HakunaMatata is a ransomware spreading via email spam. It starts encrypting user files as soon as it is launched on the computer. It comes from the Nmoreia ransomware and can be called Nmoreira 2.0.
Once the files are encrypted using AES-256 and RSA-2048 algorithms the original files are deleted while the encrypted ones start bearing a ".HakunaMatata" extension (hence the name).
It is known to delete the shadow copies in order to make file recovery harder. It uses the following commands upon launch:
cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet vssadmin.exe
Delete Shadows /All /Quiet
HakunaMatata does not ask for a specific amount of money. Instead, it provides a BitMessage link which is used to contact the malware creators.
Files associated with this ransomware:
- Recovers files yako.html