Hairysquid Ransomware is a Mimic Variant Targeting Your Important Files

Hairysquid is a type of ransomware that encrypts files and changes their file names by appending the ".Hairysquid" extension.

It's a new variant of the Mimic ransomware and also generates a ransom note called "READ_ME_DECRYPTION_HAIRYSQUID.txt". This ransom note informs victims that all their files have been encrypted and they can pay for their decryption.

The attackers give victims a chance to verify that they can decrypt their files before payment by asking them to send their unique ID and a maximum of three files for test decryption. The ransom note provides various contact options, such as TOX messenger, ICQ messenger, Skype, and email. Once the payment is made, the attackers promise to send the decryption program and instructions to the victims. For instance, "1.jpg" is changed to "1.jpg.Hairysquid" and "2.png" is changed to "2.pngHairysquid".

Hairysquid Uses Massive Ransom Note

The full text of the Hairysquid ransom note goes as follows:

Hi!
All your files have been encrypted with Our virus.
Your unique ID: -

You can buy fully decryption of your files
But before you pay, you can make sure that we can really decrypt any of your files.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.

To do this:
1) Send your unique id - and max 3 files for test decryption
OUR CONTACTS
1.1)TOX messenger (fast and anonimous)
hxxps://tox.chat/download.html
Install qtox
press sing up
create your own name
Press plus
Put there my tox ID
95CC6600931403C55E64134375095128F18EDA09B4A74B9F1906C1A4124FE82E4428D42A6C65
And add me/write message
1.2)ICQ Messenger
ICQ live chat which works 24/7 - @Hairysquid
Install ICQ software on your PC here hxxps://icq.com/windows/ or on your smartphone search for "ICQ" in Appstore / Google market
Write to our ICQ @Hairysquid hxxps://icq.im/Hairysquid
1.3)Skype
Hairysquid Decryption
1.4)Mail (write only in critical situations bcs your email may not be delivered or get in spam)

  • Hairysquid@onionmail.org

In subject line please write your decryption ID: -

2) After decryption, we will send you the decrypted files and a unique bitcoin wallet for payment.
3) After payment ransom for Bitcoin, we will send you a decryption program and instructions. If we can decrypt your files, we have no reason to deceive you after payment.

FAQ:
Can I get a discount?
No. The ransom amount is calculated based on the number of encrypted office files and discounts are not provided. All such messages will be automatically ignored. If you really only want some of the files, zip them and upload them somewhere. We will decode them for free as proof.
What is Bitcoin?
read bitcoin.org
Where to buy bitcoins?
hxxps://www.alfa.cash/buy-crypto-with-credit-card (fastest way)
buy.coingate.com
hxxps://bitcoin.org/en/buy
hxxps://buy.moonpay.io
binance.com
or use google.com to find information where to buy it
Where is the guarantee that I will receive my files back?
The very fact that we can decrypt your random files is a guarantee. It makes no sense for us to deceive you.
How quickly will I receive the key and decryption program after payment?
As a rule, during 15 min
How does the decryption program work?
It's simple. You need to run our software. The program will automatically decrypt all encrypted files on your HDD.

How Can Hairysquid or Other Similar Ransomware Variants Infect Your System?

There are several ways that Hairysquid or other similar ransomware variants can infect a system. One of the most common methods is through phishing emails that contain malicious attachments or links. These emails are designed to look like legitimate messages from a trusted source, such as a bank or other financial institution, but actually contain malware that can infect the system when opened.

Another way ransomware can infect a system is through exploit kits, which are malicious programs that take advantage of vulnerabilities in software or web browsers. These kits can be embedded in compromised websites or distributed through malvertising campaigns, where attackers use malicious ads to redirect users to infected sites.

Ransomware can also be spread through social engineering tactics, such as through fake software updates or downloads that trick users into downloading and installing malware. Once installed, ransomware can quickly spread throughout the system, encrypting files and demanding payment for their decryption.

To protect against ransomware and other malware, it is essential to maintain strong security measures, such as keeping software and operating systems up to date, using antivirus software, and being cautious when opening emails or downloading files from unknown sources. Backing up important files regularly to an external drive or cloud-based storage can also help minimize the impact of a ransomware attack.

By Zaib
March 29, 2023
Ransomware
English
March 29, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

scytaleSECC Ransomware Encrypts Important Files

The scytaleSECC ransomware is a malicious software that encrypts files and changes their names by adding the ".scytaleSECC" extension. This malware demands payment in Bitcoin for the decryption of affected files. The... Read more

February 7, 2023
Ransomware

Paradise Ransomware Resurfaces with the Iskaluz Ransomware Variant

Ransomware attacks almost always have devastating consequences for their victims. The best way to make sure that you will not be the next user targeted by such an attack is to invest in a reputable antivirus tool that... Read more

February 11, 2022
Ransomware

Snick Ransomware Encrypts Several Files

Snick Ransomware is a dangerous malware threat that comes from the Makop family of malware threats. The actions of Snick Ransomware start with seeking out certain files, encrypting them, and then appending the .snick... Read more

March 3, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.