:37 PM

Posted 23 March 2017 - 06:23 PM

You're welcome.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users