Honkai Ransomware is a New Paradise Clone Looking for Files On Your PC to Encrypt

During a review of new entries on threat databases, we stumbled upon the Honkai ransomware, which belongs to the Paradise ransomware family. Upon conducting a test run of the Honkai ransomware, it was found that the malware encrypted files and altered their names.

The original file names were supplemented with a special identifier assigned to the victim, the cybercriminals' email address, and a ".honkai" extension. For instance, a file named "1.jpg" would appear as "1.jpg[id-f48tSVGB].[main@paradisenewgenshinimpact.top].honkai".

Following that, the ransomware dropped a ransom note labeled "#DECRYPT MY FILES#.html" onto the desktop. This message stated that the victim's files had been encrypted and that they would have to pay an undisclosed sum, which would increase if they delayed contacting the cybercriminals. Payment was to be made in Bitcoin cryptocurrency. However, the victims were allowed to test the decryption process on three files (under specific conditions) before paying.

The note ended with warnings, informing the victim that any attempts to rename the encrypted files, use third-party decryption tools, run anti-virus software, or remove the ransomware would lead to permanent data loss. The message also stated that the decryption keys from other victims would not work, as each ransomware attack employs unique encryption keys.

The Honkai ransom demands

The full ransom note generated by the Honkai ransomware reads as follows:

Your files are encrypted!
Paradise Ransomware Team!

Your personal ID

Your personal KEY

WHAT HAPPENED!
Your important files produced on this computer have been encrypted due a security problem.
If you want to restore them, write to us by email.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

FREE DECRYPTION AS GUARANTEE!
Before payment you can send us 1-3 files for free decryption.
Please note that files must NOT contain valuable information.
The file size should not exceed 1MB.
As evidence, we can decrypt one file

HOW TO OBTAIN BITCOINS!
Our Bitcoin Address: 392vKrpVxMF7Ld55TXyXpJ1FUE8dgKhFiv
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price
hxxps://localbitcoins.com/buy_bitcoins/
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
write to Google how to buy Bitcoin in your country?

Contact!
e-mail:
main@paradisenewgenshinimpact.top
or
e-mail:
main@paradisenewgenshinimpact.top

Attention!
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
You are guaranteed to get the decryptor after payment
As evidence, we can decrypt one file
Do not attempt to use the antivirus or uninstall the program
This will lead to your data loss and unrecoverable
Decoders of other users is not suitable to decrypt your files - encryption key is unique

What is the best way to protect your files and data from ransomware attacks?

The best way to protect your files and data from ransomware attacks is to follow these steps:

  • Keep software and operating systems up-to-date with the latest security patches.
  • Use anti-virus software and keep it updated.
  • Back up important data regularly on an external hard drive or cloud storage, and keep it offline.
  • Be cautious when opening emails, especially those from unknown or suspicious senders. Do not open attachments or click on links from these sources.
  • Avoid downloading software and files from untrusted websites and peer-to-peer networks.
  • Enable user account control (UAC) on Windows systems to prevent unauthorized changes.
  • Limit user permissions and disable macros in Office files.
  • Disable Remote Desktop Protocol (RDP) unless necessary and ensure strong passwords are used.

Why can’t you restore your files if you become a victim of a ransomware similar to Honkai? don’t use bullets

If you become a victim of a ransomware similar to Honkai, you may not be able to restore your files for several reasons. Firstly, the malware encrypts your files and changes their names, making it difficult for you to access them. Secondly, the cyber criminals behind the attack usually demand a ransom payment in exchange for the decryption keys, which are necessary to restore your files.

However, there is no guarantee that you will receive the decryption keys even after paying the ransom. Additionally, the ransom note usually warns that attempting to restore the files using third-party decryption tools, running anti-virus software, or removing the malware will result in permanent data loss. This is because each attack employs unique encryption keys, which makes it difficult to restore the files without the decryption keys. Therefore, it is crucial to follow best practices for protecting your data and files to minimize the risk of falling victim to a ransomware attack.

By Zaib
February 2, 2023
Ransomware
English
February 2, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

TMS5 Ransomware Expands Matrix Clone Family to Encrypt Files

TMS5 is the name of a new ransomware variant. The new clone belongs to the Matrix family of clones. The ransomware behaves a little differently from most other popular strains. While it will still encrypt databases,... Read more

November 17, 2022
Ransomware

Zeus Ransomware is a New Chaos Clone Designed to Encrypt Files

A new variant of the Chaos ransomware has been spotted in the wild by researchers. The latest clone is called the Zeus ransomware. Zeus does what you would expect ransomware to do - it will encrypt nearly every file... Read more

November 8, 2022
Ransomware

OnlyFans Ransomware Pretends to Encrypt Files

The OnlyFans Ransomware is a piece of malware that pretends to be a fully-fledged file-encryption Trojan that possesses the ability to encrypt the files of its victims. However, the criminals also pretend to be part... Read more

April 15, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.