The Hakbit ransomware targets businesses and encrypts its victim's files using AES-256.
The malware may also pretend to be one of the following processes at random to evade suspicion: lsass.exe, svchst.exe, crcss.exe, chrome32.exe, firefox.exe, calc.exe, mysqld.exe, dllhst.exe, opera32.exe, memop.exe, spoolcv.exe, ctfmom.exe, or SkypeApp.exe.
The ransom note "HELP_ME_RECOVER_MY_FILES.txt" contains the following text:
Atention! all your important files were encrypted! to get your files back send 300 USD worth in Bitcoins and contact us with proof of payment and your Unique Identifier Key. We will send you a decryption tool with your personal decryption password. Where can you buy Bitcoins: https://www.coinbase.com https://localbitcoins.com Contact: [email protected] Bitcoin wallet to make the transfer to is: 12grtxACJZkgT2nGAvMesgoM4ADHJ6NTaW Unique Identifier Key (must be sent to us together with proof of payment): Number of files that you could have potentially lost forever can be as high as: 3396