Hairysquid Ransomware is a Mimic Variant Targeting Your Important Files

Hairysquid is a type of ransomware that encrypts files and changes their file names by appending the ".Hairysquid" extension.

It's a new variant of the Mimic ransomware and also generates a ransom note called "READ_ME_DECRYPTION_HAIRYSQUID.txt". This ransom note informs victims that all their files have been encrypted and they can pay for their decryption.

The attackers give victims a chance to verify that they can decrypt their files before payment by asking them to send their unique ID and a maximum of three files for test decryption. The ransom note provides various contact options, such as TOX messenger, ICQ messenger, Skype, and email. Once the payment is made, the attackers promise to send the decryption program and instructions to the victims. For instance, "1.jpg" is changed to "1.jpg.Hairysquid" and "2.png" is changed to "2.pngHairysquid".

Hairysquid Uses Massive Ransom Note

The full text of the Hairysquid ransom note goes as follows:

All your files have been encrypted with Our virus.
Your unique ID: -

You can buy fully decryption of your files
But before you pay, you can make sure that we can really decrypt any of your files.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.

To do this:
1) Send your unique id - and max 3 files for test decryption
1.1)TOX messenger (fast and anonimous)
Install qtox
press sing up
create your own name
Press plus
Put there my tox ID
And add me/write message
1.2)ICQ Messenger
ICQ live chat which works 24/7 - @Hairysquid
Install ICQ software on your PC here hxxps:// or on your smartphone search for "ICQ" in Appstore / Google market
Write to our ICQ @Hairysquid hxxps://
Hairysquid Decryption
1.4)Mail (write only in critical situations bcs your email may not be delivered or get in spam)


In subject line please write your decryption ID: -

2) After decryption, we will send you the decrypted files and a unique bitcoin wallet for payment.
3) After payment ransom for Bitcoin, we will send you a decryption program and instructions. If we can decrypt your files, we have no reason to deceive you after payment.

Can I get a discount?
No. The ransom amount is calculated based on the number of encrypted office files and discounts are not provided. All such messages will be automatically ignored. If you really only want some of the files, zip them and upload them somewhere. We will decode them for free as proof.
What is Bitcoin?
Where to buy bitcoins?
hxxps:// (fastest way)
or use to find information where to buy it
Where is the guarantee that I will receive my files back?
The very fact that we can decrypt your random files is a guarantee. It makes no sense for us to deceive you.
How quickly will I receive the key and decryption program after payment?
As a rule, during 15 min
How does the decryption program work?
It's simple. You need to run our software. The program will automatically decrypt all encrypted files on your HDD.

How Can Hairysquid or Other Similar Ransomware Variants Infect Your System?

There are several ways that Hairysquid or other similar ransomware variants can infect a system. One of the most common methods is through phishing emails that contain malicious attachments or links. These emails are designed to look like legitimate messages from a trusted source, such as a bank or other financial institution, but actually contain malware that can infect the system when opened.

Another way ransomware can infect a system is through exploit kits, which are malicious programs that take advantage of vulnerabilities in software or web browsers. These kits can be embedded in compromised websites or distributed through malvertising campaigns, where attackers use malicious ads to redirect users to infected sites.

Ransomware can also be spread through social engineering tactics, such as through fake software updates or downloads that trick users into downloading and installing malware. Once installed, ransomware can quickly spread throughout the system, encrypting files and demanding payment for their decryption.

To protect against ransomware and other malware, it is essential to maintain strong security measures, such as keeping software and operating systems up to date, using antivirus software, and being cautious when opening emails or downloading files from unknown sources. Backing up important files regularly to an external drive or cloud-based storage can also help minimize the impact of a ransomware attack.

March 29, 2023

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.