Tech support

Hakbit ransomware – Ransomware help and technical support


All files encrypted with a newer version Hakbit (Thanos) the variants will have a IDENTIFIER-[].[] extension tracking as explained here through Amigo-A (Andrew Ivanov). These are just a few examples.

.[ID-DE792266].[[email protected]].CRYSTAL
.[ID-215CFE80].[[email protected]].VIPxxx
.[ID-9C759153].[[email protected]].noname
.[ID-6CBD7A2B].[[email protected]].HELPME

Hakbit (Thanos) Ransomware usually leave files (ransom notes) appointed HELP_ME_RECOVER_MY_FILES.txt, READ THIS !!!!. Txt, HELP_ME_MY_FILES_NOT_MAKE_PUBLIC.txt, HELP_ME_RECOVER_MY_FILES.txt, HAKFILE_FOR_ACCESS_TO_YOUR_FILES_NOT_MAKE_PUBLIC.txt, HELP_ME_RECOVER_MY_FILES.txt, HAKFILE_FOR_ACCESS_TO_YOUR_FILES_NOT_MAKE_PUBLIC.txt, HELP_ME_RECOVER_MY_FILES. txt, HAKFILE_FOR_ACCESS_TO_YOUR_FILES_DEC.txt, RESTORE_FILES_INFO.txt, RESTORE_FILES_INFO.hta, Decrypt_info.txt.

Unfortunately there is no known method that I know to decrypt files encrypted by Hakbit (Thanos) Ransomware without paying the ransom and getting the private encryption keys of the criminals who created the ransomware unless it is disclosed or seized and released by authorities. Without the criminal’s master private key which can be used to decrypt your files, decryption is impossible. This usually means that the private key is unique (specific) for each victim and securely generated (i.e. RSA, AES, Salsa20, ChaCha20, ECDH, ECC) which it’s not possible brutally forced… the public key alone that encrypts the files is unnecessary for decryption.

There is an ongoing discussion on this topic where victims can post comments, ask questions, and request further help. Other victims were invited there to share information, experiences and suggestions.

Rather than having everyone with individual topics, it would be better (and more manageable for staff) if you posted any other questions, comments, or support requests in the support topic above discussion … it includes experiences from experts, IT consultants, victims and business representatives who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thank you
British Columbia staff